Tool Poisoning in MCP Servers: The Silent Threat to AI Agents

Most security threats leave evidence in code. An injected shell command shows up in an AST. A hardcoded credential appears in a string literal. A network exfiltration call registers in a dependency gr