The MCP Attack Atlas — 40+ Ways to Attack an AI Agent (And How to Detect Them)
The author published the MCP Attack Atlas, an open catalog of 40+ attack patterns against AI agents using the Model Context Protocol (MCP), grouped into 14 attack families. The atlas includes detection methods and two patterns that map to a live CVE.
Why it matters
The MCP Attack Atlas provides a comprehensive reference for AI developers to understand the classes of attacks their agents may face and how to detect them, improving the security of AI systems.
Key Points
- 1The MCP Attack Atlas catalogs 40+ attack patterns against AI agents using the MCP, grouped into 14 families
- 2Each pattern has a fixture and a detection angle, not just a name
- 3Two patterns map to a live CVE (CVE-2026-40159 / GHSA-pj2r-f9mw-vrcq, PraisonAI)
- 4The atlas was fact-checked by a multi-agent audit before publishing
- 5The scanner that detects these runs 100% locally (pip install sunglasses)
Details
The author has been building an open-source AI agent security scanner called Sunglasses, which has 245 detection patterns today. Patterns are great for detection, but developers need to understand the classes of attacks that exist to reason about their agent's security. The MCP Attack Atlas provides this high-level view, grouped into 14 families such as Identity & Role Confusion, Policy & Guardrail Bypass, Evidence & Provenance, and more. The atlas includes detailed descriptions of specific attack patterns like Emoji Homoglyph Policy Evasion, Tool Docstring Directive Bleed, and Memory Eviction / Rehydration Poisoning. Two of the patterns in the atlas correspond to a real published advisory (GHSA-pj2r-f9mw-vrcq / CVE-2026-40159) related to PraisonAI's sensitive environment exposure vulnerability. Before publishing, the author ran a 5-agent fact-check audit on the atlas, which initially flagged one of the CVE citations as hallucinated, but it was later confirmed to be a real advisory.
No comments yet
Be the first to comment