mcp on The Trail of Bits Blog

mcp on The Trail of Bits Bloghttps://miscreants.github.io/blog.trailofbits.com/categories/mcp/Recent content in mcp on The Trail of Bits BlogHugoen-usSat, 15 Nov 2025 00:00:00 -0500Level up your Solidity LLM tooling with Slither-MCPhttps://miscreants.github.io/blog.trailofbits.com/2025/11/15/level-up-your-solidity-llm-tooling-with-slither-mcp/Sat, 15 Nov 2025 07:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/11/15/level-up-your-solidity-llm-tooling-with-slither-mcp/We’re releasing Slither-MCP, a new tool that augments LLMs with Slither’s unmatched static analysis engine.We built the security layer MCP always neededhttps://miscreants.github.io/blog.trailofbits.com/2025/07/28/we-built-the-security-layer-mcp-always-needed/Mon, 28 Jul 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/07/28/we-built-the-security-layer-mcp-always-needed/Today we’re announcing the beta release of mcp-context-protector, a security wrapper for LLM apps using the Model Context Protocol (MCP). It defends against the line jumping attacks documented earlier in this blog series, such as prompt injection via tool descriptions and ANSI terminal escape codes.Insecure credential storage plagues MCPhttps://miscreants.github.io/blog.trailofbits.com/2025/04/30/insecure-credential-storage-plagues-mcp/Wed, 30 Apr 2025 03:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/30/insecure-credential-storage-plagues-mcp/This post describes how many examples of MCP software store long-term API keys for third-party services in plaintext on the local filesystem, often with insecure, world-readable permissions.Deceiving users with ANSI terminal codes in MCPhttps://miscreants.github.io/blog.trailofbits.com/2025/04/29/deceiving-users-with-ansi-terminal-codes-in-mcp/Tue, 29 Apr 2025 09:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/29/deceiving-users-with-ansi-terminal-codes-in-mcp/This post describes attacks using ANSI terminal code escape sequences to hide malicious instructions to the LLM, leveraging the line jumping vulnerability we discovered in MCP.How MCP servers can steal your conversation historyhttps://miscreants.github.io/blog.trailofbits.com/2025/04/23/how-mcp-servers-can-steal-your-conversation-history/Wed, 23 Apr 2025 10:30:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/23/how-mcp-servers-can-steal-your-conversation-history/Malicious MCP servers can inject trigger phrases into tool descriptions to exfiltrate entire conversation histories and steal sensitive credentials and IP.Jumping the line: How MCP servers can attack you before you ever use themhttps://miscreants.github.io/blog.trailofbits.com/2025/04/21/jumping-the-line-how-mcp-servers-can-attack-you-before-you-ever-use-them/Mon, 21 Apr 2025 10:30:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/21/jumping-the-line-how-mcp-servers-can-attack-you-before-you-ever-use-them/MCP’s ’line jumping’ vulnerability lets malicious servers inject prompts through tool descriptions to manipulate AI behavior before tools are ever invoked.