Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm may fire. The work comes from Microsoft Incident Response and its

Posted from: Click here for the full article.

留言

此網誌的熱門文章

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware