feat(knowledge): add MITRE ATLAS IDs to OWASP files + Norwegian regulatory context
This commit is contained in:
Kjell Tore Guttormsen
parent
5bb9d5bd11
commit
e2c8924074
8 changed files with 301 additions and 30 deletions
|
|
@ -12,6 +12,8 @@ MCP08 Lack of Audit · MCP09 Shadow MCP Servers · MCP10 Context Over-Sharing
|
|||
|
||||
## 1. Tool Poisoning
|
||||
|
||||
**MITRE ATLAS:** AML.T0043 (Craft Adversarial Data), AML.T0051 (LLM Prompt Injection)
|
||||
|
||||
### Description
|
||||
|
||||
Malicious instructions embedded in tool `description`, `name`, or parameter `description` fields that
|
||||
|
|
@ -61,6 +63,8 @@ MCP03:2025 Tool Poisoning · LLM02:2025 Sensitive Information Disclosure · OWAS
|
|||
|
||||
## 2. Path Traversal
|
||||
|
||||
**MITRE ATLAS:** AML.T0037 (Data from Local System)
|
||||
|
||||
### Description
|
||||
|
||||
MCP file-system tools that accept path parameters without canonicalization allow reading or writing
|
||||
|
|
@ -121,6 +125,8 @@ MCP05:2025 Command Injection & Execution · CWE-22 Path Traversal · OWASP A01 B
|
|||
|
||||
## 3. Rug Pull Attacks
|
||||
|
||||
**MITRE ATLAS:** AML.T0010 (ML Supply Chain Compromise)
|
||||
|
||||
### Description
|
||||
|
||||
A malicious MCP server first presents a benign tool description to gain user trust and approval,
|
||||
|
|
@ -179,6 +185,8 @@ MCP03:2025 Tool Poisoning · MCP09:2025 Shadow MCP Servers · LLM07:2025 System
|
|||
|
||||
## 4. Data Exfiltration via Tool Descriptions
|
||||
|
||||
**MITRE ATLAS:** AML.T0024 (Exfiltration via ML Inference API), AML.T0062 (Exfiltration via AI Agent Tool Invocation)
|
||||
|
||||
### Description
|
||||
|
||||
Tool descriptions instruct the LLM to collect sensitive data from the conversation context,
|
||||
|
|
@ -242,6 +250,8 @@ OWASP A02 Cryptographic Failures (data in transit unprotected)
|
|||
|
||||
## 5. Cross-Server Attacks
|
||||
|
||||
**MITRE ATLAS:** AML.T0061 (AI Agent Tools)
|
||||
|
||||
### Description
|
||||
|
||||
When multiple MCP servers are connected to the same Claude instance, a malicious server can
|
||||
|
|
@ -305,6 +315,8 @@ MCP07:2025 Insufficient Authentication & Authorization
|
|||
|
||||
## 6. Dependency Vulnerabilities
|
||||
|
||||
**MITRE ATLAS:** AML.T0010 (ML Supply Chain Compromise)
|
||||
|
||||
### Description
|
||||
|
||||
MCP servers are npm or pip packages with their own dependency trees. Malicious actors target
|
||||
|
|
@ -368,6 +380,8 @@ CWE-494 Download of Code Without Integrity Check
|
|||
|
||||
## 7. Network Exposure
|
||||
|
||||
**MITRE ATLAS:** AML.T0025 (Exfiltration via Cyber Means)
|
||||
|
||||
### Description
|
||||
|
||||
MCP servers that use HTTP/SSE transport (rather than stdio) create network attack surfaces.
|
||||
|
|
@ -434,6 +448,8 @@ OWASP A05 Security Misconfiguration · CWE-918 SSRF
|
|||
|
||||
## 8. Credential Harvesting
|
||||
|
||||
**MITRE ATLAS:** AML.T0035 (ML Artifact Collection)
|
||||
|
||||
### Description
|
||||
|
||||
MCP servers can access environment variables passed by the host application, configuration files
|
||||
|
|
@ -514,6 +530,8 @@ CWE-312 Cleartext Storage of Sensitive Information · CWE-732 Incorrect Permissi
|
|||
|
||||
## 9. Shadow Escape (Operant AI, October 2025)
|
||||
|
||||
**MITRE ATLAS:** AML.T0011 (User Execution)
|
||||
|
||||
### Description
|
||||
|
||||
Shadow Escape is a zero-click agentic attack class disclosed by Operant AI in October 2025
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue