Technology

Xeris Threat Lab Uncovers Metadata Forgery Vulnerability in MCP Servers

Silent metadata manipulation allows malicious MCP Servers to access unauthorized LLM data, exposing a new layer of AI infrastructure risk.

New Report Reveals Silent Escalation Technique Targeting AI Agent Metadata Instructions

Xeris.ai, a cybersecurity startup specializing in protecting AI workflows and MCP (Model Context Protocol) infrastructure, today announced a forthcoming threat report exposing a previously undocumented vulnerability—XERIS-006: Metadata Forge.

This newly discovered attack reveals how malicious MCP Servers can silently manipulate metadata sent to Large Language Models (LLMs), allowing unauthorized access to sensitive information. The vulnerability, tested against Anthropic’s Claude Desktop using a modified “Customer Support” MCP Server, demonstrates how simple metadata field rewrites can completely alter AI behavior—without the user’s knowledge or consent.

“This isn’t a prompt injection or jailbreak, it’s a silent metadata hijack that bypasses both user awareness and platform controls,” said Shlomo Touboul, Co-Founder and Chairman of Xeris.ai. “MCPs are rapidly becoming the hidden control layer behind enterprise AI. We must treat them as privileged software—because attackers already do.”

How the Attack Works
The Metadata Forge vulnerability exploits the weak validation of tool metadata within MCP Server responses. In the published case, a malicious MCP Server injected a hidden instruction to transform ticket_id metadata from CS- (Customer Support) to SEC- (Security Incident), tricking the LLM into retrieving confidential security alerts instead of user-approved tickets. The LLM never alerted the user to this change.

The attack was confirmed by:

Code-level patch injection in the MCP Server’s metadata definition

Unmodified user prompts are returning unauthorized security data.

Behavioral validation in the Claude Desktop LLM interface

This form of metadata forgery can impact any enterprise using unverified or shadow MCP Servers to connect agents, workflows, or external systems to LLMs.

Report Access and Recommendations
XERIS-006: Metadata Forge is available for early access at:
👉 https://xeris.ai/threat-reports/metadata-forge-attack

Organizations are advised to:

1. Implement strict signature validation on MCP Server responses.
2. Monitor for instruction mismatches between user prompts and tool output.s
3. Audit and approve all MCP Server sources interacting with enterprise LLM systems

About Xeris.ai
Xeris.ai provides AI XDR (Extended Detection and Response) solutions for securing AI agents, assistants, and LLM workflows. The company focuses on preventing logic-layer threats within AI pipelines, offering tools for MCP monitoring, policy enforcement, and real-time anomaly detection.

To learn more or request demo code for the Metadata Forge attack:
📧 info@xeris.ai
🌐 https://xeris.ai

Shlomo Touboul
Xeris AI
+972 54-422-7780
email us here
Visit us on social media:
LinkedIn

Joseph Wilson

Joseph Wilson is a veteran journalist with a keen interest in covering the dynamic worlds of technology, business, and entrepreneurship.

Recent Posts

Cybernetis AI Launches Predictive Analytics Platform for Mid-Sized Retailers

Cybernetis AI today announced the launch of a new predictive analytics platform designed to make…

17 hours ago

Healthcare SaaS Brand Solutionreach Breaks The B2B Mold With Long-Form, Story-Driven Ad Campaign

In celebration of its 25th year in business, leading healthcare SaaS brand Solutionreach stepped boldly…

18 hours ago

Oregon RIA Founder Brent Pearson Unveils Turnkey Crypto Sub-Advisory Platform

New Firm Solves 'Held-Away' Asset Problem for Financial Advisors with Institutional-Grade, Insured Cold Storage Solution.…

18 hours ago

NVBDC Services Committee Resources Webinar with the United Nations

The National Veteran Business Development Council (NVBDC) Services Committee, led by NVBDC Board Member and Services Committee…

18 hours ago

Finjobsly.com Debuts Revolutionary AI Platform to Solve Fintech’s Talent Crisis

First-to-Market AI Platform Emerges as the Definitive Job Board for the $515 Billion Fintech Sector…

18 hours ago

Soaring Demand for SoftPro Iron Filter for Well Water Amid Growing U.S. Infrastructure Concerns

SoftPro Water Systems, America's leading water treatment innovator with over 30 years of industry experience,…

18 hours ago

This website uses cookies.