ANUPPUR, India (GizTimes) — A new research paper called Invisible Threats from Model Context Protocol: Generating Stealthy Injection Payload via Tree-based Adaptive Search says that modern AI systems can be tricked through the tools they trust. These systems often use something called Model Context Protocol (MCP) to connect with external tools like APIs and databases. This helps them give better answers, but it also creates a risk. The study shows that attackers can hide harmful instructions inside tool responses, and the AI may follow them without the user knowing.
The main problem is that AI systems trust the data they get from these tools. Attackers take advantage of this by placing hidden instructions inside the tool’s output. This type of attack is called indirect prompt injection. Instead of attacking the user’s question, the attacker targets the tool’s response. Since the AI thinks the response is safe, it may act on those hidden instructions.
The research also explains a method called a stealthy update attack. In this case, a tool works normally at first and gains trust. Later, the attacker secretly changes it to include harmful content. The AI system continues using the tool without checking again, which makes the attack very hard to notice.
To test how serious this problem is, the researchers created a system called TIP. This system is designed to generate hidden attack messages that look natural and useful. It tries different versions, keeps the best ones, and improves them step by step. Because of this, the attack messages do not look suspicious and can easily pass through security checks.
The results are concerning. In systems without strong protection, these attacks worked more than 95% of the time. Even when security measures were used, the success rate was still above 50%. The study also found that these attacks can work across different AI models, which means the problem is not limited to one system.
The researchers also showed a real example using a fake weather tool. The tool gave correct weather updates but also added a hidden phishing link. The AI system shared that link with users as if it was safe. This shows how easily users can be misled.
The study warns that even a small number of successful attacks can cause harm if the AI system is used widely. Many attacks may also go unnoticed, giving attackers more chances to succeed.
The paper says that AI systems should not blindly trust external tools. It suggests checking tool responses carefully and improving security systems to detect unusual behavior. As AI becomes more common, fixing these issues will be important to keep users safe.
Link to the Original Research: Invisible Threats from Model Context Protocol: Generating Stealthy Injection Payload via Tree-based Adaptive Search
