Agents
Palo Alto Networks Unit 42 Documents Novel MCP Sampling Prompt Injection Attack Vectors
Unit 42 published analysis of prompt injection attacks enabled by MCP's sampling feature, which relies on implicit trust with no built-in security controls. Demonstrated attacks include resource theft (hidden instructions cause LLMs to generate unauthorized content while consuming API credits undetected) and conversation hijacking (compromised MCP servers inject persistent instructions that alter assistant behavior across entire sessions). These attacks target the fundamental user-to-model interaction layer, bypassing traditional security controls entirely.
↳ Follow the thread