MCP server can modify tool list mid-session; client has no mechanism to detect(mcpfw.dev)
2 pointsby mwaseem_d7 hours ago1 comment
  • mwaseem_d7 hours ago
    Spent April building attacks against MCP — not against the model, against the protocol. Tested against Claude Desktop, Cursor, Windsurf. The model did the right thing every time. The problem was always one layer down. Happy to go deep on any of the attack classes.