https://github.com/wbfoss/mcp-poisoning-poc
This repository demonstrates a variety of **MCP Poisoning Attacks** affecting real-world AI agent workflows.
https://github.com/wbfoss/mcp-poisoning-poc
agentic-ai agenticworkflow aisecurity cybersecurity llm mcp mcp-server mcpe-server
Last synced: about 1 year ago
JSON representation
This repository demonstrates a variety of **MCP Poisoning Attacks** affecting real-world AI agent workflows.
- Host: GitHub
- URL: https://github.com/wbfoss/mcp-poisoning-poc
- Owner: wbfoss
- License: other
- Created: 2025-04-02T07:31:38.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-04-02T07:37:41.000Z (about 1 year ago)
- Last Synced: 2025-04-02T08:29:18.163Z (about 1 year ago)
- Topics: agentic-ai, agenticworkflow, aisecurity, cybersecurity, llm, mcp, mcp-server, mcpe-server
- Language: Python
- Homepage:
- Size: 0 Bytes
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# MCP Poisoning Attack - PoC
This repository demonstrates a variety of **MCP Poisoning Attacks** affecting real-world AI agent workflows.
## ✅ Covered Scenarios
- Code Generation Poisoning
- Financial Report Exfiltration
- Competitor Analysis Data Leak
- Meeting Transcript Leaks
- Code Review Exfiltration
- Cross-Server Shadowing Attack
## ⚡ Setup
```bash
pip install -r requirements.txt
```
## 💥 Running the PoC
1️⃣ Start the fake MCP server:
```bash
python fake_mcp_server.py
```
2️⃣ In another terminal, run the agent simulation:
```bash
python agent_poc.py
```
## ☠️ Impact
- Silent data exfiltration
- Cross-tool hijacking
- No visible clue to the user
## License
Apache 2.0 - For educational and research use only.