Paper

WebMCP Tool Surface Poisoning: Runtime Manipulation Attacks on LLM Agents

arXiv:2606.06387v1 Announce Type: new Abstract: WebMCP is a newly emerging protocol that enables websites to expose tools directly to AI agents, bypassing traditional user interfaces and introducing new security risks. The dynamic exposure of agent-accessible tools in WebMCP expands the attack surface of web sessions, especially when third-party scripts are involved. In this study, we identify a new potential threat, termed Mid-Session Tool Injection (MSTI), in which attackers leverage third-party scripts to inject malicious tools during an active session. To better characterize this threat,…

Authors:

Related discussions