MCP安全通知:工具中毒攻击
Update Apr 7: We have released a follow-up blog post about a practical MCP attack, exfiltrating sensitive WhatsApp chat histories via MCP. Read it here →.
更新 4 月 7 日: 我们发布了一篇关于 实际 MCP 攻击,通过 MCP 外泄敏感 WhatsApp 聊天记录 的后续博客文章。 在这里阅读 →.
Update Apr 11: We have released a security scanning tool for MCP:
更新于4月11日: 我们发布了一个用于MCP的安全扫描工具:
MCP-Scan: A security scanner for MCP servers. Learn More →
MCP-Scan: MCP 服务器的安全扫描器。 了解更多 →
Invariant has discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for what we term Tool Poisoning Attacks. This vulnerability can lead to sensitive data exfiltration and unauthorized actions by AI models. We explain the attack vector, its implications, and mitigation strategies. We urge users to exercise caution when connecting to third-party MCP servers and to implement security measures to protect sensitive information.
Invariant 发现了模型上下文协议 (MCP) 中的一个关键漏洞,允许我们称之为 工具中毒攻击。此漏洞可能导致敏感数据外泄和 AI 模型的未经授权操作。我们解释了攻击向量、其影响及缓解策略。我们敦促用户在连接到第三方 MCP 服务器时保持谨慎,并实施安全措施以保护敏感信息。
Our experiments show that a malicious server cannot only exfiltrate sensitive data from the user but also hijack the agent's behavior and override instructions provided by other, trusted servers, leading to a complete compromise of the agent's functionality, even with respect to trusted infrastructure.
我们的实验表明,恶意服务器不仅可以从用户那里提取敏感数据,还可以劫持代理的行为并覆盖其他受信任服务器提供的指令,从而导致代理功能的完全妥协,即使是针对受信任的基础设施。
The Model Context Protocol
模型上下文协议
The Model Context Protocol (MCP) has been taking over the AI agent landscape, allowing users to connect agentic systems with new tools and data sources. MCP enables users to add new tools and capabilities into agentic systems, using a plugin-like architecture based on MCP servers. Workflow automation services like Zapier report millions of requests processed through their endpoints, and the MCP ecosystem is rapidly growing.
模型上下文协议 (MCP) 正在接管 AI 代理的领域,使用户能够将代理系统与新工具和数据源连接起来。MCP 使用户能够将新工具和功能添加到代理系统中,使用基于 MCP 服务器的插件式架构。工作流自动化服务如 Zapier 报告称通过其端点处理了 数百万个请求,而 MCP 生态系统正在快速增长。
However, our security team h...