SourcesUnit42: MCP Sampling Attack Vectors (Resource Theft, Hijacking)Unit42 Palo Alto·high signalThree critical MCP sampling attacks: resource theft, conversation hijacking, covert tool invocation. Zero built-in security controls.SourceSource pageUnit42 Palo Alto↳ Follow the threadShared entity / Stack layerNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizShared entity / Policy dependencyRoots, Sampling, and Logging are deprecated — new capabilities now ship as opt-in extensionsModel Context Protocol BlogShared entity / Stack layerMCP-Grounded Agent Pipeline Converts Legacy Docs to NIST OSCAL for Continuous CompliancearXivShared entity / Stack layerClaude Code v2.1.203 and v2.1.204 Add Login-Expiry Warnings and Fix Headless Hook StreamingClaude Code DocsShared entity / Stack layerMeniga Launches 'Fini,' an MCP Server Bringing Agentic AI Into BanksFinovateThreat pattern / Follow-up threadClawHavoc campaign plants 300+ malicious skills on a single marketplace to run infostealersUnit 42 (Palo Alto Networks)Policy dependency / Stack layerKastra Launches Policy Enforcement for Claude Code, Cursor, and CodexHacker NewsPolicy dependency / Stack layerStrict data-flow tracking is the only defense that zeroes out ADI — spend its utility cost only on code execution and moneyarXiv 2607.05120