← Back to glossary
Glossary

Tool Substitution Attack

Reviewed 9 April 2026 Canonical definition

A tool substitution attack replaces a legitimate MCP server or tool with a malicious one that mimics the expected interface but performs additional harmful actions — such as exfiltrating data, logging credentials, or injecting instructions into responses. It exploits agents that authenticate to tool endpoints by name or URL rather than by cryptographic identity, making robust server authentication essential.

Related articles

Product releases 5 Questions Every CISO Should Ask Before Deploying AI Agents Security How to Analyze Multi-Agent AI Attack Surfaces MCP Best CI/CD Tools for MCP Integration

Related terms

Tool ChainTool PoisoningTool RegistryTool Use (Function Calling)Total Cost of Ownership (AI)Toxicity Detection