This repository contains a vulnerable MCP server implementation designed for educational and research purposes. It demonstrates common security pitfalls and real-world exploitation scenarios targeting MCP (Model Context Protocol) systems along with practical techniques to detect, defend, and harden your own MCP-based applications. This project complements my article published in DigitalWhisper magazine, where I explore the offensive and defensive aspects of:
- AI agent orchestration
- Prompt injection
- RAG-layer abuse
π° Read the article (Hebrew only): https://www.digitalwhisper.co.il/
An intentionally vulnerable MCP server covering the following topics:
- βοΈ Intro to MCP β Working and debugging with a simple MCP server
- π Prompt Injection β Direct prompt injection analysis and exploitation
- π§ͺ Tool Poisoning β Two real-world use cases used by AI attackers
- π§ Indirect Prompt Injection β RAG-based simulation to explore context abuse and multi-hop attacks
- π‘οΈ Security Researchers β Exploring LLM/MCP threat models and vulnerabilities
- π¨βπ» Developers β Building safer, more robust MCP / Agent frameworks
- π Educators & Trainers β Teaching offensive AI/LLM behavior in workshops and labs
- π΄ Red Teamers β Simulating prompt injection and RAG abuse in controlled environments
Copyright (c) 2025 Maor Tal. This project is licensed under the MIT License.