Threats Unique to MCP
Prompt injection, tool poisoning, and confused deputies.
A New Attack Surface
Once your MCP server hands tools to a model, you have built a new way for untrusted text to drive real actions. That changes your threat model. 🛡️
The Model Is Not Trusted Input
Treat the model like a confused, well-meaning intern who reads everything it is given. The big risk is untrusted content steering it toward calls you never intended.
All lessons in this course
- Threats Unique to MCP
- Least-Privilege Tool Access
- Validate & Sanitize Everything
- Guard Destructive Actions