Anthropic MCP Flaws Expose AI to Secret-Leaking Hacks

Researchers have disclosed critical security flaws in Anthropic’s Model Context Protocol (MCP), highlighting the risk of stealthy exploitation in production environments. According to newly published findings, attackers can execute Full-Schema Poisoning attacks, injecting malicious logic into any schema field within MCP. This vulnerability enables adversaries to manipulate model behavior without detection during development or testing phases.

In addition, the research outlines Advanced Tool Poisoning techniques capable of coercing large language models into revealing sensitive information, including SSH keys. These methods are designed to evade safeguards and only activate under specific production conditions, raising concerns about their potential use in real-world deployments.

The full technical details and proof-of-concept (PoC) code have been made available in a public blog post, aiming to inform the cybersecurity community and prompt mitigations. The findings were shared on Reddit’s r/netsec forum, underscoring the increasing complexity of securing AI systems as their integration in enterprise environments deepens.