Monday, 13 July 2026

Black Hat Europe 2025 | Compromising The AI Agent Ecosystem Via Its "Universal Connector"

The Model Context Protocol (MCP) is being positioned as the "USB-C" for connecting AI to the physical world. In an 8-month investigation, we conducted the first large-scale security audit of this emerging ecosystem, analyzing over 1,000 MCP projects on GitHub. We identified more than 500 unique vulnerabilities, including critical Remote Code Execution (RCE) flaws impacting major clients like ChatGPT and Cursor. Our research uncovers three systemic attack surfaces across the MCP landscape: Protocol-Level Design Flaws: We are the first to demonstrate how to weaponize the new "Elicitation" feature, creating a full phishing-to-agent-hijacking exploit chain, and leveraging the protocol's inherent conflation of instruction and data to enable potent indirect prompt injections. Implementation Inconsistencies: We discovered that subtle yet exploitable differences in security assumptions and implementations across various language SDKs (Go, Python, Node.js) create cross-platform attack vectors. Ecosystem-Level Risks: From tool poisoning and cross-agent data exfiltration to complete takeover, attackers can silently control AI Agents, turning them into persistent backdoors without the user's knowledge. This talk will publicly disclose multiple real-world attack demonstrations, including exploits against official MCP servers. We will prove that MCP is the next major battleground for AI security. By: Cheng huangsheng | Security Researcher, Tencent Zhuque Lab Jing GUO | Security Researcher, Tencent Zhuque Lab WU Huiyu | Security Researcher, Tencent Zhuque Lab Sim Zheng | Security Researcher, Tencent Zhuque Lab https://ift.tt/Lu63qFe

source https://www.youtube.com/watch?v=fG36PSl_sgo

No comments:

Post a Comment