Research Paper: A Layered Risk and Controls Framework for Prompt Injection
Ten-layer decomposition of the enterprise AI tool execution path with threats, controls, and published efficacy at each layer.
Ten-layer decomposition of the enterprise AI tool execution path with threats, controls, and published efficacy at each layer.
An open-source CLI that fingerprints Model Context Protocol servers and flags behavior patterns associated with publicly disclosed vulnerability classes. Think nmap for MCP.
The OAuth server fronting Zomato's MCP endpoint rewrites the scope request and issues tokens labeled 'offline openid' that nonetheless call every MCP tool, including checkout_cart. The advertised mcp:tools / mcp:resources / mcp:prompts scopes are never enforced at the application layer.