{"data":{"id":"97448233-ff11-4f33-9127-4900e0d1ef57","title":"Securing AI agents: When AI tools move from reading to acting","summary":"As AI agents expand from simply reading and summarizing content to taking real-world actions like sending emails or updating records, they become targets for a new type of attack called MCP tool poisoning (where attackers modify the instructions embedded in tool descriptions to trick agents into unintended actions). Microsoft describes how attackers can silently alter the natural-language metadata that tells an agent how to use a tool, and if configuration doesn't require re-approval when descriptions change, the poisoned instructions go live in production without detection.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://www.microsoft.com/en-us/security/blog/2026/06/30/securing-ai-agents-ai-tools-move-from-reading-acting/","publishedAt":"2026-06-30T15:57:11.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","Microsoft 365 Copilot","Copilot Studio","Azure AI Foundry","Invariant Labs"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-30T15:57:11.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}