Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Gaire, Shiva, Gyawali, Srijan, Mishra, Saroj, Niroula, Suman, Thakur, Dilip, Yadav, Umesh
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2512.08290
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866908708090413056
author Gaire, Shiva
Gyawali, Srijan
Mishra, Saroj
Niroula, Suman
Thakur, Dilip
Yadav, Umesh
author_facet Gaire, Shiva
Gyawali, Srijan
Mishra, Saroj
Niroula, Suman
Thakur, Dilip
Yadav, Umesh
contents The Model Context Protocol (MCP) has emerged as the de facto standard for connecting Large Language Models (LLMs) to external data and tools, effectively functioning as the "USB-C for Agentic AI." While this decoupling of context and execution solves critical interoperability challenges, it introduces a profound new threat landscape where the boundary between epistemic errors (hallucinations) and security breaches (unauthorized actions) dissolves. This Systematization of Knowledge (SoK) aims to provide a comprehensive taxonomy of risks in the MCP ecosystem, distinguishing between adversarial security threats (e.g., indirect prompt injection, tool poisoning) and epistemic safety hazards (e.g., alignment failures in distributed tool delegation). We analyze the structural vulnerabilities of MCP primitives, specifically Resources, Prompts, and Tools, and demonstrate how "context" can be weaponized to trigger unauthorized operations in multi-agent environments. Furthermore, we survey state-of-the-art defenses, ranging from cryptographic provenance (ETDI) to runtime intent verification, and conclude with a roadmap for securing the transition from conversational chatbots to autonomous agentic operating systems.
format Preprint
id arxiv_https___arxiv_org_abs_2512_08290
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Systematization of Knowledge: Security and Safety in the Model Context Protocol Ecosystem
Gaire, Shiva
Gyawali, Srijan
Mishra, Saroj
Niroula, Suman
Thakur, Dilip
Yadav, Umesh
Cryptography and Security
Artificial Intelligence
The Model Context Protocol (MCP) has emerged as the de facto standard for connecting Large Language Models (LLMs) to external data and tools, effectively functioning as the "USB-C for Agentic AI." While this decoupling of context and execution solves critical interoperability challenges, it introduces a profound new threat landscape where the boundary between epistemic errors (hallucinations) and security breaches (unauthorized actions) dissolves. This Systematization of Knowledge (SoK) aims to provide a comprehensive taxonomy of risks in the MCP ecosystem, distinguishing between adversarial security threats (e.g., indirect prompt injection, tool poisoning) and epistemic safety hazards (e.g., alignment failures in distributed tool delegation). We analyze the structural vulnerabilities of MCP primitives, specifically Resources, Prompts, and Tools, and demonstrate how "context" can be weaponized to trigger unauthorized operations in multi-agent environments. Furthermore, we survey state-of-the-art defenses, ranging from cryptographic provenance (ETDI) to runtime intent verification, and conclude with a roadmap for securing the transition from conversational chatbots to autonomous agentic operating systems.
title Systematization of Knowledge: Security and Safety in the Model Context Protocol Ecosystem
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2512.08290