◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

Tool poisoning (MCP / agentic pipelines)

Definition
An attack where malicious instructions or payloads are hidden inside the descriptions, outputs, or configuration of a tool that an AI agent is designed to trust and use. When the agent calls that tool, it unknowingly executes the attacker's commands—redirecting traffic, leaking secrets, or taking destructive actions.
Why it matters
As AI agents are connected to more business tools through the Model Context Protocol and similar frameworks, tool poisoning becomes a scalable way for attackers to hijack entire automated workflows without ever touching the AI model itself. A single poisoned tool can cascade across every agent that trusts it.
Demonstrated by recent findings
OpenClaw MCP Server Leaks Operator Custom Headers to Attacker-Controlled Redirects (CVE-2026-53840)Cloud Security Alliance: '7 MCP Risks CISOs Should Consider and How to Prepare' — Authoritative Practitioner Guidance on Model Context Protocol SecurityAgentjacking: Sentry MCP Integration Weaponised to Execute Arbitrary Code on Developer Machines via Injected Error EventsGoogle Publishes WebMCP Agent Security Guidance — Malicious Manifests and Contaminated Tool Outputs as Primary Attack Vectors with Deterministic and Probabilistic CountermeasuresWebMCP Mid-Session Tool Injection (MSTI) — Third-Party Scripts Can Hijack or Frame Agent Tools During Live Sessions via WebMCP Protocol
References
CSA: 7 MCP Risks CISOs Should ConsiderGoogle WebMCP Agent Security Guidance
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →