How to Attack an MCP Server — and Why Your AI Agent Will Comply
How to Attack an MCP Server — and Why Your AI Agent Will Comply MCP (Model Context Protocol) is fast becoming the standard for connecting AI agents to tools and services. Claude uses it. Cursor uses it. Every major AI development environment is adopting it. And most MCP servers deployed today have critical security vulnerabilities that no existing scanner catches. I built a deliberately vulnerable MCP server, attacked it three different ways, and built a scanner to detect all of them. Here's what I found. What is MCP? MCP is a JSON-RPC protocol that lets AI agents discover and call tools. The flow looks like this: Agent connects to MCP server Agent calls tools/list → server returns tool definitions (name, description, input schema) Agent passes tool definitions to the LLM LLM decides which tool to call based on the descriptions Agent calls tools/call → server executes and returns result The critical step is 3 . Tool descriptions go directly into the LLM's context window. That's the att
Continue reading on Dev.to
Opens in a new tab
