MCP.so
登录

MCP Poisoning Attack - PoC

@wbfoss

关于 MCP Poisoning Attack - PoC

This repository demonstrates a variety of **MCP Poisoning Attacks** affecting real-world AI agent workflows.

基本信息

分类

其他

许可证

MIT

运行时

python

传输方式

stdio

发布者

wbfoss

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "mcp-poisoning-poc": {
      "command": "python",
      "args": [
        "-m",
        "venv",
        "venv"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is MCP Poisoning Attack - PoC?

MCP Poisoning Attack - PoC is a security research proof-of-concept by GenSecAI that demonstrates critical vulnerabilities in the Model Context Protocol (MCP), enabling attackers to exfiltrate data, hijack AI agent behavior, and override security controls through malicious tool descriptions. It is intended for security researchers, AI developers, and defenders seeking to understand and mitigate MCP tool poisoning attacks.

How to use MCP Poisoning Attack - PoC?

Clone the repository, create a Python virtual environment, install dependencies with pip install -r requirements.txt, then run python examples/basic_attack_demo.py. The code provides a MaliciousMCPServer class to simulate attacks and a SecureMCPClient with sanitization, validation, and monitoring for defense.

Key features of MCP Poisoning Attack - PoC

  • Demonstrates data exfiltration via hidden tool descriptions
  • Shows AI agent hijacking through prompt injection
  • Includes time‑delayed attack payloads
  • Provides sanitizer and validation defense framework
  • Cross‑tool contamination attack simulation
  • Ready‑to‑run examples and comprehensive test suite

Use cases of MCP Poisoning Attack - PoC

  • Security researchers evaluating MCP‑based AI agent vulnerabilities
  • Developers hardening MCP tool integrations against poisoning attacks
  • Red teams assessing risk of malicious MCP servers in their pipeline
  • Educators illustrating prompt injection and supply chain attacks in AI

FAQ from MCP Poisoning Attack - PoC

What is the primary purpose of this project?

This is a security research project by GenSecAI that demonstrates and defends against MCP tool poisoning vulnerabilities for educational and defensive use only.

What are the runtime requirements?

It requires Python 3.8+ and standard dependencies listed in requirements.txt. No external MCP server runtime is needed.

Is this project safe to use in production?

No; it contains attack code meant for controlled environments only. The README explicitly warns against malicious use and encourages defensive focus.

Where does the data live?

All code and data reside locally in the cloned repository; no external data is transmitted by default.

What attack vectors are shown?

The project covers data exfiltration, tool hijacking, instruction override, and delayed payloads — all exploiting MCP’s trust in tool descriptions.

评论

其他 分类下的更多 MCP 服务器