Security2026-06-26 · source-backed
ShareLock splits one malicious prompt across multiple tools so no single one looks bad.
Story
Researchers introduced ShareLock, a tool-poisoning attack against MCP that distributes a malicious instruction across several tool descriptions, defeating the assumption that a reviewer reading one tool will catch it. Per-tool review is now insufficient. The attack surface is the combination, not the individual tool. Pin a known-good baseline for each registered tool's description and diff against it.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Shared topic / Earlier coverage / Tension
MCP's 2026 spec adds incremental scope consent, but tool descriptions are still an attack vector.
Both cover MCP, Researchers; overlapping topics (attack, description, tool); earlier MCP coverage from 2026-06-18.
Shared entity: MCP / Same source domain / Shared topic / Earlier coverage
Every Major MCP Client Is Vulnerable to Prompt Injection via Tool Poisoning. All Seven Tested. All Seven Failed.
Both cover MCP; reported by the same outlet (arxiv.org); overlapping topics (attack, description, instruction, tool).
Shared entities / Same source domain / Earlier coverage
Your Agents Are Lying About Being Done. A New Benchmark Proves It.
Both cover MCP, Researchers; reported by the same outlet (arxiv.org); earlier MCP coverage from 2026-05-25.
Shared entity: MCP / Shared topic / Earlier coverage
10 Skills of the Day
Both cover MCP; overlapping topics (against, attack, each, tool); earlier MCP coverage from 2026-03-25.
Shared entity: MCP / Same source domain / Shared topic / Earlier coverage
"MCP Tool Descriptions Are Smelly" (arXiv)
Both cover MCP; reported by the same outlet (arxiv.org); overlapping topics (description, tool).
Shared entity: MCP / Shared topic / What happened next
Prompt injection just got reclassified from "bug" to "architectural flaw"
Both cover MCP; overlapping topics (against, attack, instruction); picks up the MCP thread on 2026-06-27.
Shared entity: MCP / Shared topic / Earlier coverage / Tension
The most common MCP vulnerability is the "omnibus tool," and the fix is structural, not a patch.
Both cover MCP; overlapping topics (against, tool); earlier MCP coverage from 2026-06-22.
MCP tool poisoning is a supply-chain problem, and ~200,000 instances are exposed.
Both cover MCP; overlapping topics (against, tool); earlier MCP coverage from 2026-06-19.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — June 26, 2026
- AI generated
- no
- Story unit
- 2026-06-26-sharelock-splits-one-malicious-prompt-across-multiple-tools-so-no-single-one-looks-bad
- Labels
- source-backed, canonical briefing excerpt