AI-MCP-SERVERInitial Access

Malicious MCP Server

Add a rogue Model Context Protocol server to the user's client. Every prompt to the agent exposes tools / data via the rogue server — silent supply-chain for AI workflows.

§ Where this technique fits

AI-MCP-SERVER is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 4 on average.

§ Dossiers chaining this technique

Malicious MCP server → silent supply chain for agent tools
User installs an MCP server marketed as a useful integration. Every subsequent agent session has the rogue server in scope — its tools log prompts, exfil files, or inject responses to bias the agent.
step 4 / 6

§ What commonly comes next

01
Exfil via Agent Observability Logs
AI-AGENT-EXFIL-LOGS · Collection
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Malicious MCP server → silent supply chain for agent tools

§ What commonly comes next