AI Agent Hijack Flaw Found in Anthropic’s MCP Protocol

A newly disclosed vulnerability in the Oat++ implementation of Anthropic’s Model Context Protocol (MCP) exposes AI agents to session hijacking, security researchers revealed. The flaw allows attackers to exploit predictable session IDs, enabling unauthorized access to ongoing conversations and effectively executing an AI Agent Hijack Flaw. The issue has been assigned CVE-2025-6515.

By capturing or forecasting session identifiers, malicious actors can infiltrate MCP sessions and inject prompts, potentially manipulating AI behavior or extracting sensitive data. The vulnerability impacts systems that rely on the affected Oat++ codebase to manage AI agent communication securely.

Experts warn that the AI Agent Hijack Flaw could undermine the integrity of applications that implement MCP, especially in environments where real-time data interaction is critical. Organizations using Oat++ for AI protocol handling are urged to assess their exposure and apply mitigation measures immediately.

Read the full report for detailed analysis and technical insights:
https://go.theregister.com/feed/www.theregister.com/2025/10/21/mcp_prompt_hijacking_attack/