[2510.15994] MCP Security Bench (MSB): Benchmarking Attacks Against Model Context Protocol in LLM Agents

Computer Science > Cryptography and Security arXiv:2510.15994 (cs) [Submitted on 14 Oct 2025 (v1), last revised 24 Mar 2026 (this version, v2)] Title:MCP Security Bench (MSB): Benchmarking Attacks Against Model Context Protocol in LLM Agents Authors:Dongsen Zhang, Zekun Li, Xu Luo, Xuannan Liu, Peipei Li, Wenjun Xu View a PDF of the paper titled MCP Security Bench (MSB): Benchmarking Attacks Against Model Context Protocol in LLM Agents, by Dongsen Zhang and 5 other authors View PDF HTML (experimental) Abstract:The Model Context Protocol (MCP) standardizes how large language model (LLM) agents discover, describe, and call external tools. While MCP unlocks broad interoperability, it also enlarges the attack surface by making tools first-class, composable objects with natural-language metadata, and standardized I/O. We present MSB (MCP Security Benchmark), the first end-to-end evaluation suite that systematically measures how well LLM agents resist MCP-specific attacks throughout the full tool-use pipeline: task planning, tool invocation, and response handling. MSB contributes: (1) a taxonomy of 12 attacks including name-collision, preference manipulation, prompt injections embedded in tool descriptions, out-of-scope parameter requests, user-impersonating responses, false-error escalation, tool-transfer, retrieval injection, and mixed attacks; (2) an evaluation harness that executes attacks by running real tools (both benign and malicious) via MCP rather than simulation; and ...