Research
ShareLock: A Stealthy Multi-Tool Threshold Poisoning Attack Against MCP Servers
Researchers introduce ShareLock, a Tool Poisoning Attack against Model Context Protocol that splits a malicious prompt across multiple MCP tools so no single tool description looks suspicious to manual inspection. This defeats the monolithic plaintext-embedding paradigm of prior poisoning schemes, which a reviewer could catch by reading one tool. For anyone wiring agents to MCP servers, it argues that per-tool review is insufficient — the attack surface is the combination of tools, not each one in isolation.
↳ Follow the thread