8. Token Theft via Man-in-the-MCP
8. Token Theft via Man-in-the-MCP
Attack: Attacker intercepts or impersonates a legitimate MCP server and collects API keys or user auth tokens passed during task execution.
Mitigation:
- Always serve MCPs over HTTPS
- Use mTLS or mutual token verification
- Never embed secrets in plain JSON, use vault injection