3. Shared Registries Without Access Segmentation
3. Shared Registries Without Access Segmentation
Red, blue, and purple teams using the same MCP registry may unknowingly run each other’s tools.
Tech Detail:
- Registry path (e.g., ~/mcp/registry/*.json) is mounted across namespaces
- No RBAC on tool_load() APIs
Exploit Potential:
- A Red Team tool (e.g., invoke_phishing_lure_gen) gets executed by SOC workflows
- Tools with different threat models coexist without sandboxing
Mitigation:
- Use registry labels + namespacing (e.g., SOC.tools, REDTEAM.experimental)
- Enforce per-role registry scanning policies