CyberSecurityBoardThreat Intel · CVEs · Products
Cyber News

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

June 30, 2026

Microsoft has issued a warning about a new attack vector targeting AI agents that use the Model Context Protocol (MCP). Attackers can poison tool descriptions to hijack AI agents, causing them to exfiltrate sensitive data without breaking any rules. The attack exploits the trust boundary between AI agents and external tools, where instructions and data are mixed. Microsoft recommends treating tools as part of the supply chain, reviewing description changes like code changes, and implementing human approval for risky actions. The attack has been demonstrated in research and real-world incidents, including the postmark-mcp npm package.

CVEs: CVE-2026-20245

Companies: Microsoft, Invariant Labs, Koi Security

Products: Microsoft 365 Copilot, Copilot Studio, Azure AI Foundry, Prompt Shields, Purview DLP, Entra Agent ID, Defender for Cloud, Sentinel