Technology

Xeris Threat Lab Uncovers Metadata Forgery Vulnerability in MCP Servers

Silent metadata manipulation allows malicious MCP Servers to access unauthorized LLM data, exposing a new layer of AI infrastructure risk.

New Report Reveals Silent Escalation Technique Targeting AI Agent Metadata Instructions

Xeris.ai, a cybersecurity startup specializing in protecting AI workflows and MCP (Model Context Protocol) infrastructure, today announced a forthcoming threat report exposing a previously undocumented vulnerability—XERIS-006: Metadata Forge.

This newly discovered attack reveals how malicious MCP Servers can silently manipulate metadata sent to Large Language Models (LLMs), allowing unauthorized access to sensitive information. The vulnerability, tested against Anthropic’s Claude Desktop using a modified “Customer Support” MCP Server, demonstrates how simple metadata field rewrites can completely alter AI behavior—without the user’s knowledge or consent.

“This isn’t a prompt injection or jailbreak, it’s a silent metadata hijack that bypasses both user awareness and platform controls,” said Shlomo Touboul, Co-Founder and Chairman of Xeris.ai. “MCPs are rapidly becoming the hidden control layer behind enterprise AI. We must treat them as privileged software—because attackers already do.”

How the Attack Works
The Metadata Forge vulnerability exploits the weak validation of tool metadata within MCP Server responses. In the published case, a malicious MCP Server injected a hidden instruction to transform ticket_id metadata from CS- (Customer Support) to SEC- (Security Incident), tricking the LLM into retrieving confidential security alerts instead of user-approved tickets. The LLM never alerted the user to this change.

The attack was confirmed by:

Code-level patch injection in the MCP Server’s metadata definition

Unmodified user prompts are returning unauthorized security data.

Behavioral validation in the Claude Desktop LLM interface

This form of metadata forgery can impact any enterprise using unverified or shadow MCP Servers to connect agents, workflows, or external systems to LLMs.

Report Access and Recommendations
XERIS-006: Metadata Forge is available for early access at:
👉 https://xeris.ai/threat-reports/metadata-forge-attack

Organizations are advised to:

1. Implement strict signature validation on MCP Server responses.
2. Monitor for instruction mismatches between user prompts and tool output.s
3. Audit and approve all MCP Server sources interacting with enterprise LLM systems

About Xeris.ai
Xeris.ai provides AI XDR (Extended Detection and Response) solutions for securing AI agents, assistants, and LLM workflows. The company focuses on preventing logic-layer threats within AI pipelines, offering tools for MCP monitoring, policy enforcement, and real-time anomaly detection.

To learn more or request demo code for the Metadata Forge attack:
📧 info@xeris.ai
🌐 https://xeris.ai

Shlomo Touboul
Xeris AI
+972 54-422-7780
email us here
Visit us on social media:
LinkedIn

Joseph Wilson

Joseph Wilson is a veteran journalist with a keen interest in covering the dynamic worlds of technology, business, and entrepreneurship.

Recent Posts

Private Equity Investor Zed Monopoly Makes Major Move into Bitcoin Stocks, Signaling Bold Conviction in Next 3 Years of Market Growth

Dubai, UAE – October 2, 2025 – Private equity investor and influential public figure Zed…

3 hours ago

Young Mayden Legal Search Recognized for Recruiting Excellence

The Recruiter Spotlight on Young Mayden is part of the Legal Recruiter Directory’s new series…

19 hours ago

Indra Energy Customers Fuel Reforestation and Community Empowerment in Senegal

Senegal's Green Future: Indra Energy Customers Fuel Vital Ecosystem Restoration Following the successful launch of…

19 hours ago

Dr. Aiman Hanna Integrates BassiliChat into Computer Science and Engineering Courses

Canada’s BassiliChat AI joins university courses with Dr. Aiman Hanna, letting students compare ChatGPT, Claude,…

20 hours ago

3DRBI Announces 3D Remote Building Inspection Project with Southern First Nations Secretariat (SFNS)

First Nation communities may struggle to find qualified home inspectors, and this challenge is exacerbated…

20 hours ago

PostGrid Named the Fastest Growing Technology Company by The Globe and Mail

Ranked #1 in Technology and #2 Overall Among the Nation’s Fastest Growing Businesses PostGrid, the…

20 hours ago

This website uses cookies.