Malicious MCP Server Exploits AI Agent for Unauthorized Access

A malicious MCP (Multi-Tool Chain Protocol) server was hosted to manipulate tool responses, tricking an AI agent named OSSBot into executing a restricted internal tool and leaking a flag. The attack exploited the AI agent’s reliance on external tool responses to bypass security controls. No specific dates, CVE IDs, or numerical impact metrics were provided in the report. The incident demonstrates a method of compromising AI-driven automation through crafted server responses. The technique targets the interaction between AI agents and external tools to achieve unauthorized access or data exfiltration.