[2512.14166] IntentMiner: Intent Inversion Attack via Tool Call Analysis in the Model Context Protocol
Llms Machine Learning Ai Agents Ai Safety Generative Ai

[2512.14166] IntentMiner: Intent Inversion Attack via Tool Call Analysis in the Model Context Protocol

arXiv - AI 4 min read Article

Summary

The paper introduces IntentMiner, a novel approach to detect Intent Inversion Attacks in Large Language Models (LLMs) by analyzing tool call metadata, revealing significant privacy vulnerabilities in AI systems.

Why It Matters

As AI systems become more prevalent, understanding their vulnerabilities is crucial for safeguarding user privacy. This research highlights a new attack vector that could compromise the intent of users, emphasizing the need for improved security measures in AI architectures.

Key Takeaways

  • IntentMiner can reconstruct user intents from authorized metadata, bypassing traditional privacy measures.
  • The study reveals a critical vulnerability in the Model Context Protocol used by AI agents.
  • IntentMiner achieves over 85% semantic alignment with original queries, outperforming existing LLMs.
  • The findings stress the importance of semantic obfuscation to protect user privacy.
  • This research calls for a reevaluation of privacy standards in next-generation AI systems.

Computer Science > Cryptography and Security arXiv:2512.14166 (cs) [Submitted on 16 Dec 2025 (v1), last revised 16 Feb 2026 (this version, v2)] Title:IntentMiner: Intent Inversion Attack via Tool Call Analysis in the Model Context Protocol Authors:Yunhao Yao, Zhiqiang Wang, Haoran Cheng, Yihang Cheng, Haohua Du, Xiang-Yang Li View a PDF of the paper titled IntentMiner: Intent Inversion Attack via Tool Call Analysis in the Model Context Protocol, by Yunhao Yao and 5 other authors View PDF HTML (experimental) Abstract:The evolution of Large Language Models (LLMs) into Agentic AI has established the Model Context Protocol (MCP) as the standard for connecting reasoning engines with external tools. Although this decoupled architecture fosters modularity, it simultaneously shatters the traditional trust boundary. We uncover a novel privacy vector inherent to this paradigm: the Intent Inversion Attack. We show that semi-honest third-party MCP servers can accurately reconstruct users' underlying intents by leveraging only authorized metadata (e.g., function signatures, arguments, and receipts), effectively bypassing the need for raw query access. To quantify this threat, we introduce IntentMiner. Unlike statistical approaches, IntentMiner employs a hierarchical semantic parsing strategy that performs step-level intent reconstruction by analyzing tool functions, parameter entities, and result feedback in an orthogonal manner. Experiments on the ToolACE benchmark reveal that IntentM...

Read Original Article
Share on X Share on LinkedIn Share on Facebook

Related Articles

Llms

Attention Is All You Need, But All You Can't Afford | Hybrid Attention

Repo: https://codeberg.org/JohannaJuntos/Sisyphus I've been building a small Rust-focused language model from scratch in PyTorch. Not a f...

Reddit - Artificial Intelligence · 1 min ·
The “Agony” or ChatGPT: Would You Let AI Write Your Wedding Speech?
Llms

The “Agony” or ChatGPT: Would You Let AI Write Your Wedding Speech?

AI Tools & Products · 12 min ·
Anthropic expands partnership with Google and Broadcom for multiple gigawatts of next-generation compute
Llms

Anthropic expands partnership with Google and Broadcom for multiple gigawatts of next-generation compute

AI Tools & Products · 3 min ·
How I use Claude for strategy, Gemini for research and ChatGPT for 'the grind'
Llms

How I use Claude for strategy, Gemini for research and ChatGPT for 'the grind'

AI Tools & Products · 9 min ·
More in Llms: This Week Guide Trending

No comments

Sign in to comment

No comments yet. Be the first to comment!

Stay updated with AI News

Get the latest news, tools, and insights delivered to your inbox.

Subscribe to Newsletter

Daily or weekly digest • Unsubscribe anytime