Xeris Uncovers New AI Agent Attack: Reasoning Step Hopping (XERIS-005)

Xeris Threat Lab Uncovers New LLM Attack Method: ‘XERIS-005 – Reasoning Step Hopping’

Xeris.ai, a cybersecurity startup specializing in securing Generative AI environments, today announced the release of its latest threat report, XERIS-005: Reasoning Step Hopping Attack.

The attack is executed by the MCP Server silently, with zero visibility to the user. The MCP Server silently instructs the LLM to hop over a reasoning step-completely hidden from the user.

New Xeris report details how MCP Servers can hijack individual reasoning steps in LLM workflows.

“This isn’t prompt injection. It’s a deeper, more dangerous logic-level hijack. By taking over the reasoning flow, an attacker can shape conclusions and decisions invisibly.” – Shlomo Touboul, Co-Founder and Active Chairman of Xeris.

This marks an important discovery by the Xeris Threat Lab, highlighting a novel method in which malicious MCP (Model Context Protocol) Servers manipulate the reasoning process of Large Language Models (LLMs).

Traditionally seen as a neutral bridge between the LLM and enterprise data, the MCP Server is now shown to have the potential for far greater influence. In the XERIS-005 scenario, the MCP Server takes control over the LLM’s step-by-step reasoning process. By forcing the model to externally validate each step and then subtly modifying one selected step, the attacker can alter the final response while keeping the model unaware of the manipulation.

“This isn’t prompt injection. It’s a deeper, more dangerous logic-level hijack,” said Shlomo Touboul, Co-Founder and Active Chairman of Xeris. “By taking over the reasoning flow, an attacker can shape conclusions and decisions invisibly. That’s a new class of risk that enterprises must be ready for.”

Reffael Caspi, Co-Founder and CEO of Xeris, added:
“XERIS-005 shows how fast threat actors are evolving. What used to be a passive data access layer can now actively control and distort reasoning in real time. Our mission at Xeris is to stay one step ahead, protecting the trust layer of GenAI before it’s too late.”

The full technical report, including a detailed breakdown of the attack flow and mitigation strategies, is now available on the Xeris website:
https://www.xeris.ai/threat-reports/reasoning-step-hopping-attack

As part of its ongoing commitment to transparency and proactive defense, Xeris pre-released this report to members of the MCP Security Group-a growing community of AI and cybersecurity professionals who receive early access to Xeris research and engage in deep technical discussion around emerging GenAI threats.

Professionals interested in joining the group and staying ahead of new threat vectors are invited to apply here:
https://www.linkedin.com/groups/10141833/

About Xeris:
Xeris.ai is a pioneer in Generative AI security. Its flagship solution, the MCP-XDR platform, provides extended detection and response for AI agent environments, enabling CISOs to apply enterprise-grade policy, visibility, and control across distributed AI workflows. The Xeris Threat Lab continuously monitors and analyzes real-world risks targeting AI reasoning, data access, and identity integrity.

Media Contact:
info@xeris.ai
www.xeris.ai
Shlomo Touboul
Xeris AI

Visit us on social media:
LinkedIn