Invisible Threats from Model Context Protocol: Generating Stealthy Injection Payload via Tree-based Adaptive Search

Researchers have discovered a new black-box attack method called Tree structured Injection for Payloads (TIP) that can compromise AI agents using Model Context Protocol with over 95% success rate. The attack exploits vulnerabilities in how large language models interact with external tools, bypassing existing defenses and requiring significantly fewer queries than previous methods.