Fetching from the wire…
Security2026-07-09 · source-backed
July MCP roundups documented Mid-Session Tool Injection against WebMCP agents, using threshold poisoning and fabricated diagnostic events to swap or re-scope tools after a session is already established. The uncomfortable implication: a context provider you trusted at connect time can turn hostile at message 40. Per-response output validation and zero-trust boundaries between an agent and its tool servers aren't paranoia anymore, they're the baseline. Trust at handshake is not trust for the session.
Each link below shares sources, entities, or timing with this story.
Shared entity: MCP / Same source domain / Shared topic / Earlier coverage
Both cover MCP; reported by the same outlet (adversa.ai); overlapping topics (against, agent, baseline, between).
Shared entities / Shared topic / Earlier coverage / Tension
Both cover MCP, WebMCP; overlapping topics (agent, tool); earlier MCP coverage from 2026-02-26.
Shared entity: MCP / Shared topic / Earlier coverage / Tension
Both cover MCP; overlapping topics (against, agent, context, tool); earlier MCP coverage from 2026-03-20.