New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider.

The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm may fire.

The work comes from Microsoft Incident Response and its



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/06/microsoft-warns-poisoned-mcp-tool.html