INCIDENT
MCP - Security researcher critiques the popular MCP tool poisoning
Security researcher critiques the popular MCP tool poisoning mitigation strategy (signing tools, hashing instructions, server notifications) as structurally flawed.
Updated: 5/27/2026
high Severity
Status: active
Description
"sign the tools. hash the instructions. have the server notify the client when tools change." this is the most popular fix proposed for MCP tool poisoning. it is also structurally unable to work. Part 2 of my conversation with @nbarbettini starts with that https://t.co/3KzT9vATXr
Impact
Security researcher critiques the popular MCP tool poisoning mitigation strategy (signing tools, hashing instructions, server notifications) as structurally flawed.
Attack Vectors
- tool signing
- instruction hashing
- server-client notification