Definition

What is Tool Poisoning?

Last updated

An attack in which malicious instructions are embedded in an MCP tool's description or metadata so an agent treats them as authoritative context and acts on them.

Agents read tool descriptions into the same context window they use for user prompts and retrieved documents. Anything in those descriptions is trusted by default. Attackers exploit this by hiding instructions, swapping descriptions after install, or registering near-duplicate tools, turning the tool registry into a persistent compromise channel. The MCPTox benchmark documented a 72.8% attack success rate across 20 production agents in 2025.

Related Context Poisoning MCP (Model Context Protocol) MCP Server Context Engineering AI Agent

Further reading

Articles about Tool Poisoning

Tool poisoning: how MCP tool descriptions hijack agents

Tool poisoning hides instructions inside MCP tool descriptions the agent reads as trusted context. The MCPTox benchmark recorded a 72.8% attack success rate.

All terms

View full glossary
Agent Drift AI Hallucination AI Agent AI Second Brain Context as a Service Context Container Context Compression Context Drift Context Engineering Context Poisoning Context Portability Context Rot Context Window Epistemic Provenance Fine-Tuning MCP Server MCP (Model Context Protocol) Multi-Agent System Prompt Caching Prompt Engineering RAG (Retrieval-Augmented Generation) Semantic Search Tool Poisoning Structured Context Wire

Put context into practice

Create your first context container and connect it to your AI tools in minutes.

Create Your First Container