Skills
OWASP MCP Top 10 Published: First Formal Security Framework Covering Model Misbinding, Context Spoofing, and Covert Channel Abuse
OWASP published the MCP Top 10, the first formal security framework specifically for Model Context Protocol deployments. Risks include model misbinding, context spoofing, prompt-state manipulation, insecure memory references, covert channel abuse, and permission creep — where temporary or loosely defined permissions expand over time granting agents excessive capabilities. Risks are amplified in multi-modal orchestration, model chaining, and dynamic role assignment scenarios. Complements the existing OWASP Top 10 for Agentic Applications which covers goal hijacking, tool misuse, identity abuse, and supply chain vulnerabilities.
↳ Follow the thread