◈ AI 安全情报 ← 全部术语
Attack  ·  术语库

Tool poisoning (MCP / agentic pipelines)

定义
一种攻击方式,其中恶意指令或负载被隐藏在AI代理被设计为信任和使用的工具的描述、输出或配置中。当代理调用该工具时,它会在不知情的情况下执行攻击者的命令——重定向流量、泄露机密或执行破坏性操作。
影响分析
随着AI代理通过Model Context Protocol和类似框架连接到更多业务工具,工具投毒成为攻击者劫持整个自动化工作流的可扩展方式,而无需接触AI模型本身。单个被投毒的工具可以级联影响每个信任它的代理。
近期相关发现
OpenClaw MCP Server Leaks Operator Custom Headers to Attacker-Controlled Redirects (CVE-2026-53840)Cloud Security Alliance: '7 MCP Risks CISOs Should Consider and How to Prepare' — Authoritative Practitioner Guidance on Model Context Protocol SecurityAgentjacking: Sentry MCP Integration Weaponised to Execute Arbitrary Code on Developer Machines via Injected Error EventsGoogle Publishes WebMCP Agent Security Guidance — Malicious Manifests and Contaminated Tool Outputs as Primary Attack Vectors with Deterministic and Probabilistic CountermeasuresWebMCP Mid-Session Tool Injection (MSTI) — Third-Party Scripts Can Hijack or Frame Agent Tools During Live Sessions via WebMCP Protocol
参考资料
CSA: 7 MCP Risks CISOs Should ConsiderGoogle WebMCP Agent Security Guidance
在实时动态中跟踪 了解这一概念在真实 AI 安全与治理事件中的体现。
打开动态 →