Abstract

The Model Context Protocol (MCP) has emerged as a critical standard for connecting AI agents to external data sources and tools. Still, its adoption has introduced significant security vulnerabilities across multiple attack surfaces. While recent research has catalogued extensive vulnerability taxonomies and attack implementations, automated detection methodologies remain limited. Current detection tools primarily employ static code analysis, which fails to identify behavioral vulnerabilities that only manifest during runtime server interactions. This study explores behavioral detection approaches for identifying MCP server vulnerabilities through systematic query-based testing, with particular emphasis on context manipulation techniques. Preliminary analysis of existing vulnerability research reveals 48 distinct attack types across four primary attack surfaces. The proposed methodology employs context-varied querying where identical requests are framed differently to expose inconsistent security behaviors. Using existing MCP security frameworks (MCPLIB and MCPSECBENCH), this research will evaluate the types of vulnerabilities that can be detected through behavioral analysis and assess the feasibility of automating these detection methods. This research addresses a critical gap in MCP security by developing systematic approaches to proactive vulnerability identification in deployed MCP server environments.

Faculty Advisor/Mentor

Mohammad GhasemiGol

Document Type

Paper

Disciplines

Cybersecurity | Information Security

DOI

10.25776/7mb4-n620

Publication Date

11-20-2025

Upload File

wf_yes

Download

Share

COinS
 

Behavioral Detection Methods for Automated MCP Server Vulnerability Assessment

The Model Context Protocol (MCP) has emerged as a critical standard for connecting AI agents to external data sources and tools. Still, its adoption has introduced significant security vulnerabilities across multiple attack surfaces. While recent research has catalogued extensive vulnerability taxonomies and attack implementations, automated detection methodologies remain limited. Current detection tools primarily employ static code analysis, which fails to identify behavioral vulnerabilities that only manifest during runtime server interactions. This study explores behavioral detection approaches for identifying MCP server vulnerabilities through systematic query-based testing, with particular emphasis on context manipulation techniques. Preliminary analysis of existing vulnerability research reveals 48 distinct attack types across four primary attack surfaces. The proposed methodology employs context-varied querying where identical requests are framed differently to expose inconsistent security behaviors. Using existing MCP security frameworks (MCPLIB and MCPSECBENCH), this research will evaluate the types of vulnerabilities that can be detected through behavioral analysis and assess the feasibility of automating these detection methods. This research addresses a critical gap in MCP security by developing systematic approaches to proactive vulnerability identification in deployed MCP server environments.