Definition
A technique where an attacker tricks an AI agent or the server it connects to into following a redirect to an attacker-controlled address, causing the agent to send along sensitive request headers—such as authentication tokens or API keys—that it was only supposed to send to the legitimate service.
Why it matters
AI agents authenticate to tools and data sources using tokens that may grant broad organisational access. A single redirect vulnerability in an MCP server can silently harvest every credential the agent carries, giving the attacker a foothold into the broader enterprise environment.