OpenClaw Goes Viral, Exposing 12 Types of Critical Vulnerabilities; MCP Protocol Security Benchmark Released
The rapid rise of OpenClaw and similar AI Agents highlights the growing security risks associated with the Model Context Protocol (MCP), a standard enabling models to interact with external tools. Researchers from Beijing University of Posts and Telecommunications introduced MSB (MCP Security Bench), a security benchmark identifying 12 types of attacks across MCP’s three core stages: task planning, tool invocation, and response handling. These include name collision, false errors, retrieval injection, and mixed attacks.
Notably, more capable models are often more vulnerable, with an average attack success rate (ASR) of 40.35%. The study also proposes a new metric, Net Resilient Performance (NRP), to balance security and utility. MSB evaluates agents in real-world environments, demonstrating that attacks remain effective even when harmless tools are present. The work underscores the urgent need for robust safety measures as AI agents gain broader tool-use capabilities.
marsbitВчера 04:04
