The MCP attack your code review cannot see
7.9 relevance
Score Breakdown
technical depth 8
novelty 9
actionability 8
community 7
strategic 6
personal 8
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Novel attack vector through MCP manifests, urgent for code review practices.
Summary
The MCP ecosystem's 14,000+ servers face a novel supply chain attack: tool poisoning via invisible Unicode in metadata, which LLM agents parse as instructions but human reviewers cannot see. A new static scanner, mcpscan (Python 3.9+, zero dependencies), catches these poisoned descriptions along with command injection, dangerous .claude hooks, and other vulnerabilities—addressing the gap left by runtime jailbreak tools like garak.