{"id":359385,"date":"2025-09-18T10:40:32","date_gmt":"2025-09-18T05:10:32","guid":{"rendered":"https:\/\/www.technologyforyou.org\/?p=359385"},"modified":"2025-09-18T10:40:32","modified_gmt":"2025-09-18T05:10:32","slug":"kaspersky-warns-open-source-ai-connector-could-be-abused-by-cyberattackers","status":"publish","type":"post","link":"https:\/\/www.technologyforyou.org\/kaspersky-warns-open-source-ai-connector-could-be-abused-by-cyberattackers\/","title":{"rendered":"Kaspersky warns open-source AI connector could be abused by cyberattackers"},"content":{"rendered":"

Kaspersky has found that Model Context Protocol (MCP) could be weaponized by cybercriminals as a supply chain attack vector, potentially leading to harmful impacts, including, but not limited to the leakage of password, credit card, crypto wallet and other types of data. In their new research, Kaspersky experts show the concept of an attack and share mitigation measures for businesses who integrate AI tools into their workflows.<\/p>\n

\n
\n
\n

Open-sourced by Anthropic in 2024, the\u00a0Model Context Protocol\u00a0<\/a>(MCP) is a standard that gives AI systems, especially LLM-based apps, a consistent way to connect to external tools and services. For instance, organizations may use it to let LLMs search and update documents, manage code repositories and APIs, or access CRM, financial, and cloud data.<\/p>\n

Like any open-source tool, MCP can be abused by cybercriminals. In their new research, Kaspersky Emergency Response Team (GERT) experts built a proof-of-concept that simulates how attackers might abuse an MCP server. This was to demonstrate how the supply chain attacks can unfold through the protocol and to showcase the potential harm that might come from running such tools without proper auditing. Performing a controlled security lab test, they simulated a developer workstation with a rogue MCP server installed, ultimately harvesting such sensitive data types as:<\/p>\n

\u25cf\u00a0\u00a0\u00a0\u00a0\u00a0 browser passwords<\/p>\n

\u25cf\u00a0\u00a0\u00a0\u00a0\u00a0 credit card data<\/p>\n

\u25cf\u00a0\u00a0\u00a0\u00a0\u00a0 cryptocurrency wallet files<\/p>\n

\u25cf\u00a0\u00a0\u00a0\u00a0\u00a0 API tokens and certificates<\/p>\n

\u25cf\u00a0\u00a0\u00a0\u00a0\u00a0 cloud configurations and more<\/p>\n

During the simulated attack a \u201cvictim\u201d only sees the legitimate output. Kaspersky has not yet observed this vector in real life and warns that the vector may be used by cybercriminals not only to extract sensitive data, but also to cause other harmful impacts such as executing malicious code, installing backdoors and deploying ransomware, etc.<\/p>\n

In their research, Kaspersky used Cursor as the AI example client to connect with the weaponized MCP server, though the same attack concept may be applied to other LLMs as well. Cursor and Anthropic have been notified of the research outcomes.<\/p>\n

\u201cSupply chain attacks remain one of the most pressing threats in the cybersecurity space, and the potential weaponization of MCP we demonstrated follows this trend. With the current hype around AI and the race to integrate these tools into workflows, businesses may lower their guard and, by adopting a seemingly legitimate but unproven custom MCP, perhaps posted on Reddit or similar platforms, end up suffering a data leak. This underscores the importance of a strong security posture. In our new white paper, we share the technical details of this potential attack vector along with measures to help avoid falling victim,\u201d says Mohamed Ghobashy, Incident Response Specialist in the Kaspersky Global Emergency Response Team (GERT).<\/strong><\/p>\n

The detailed research is presented\u00a0on Securelist.<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Kaspersky has found that Model Context Protocol (MCP) could be weaponized by cybercriminals as a supply chain attack vector, potentially leading to harmful impacts, including, but not limited to the leakage of password, credit card, crypto wallet and other types of data. In their new research, Kaspersky experts show the concept of an attack and […]<\/p>\n","protected":false},"author":1,"featured_media":208464,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27765,10],"tags":[],"class_list":{"0":"post-359385","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence-news","8":"category-cyber-security"},"_links":{"self":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts\/359385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/comments?post=359385"}],"version-history":[{"count":0,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts\/359385\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/media\/208464"}],"wp:attachment":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/media?parent=359385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/categories?post=359385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/tags?post=359385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}