Free Trial Dark Web Report

2. MCP Preference Manipulation Attack (MPMA)

Home / Security: Threats, Risks, and Controls / Top 10 MCP Server Vulnerabilities / 2. MCP Preference Manipulation Attack (MPMA)

Published on • Updated on

2. MCP Preference Manipulation Attack (MPMA)

Malicious tools game the agent’s scoring heuristics by injecting keywords like “fastest,” “most secure” into descriptions, biasing tool selection.

Impact: LLMs may consistently prefer attacker-controlled tools.

Mitigation: 

  • Decouple tool ranking from free-text metadata
  • Enforce uniform, structured tool descriptions
ON THIS PAGE