FILTERING BY: CLEAR FILTER

Microsoft: Goal Hijacking and Zero-Click RCE via Poisoned MCP Tool Descriptions

Microsoft's AI Red Team and Lakera AI have identified a critical vulnerability in agentic AI systems utilizing the Model Context Protocol (MCP). Adversaries can poison the natural language descriptions of MCP tools to deceive AI agents into "Goal Hijacking," redirecting the agent from its intended objective to attacker-defined tasks. This vulnerability enables zero-click exploit chains where agents autonomously execute malicious actions, including remote code execution (RCE) in agentic IDEs and unauthorized data exfiltration, without requiring user interaction beyond the agent's initial deployment. This mechanism effectively bypasses traditional human-in-the-loop safeguards by exploiting the agent's inherent trust in tool metadata.


LINK COPIED TO CLIPBOARD