← Back to glossary
Glossary

MCP Poisoning

Reviewed 9 April 2026 Canonical definition

MCP poisoning is an attack where a malicious MCP server embeds hidden instructions inside tool descriptions, resource content, or prompt templates that manipulate a connected AI agent into taking unintended actions. Unlike direct prompt injection, MCP poisoning exploits the trust an agent places in server-provided metadata, making it difficult to detect without schema validation and content filtering at the gateway layer.

Related articles

Security How to Analyze Multi-Agent AI Attack Surfaces Security MAESTRO Framework: Threat Modeling for AI Agents MCP Where MCP Security Breaks: Common Attack Vectors and Prevention

Related terms

MCP ClientMCP GatewayMCP MarketplaceMCP Prompt TemplateMCP ResourceMCP Resource URI