logo

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

ID: 740a139f-c653-5f03-b059-12b29982b381

STIX ID: report--740a139f-c653-5f03-b059-12b29982b381

Feed Name: The Hacker News

Threat Score
78/100

Date Published: 2026-06-30

Date Updated: 2026-07-01

Author: [email protected] (The Hacker News)

...
...

Microsoft research and related work show that attackers can poison the plain-text descriptions of MCP tools so AI agents acting on users’ behalf will perform legitimate-looking actions that exfiltrate data; proofs-of-concept, a benchmark (MCPTox) with high success rates, and a real-world malicious npm package demonstrate the technique and its supply-chain scope, and the report outlines mitigation steps such as treating tool descriptions like system prompts, restricting allowed tools, human approval for risky actions, and logging agent behavior.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.