Blog

We tested 6 AI models for prompt injection via MCP tool calls. Half were compromised.

We embedded a prompt injection payload in a realistic document and tested whether models with MCP tool access would follow the injected instructions. Llama 3.1 8B executed all three attack commands. Here's what happened.