Artificial intelligence

Xeris Uncovers New AI Agent Attack: Reasoning Step Hopping (XERIS-005)

Xeris Threat Lab Uncovers New LLM Attack Method: ‘XERIS-005 – Reasoning Step Hopping’

Xeris.ai, a cybersecurity startup specializing in securing Generative AI environments, today announced the release of its latest threat report, XERIS-005: Reasoning Step Hopping Attack.

The attack is executed by the MCP Server silently, with zero visibility to the user. The MCP Server silently instructs the LLM to hop over a reasoning step-completely hidden from the user.

New Xeris report details how MCP Servers can hijack individual reasoning steps in LLM workflows.

“This isn’t prompt injection. It’s a deeper, more dangerous logic-level hijack. By taking over the reasoning flow, an attacker can shape conclusions and decisions invisibly.” – Shlomo Touboul, Co-Founder and Active Chairman of Xeris.

This marks an important discovery by the Xeris Threat Lab, highlighting a novel method in which malicious MCP (Model Context Protocol) Servers manipulate the reasoning process of Large Language Models (LLMs).

Traditionally seen as a neutral bridge between the LLM and enterprise data, the MCP Server is now shown to have the potential for far greater influence. In the XERIS-005 scenario, the MCP Server takes control over the LLM’s step-by-step reasoning process. By forcing the model to externally validate each step and then subtly modifying one selected step, the attacker can alter the final response while keeping the model unaware of the manipulation.

“This isn’t prompt injection. It’s a deeper, more dangerous logic-level hijack,” said Shlomo Touboul, Co-Founder and Active Chairman of Xeris. “By taking over the reasoning flow, an attacker can shape conclusions and decisions invisibly. That’s a new class of risk that enterprises must be ready for.”

Reffael Caspi, Co-Founder and CEO of Xeris, added:
“XERIS-005 shows how fast threat actors are evolving. What used to be a passive data access layer can now actively control and distort reasoning in real time. Our mission at Xeris is to stay one step ahead, protecting the trust layer of GenAI before it’s too late.”

The full technical report, including a detailed breakdown of the attack flow and mitigation strategies, is now available on the Xeris website:
https://www.xeris.ai/threat-reports/reasoning-step-hopping-attack

As part of its ongoing commitment to transparency and proactive defense, Xeris pre-released this report to members of the MCP Security Group-a growing community of AI and cybersecurity professionals who receive early access to Xeris research and engage in deep technical discussion around emerging GenAI threats.

Professionals interested in joining the group and staying ahead of new threat vectors are invited to apply here:
https://www.linkedin.com/groups/10141833/

About Xeris:
Xeris.ai is a pioneer in Generative AI security. Its flagship solution, the MCP-XDR platform, provides extended detection and response for AI agent environments, enabling CISOs to apply enterprise-grade policy, visibility, and control across distributed AI workflows. The Xeris Threat Lab continuously monitors and analyzes real-world risks targeting AI reasoning, data access, and identity integrity.

Media Contact:
info@xeris.ai
www.xeris.ai
Shlomo Touboul
Xeris AI

Visit us on social media:
LinkedIn

Joseph Wilson

Joseph Wilson is a veteran journalist with a keen interest in covering the dynamic worlds of technology, business, and entrepreneurship.

Recent Posts

Firmware-Level Threats in Consumer Smartphones: Supply Chain Risks and Hardware Malware Implications

Security Advisory 2025-NUB-SEC-001 A subset of the nubia Z6255CA series devices has been identified as…

2 hours ago

Cybernetis AI Launches Predictive Analytics Platform for Mid-Sized Retailers

Cybernetis AI today announced the launch of a new predictive analytics platform designed to make…

22 hours ago

Healthcare SaaS Brand Solutionreach Breaks The B2B Mold With Long-Form, Story-Driven Ad Campaign

In celebration of its 25th year in business, leading healthcare SaaS brand Solutionreach stepped boldly…

22 hours ago

Oregon RIA Founder Brent Pearson Unveils Turnkey Crypto Sub-Advisory Platform

New Firm Solves 'Held-Away' Asset Problem for Financial Advisors with Institutional-Grade, Insured Cold Storage Solution.…

22 hours ago

NVBDC Services Committee Resources Webinar with the United Nations

The National Veteran Business Development Council (NVBDC) Services Committee, led by NVBDC Board Member and Services Committee…

22 hours ago

Finjobsly.com Debuts Revolutionary AI Platform to Solve Fintech’s Talent Crisis

First-to-Market AI Platform Emerges as the Definitive Job Board for the $515 Billion Fintech Sector…

22 hours ago

This website uses cookies.