THREATOPS
THREAT OPSThreat News › MCP: Untrusted Servers and Confused Clients, Plus a Sneaky Exploit

MCP: Untrusted Servers and Confused Clients, Plus a Sneaky Exploit

infoembracetheredPublished 2025-05-02

<p>The <code>Model Context Protocol</code> (MCP) is a protocol definition for how LLM apps/agents can leverage external tools. I have been calling it <code>Model Control Protocol</code> at times, because due to prompt injection, MCP tool servers control the client basically.</p> <p>This post will explain in detail why that is, and I will also share a novel exploit chain.</p> <h2 id="why-mcp---how-

Original source: https://embracethered.com/blog/posts/2025/model-context-protocol-security-risks-and-exploits/