AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

MCP: Untrusted Servers and Confused Clients, Plus a Sneaky Exploit

infonewsLLM-Specific

securityresearch

Source: Embrace The RedMay 2, 2025

Summary

The Model Context Protocol (MCP) is a system that lets AI applications discover and use external tools from servers at runtime (while the program is running). However, MCP has a security weakness: because servers can send instructions through the tool descriptions, they can perform prompt injection (tricking an AI by hiding instructions in its input) to control the AI client, making servers more powerful than they should be.

Classification

Attack Type

Prompt Injection

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedAgent

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 75%