Skip to content

The MCP attack your code review cannot see

7.9 relevance
Score Breakdown
technical depth
8
novelty
9
actionability
8
community
7
strategic
6
personal
8

Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.

Novel attack vector through MCP manifests, urgent for code review practices.

General dev.to
The MCP attack your code review cannot see
Summary

The MCP ecosystem's 14,000+ servers face a novel supply chain attack: tool poisoning via invisible Unicode in metadata, which LLM agents parse as instructions but human reviewers cannot see. A new static scanner, mcpscan (Python 3.9+, zero dependencies), catches these poisoned descriptions along with command injection, dangerous .claude hooks, and other vulnerabilities—addressing the gap left by runtime jailbreak tools like garak.

Author

Kiell Tampubolon

More from Kiell Tampubolon →