Systemization of Knowledge: Security and Safety Challenges in MCP (arxiv.org)

A recent study has introduced a Systematization of Knowledge (SoK) focusing on the security and safety challenges associated with the Model Context Protocol (MCP), a pivotal framework for linking Large Language Models (LLMs) to external data and tools. While MCP streamlines interoperability—similar to how USB-C revolutionized device connections—it simultaneously blurs the lines between hallucinations (epistemic errors) and security threats (unauthorized actions). The research categorizes risks within the MCP ecosystem, highlighting adversarial threats like indirect prompt injections and tool poisoning, alongside epistemic safety concerns such as alignment failures. This analysis delves into the structural vulnerabilities of MCP components—including Resources, Prompts, and Tools—demonstrating how "context" may be exploited in multi-agent systems, compelling unauthorized operations. The paper also reviews advanced defense mechanisms such as cryptographic provenance and runtime intent verification, ultimately proposing a roadmap for enhancing security as AI transitions from simple chatbots to sophisticated autonomous systems. This work is significant for the AI/ML community as it underscores the urgent need to address emerging risks in the interplay between AI models and the environments they operate in, fostering a safer development of agentic AI technologies.