Agents
Mid-Session Tool Injection weaponized against WebMCP agents via threshold poisoning and fake diagnostic events
July MCP security roundups document attackers actively using Mid-Session Tool Injection (MSTI) to hijack tools in WebMCP agents mid-conversation, using threshold poisoning and fabricated diagnostic events to swap or re-scope tools after a session is established. The technique proves context providers can no longer be blindly trusted even after an initial handshake. It reinforces the shift toward per-response output validation and zero-trust boundaries between agents and their tool servers.
Source
↳ Follow the thread