Microsoft warns poisoned MCP tool descriptions can hijack AI agents to steal data
By
CybersecurityNews
Summary
Microsoft research has revealed a security vulnerability where attackers can poison MCP (Model Context Protocol) tool descriptions to hijack AI agents and exfiltrate company data without triggering alarms. The report specifically warns about risks in Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry as these agents gain real-world permissions. Organizations are advised to treat connected tools as supply-chain risks and tightly control agent capabilities.
Source
bskyMicrosoft warns poisoned MCP tool descriptions can hijack AI agents to steal datahendryadrian.comKey quotes
· 3 pulledMicrosoft research shows that attackers can poison MCP tool descriptions to hijack AI agents and quietly exfiltrate company data without triggering obvious alarms.
The report warns that as agents in Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry gain real-world permissions, organizations must treat connected tools as supply-chain risks and tightly control what those agents can do.
Attackers can hide malicious instructions inside MCP tool descriptions.
You might also wanna read
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
Security Risks and Vulnerabilities in Anthropic's Model Context Protocol (MCP)
The article examines security risks and vulnerabilities in Anthropic's Model Context Protocol (MCP), which enables AI systems to connect to
hiddenlayer.com·7mo agoMicrosoft Copilot Cowork Vulnerability Enables File Exfiltration via Indirect Prompt Injection
This article demonstrates a security vulnerability in Microsoft Copilot Cowork, a Microsoft 365 feature. Through indirect prompt injection i
promptarmor.com·1mo agoUnderstanding the Model Context Protocol (MCP) and Tool Poisoning Attack (TPA)
The article discusses the Model Context Protocol (MCP) from Anthropic, which allows developers to integrate real-world functionality into la
Microsoft Copilot Cowork Vulnerability Enables File Exfiltration via Prompt Injection
Microsoft Copilot Cowork has a vulnerability that allows attackers to exfiltrate files through indirect prompt injection attacks. The exploi
AI Coding Agent Security: Prompt Injection Attacks and Vulnerabilities
The article discusses critical security vulnerabilities in AI coding agents, specifically focusing on prompt injection attacks. It details r

Comments
Sign in to join the conversation.
No comments yet. Be the first.