Trust

MCP security

The MCP protocol has documented architectural attack patterns. AgentSeal scanned 1,808 MCP servers in 2025 and found 66% with security findings. Trust depends on knowing what the server does, who shipped it, and what it has access to.

Tool Poisoning

Hidden instructions inside a tool description hijack the model's interpretation at session start.

Cross-Server Shadowing

A malicious server's description rewrites the rules for another, trusted server's tools.

Rug Pulls

A server returns a benign description during install review and silently swaps in a malicious payload on subsequent launches.

Recent incidents

Sept 2025 postmark-mcp: first confirmed malicious MCP server in the wild, silently BCC'd outgoing email.
Oct 2025 Smithery registry path-traversal exposed a builder token with root access to 3,000+ hosted apps.
Apr 2026 STDIO transport design flaw enabled authenticated RCE across 150M+ downloads.

Scan a server Browse trust-scored servers