Prompt Injection Defense Weekly

MCP tool poisoning: the prompt injection vector your system prompt can't stop

The most active prompt injection technique right now hides credential-stealing instructions in MCP tool description fields — invisible to users, processed by the model with an 84.2% success rate on auto-approve agents. This week's defense: hash-lock your tool definitions, gate high-risk actions with explicit confirmation, and audit tool descriptions for out-of-scope patterns before loading.