All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Microsoft warns poisoned MCP tool descriptions can hijack AI agents to steal data

By

CybersecurityNews

4d ago· 1 min readenNews

Summary

Microsoft research has revealed a security vulnerability where attackers can poison MCP (Model Context Protocol) tool descriptions to hijack AI agents and exfiltrate company data without triggering alarms. The report specifically warns about risks in Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry as these agents gain real-world permissions. Organizations are advised to treat connected tools as supply-chain risks and tightly control agent capabilities.

Source

bskyMicrosoft warns poisoned MCP tool descriptions can hijack AI agents to steal datahendryadrian.com

Key quotes

· 3 pulled
Microsoft research shows that attackers can poison MCP tool descriptions to hijack AI agents and quietly exfiltrate company data without triggering obvious alarms.
The report warns that as agents in Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry gain real-world permissions, organizations must treat connected tools as supply-chain risks and tightly control what those agents can do.
Attackers can hide malicious instructions inside MCP tool descriptions.
Snippet from the RSS feed
Microsoft research shows that attackers can poison MCP tool descriptions to hijack AI agents and quietly exfiltrate company data without triggering obvious alarms. The report warns that as agents in Microsoft 365 Copilot, Copilot Studio, an...

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.