Microsoft research shows that attackers can poison MCP tool descriptions to hijack AI agents and quietly exfiltrate company data without triggering obvious alarms. The report warns that as agents in Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry gain real-world permissions, organizations must treat connected tools as supply-chain risks and tightly control what those agents can do. #Microsoft #MCP #Microsoft365Copilot #CopilotStudio #AzureAIFoundry
Keypoints
- Attackers can hide malicious instructions inside MCP tool descriptions.
- AI agents may follow poisoned instructions without breaking any rules.
- Microsoft 365 Copilot and custom agents can take real actions on business systems.
- Microsoft recommends reviewing tool changes, limiting tool access, and requiring human approval for risky actions.
- Past cases like tool poisoning, GitHub MCP abuse, and postmark-mcp show the threat is already real.
Read More: https://thehackernews.com/2026/06/microsoft-warns-poisoned-mcp-tool.html