Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
30 June 2026
New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider.
The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm may fire.
The work comes from Microsoft Incident Response and its