Every tool call is an attack surface. VECTOR finds the gaps. Tool description poisoning, parameter injection, SSRF, data exfiltration, server impersonation, authentication bypass, and registry poisoning — weaponised for authorised red team engagements.
VECTOR targets the Model Context Protocol — the emerging standard for AI tool integration. Every MCP server, every tool description, every parameter schema, every authentication flow — all exploitable. VECTOR finds the gaps between what MCP promises and what it actually secures.
Inject malicious instructions into MCP tool descriptions. Manipulate AI behaviour through crafted tool metadata. Exploit trust in tool registries to alter agent decisions.
Inject payloads through MCP tool parameters. Exploit insufficient input validation. Parameter type confusion. Schema bypass. Nested object injection.
Force MCP servers to make unintended requests. Internal network scanning via tool calls. Cloud metadata endpoint access. Service-to-service exploitation.
Extract sensitive data through MCP tool responses. Conversation history leakage. Context window exfiltration. Cross-session data theft via tool abuse.
Impersonate legitimate MCP servers. Man-in-the-middle tool calls. Rogue server injection. Trust chain exploitation. Credential harvesting via fake tools.
Bypass MCP authentication mechanisms. Token theft. Session hijacking. OAuth flow exploitation. API key extraction from tool configurations.
Poison MCP tool registries. Supply chain attacks on tool packages. Typosquatting tool names. Malicious tool updates. Registry trust exploitation.
Standard mode detects. UNLEASHED exploits. Ed25519 crypto. Dual-gate safety. One operator.
Maps MCP attack surfaces. Identifies vulnerable tool descriptions and parameter schemas. No exploitation. Reports only.
Plans full MCP exploitation campaigns. Shows exactly what would work. Ed25519 required. No execution.
Cryptographic override. Private key controlled. One operator. Founder's machine only.
THIS TOOL IS FOR AUTHORISED SECURITY TESTING ONLY. EVERY EXECUTION IS SIGNED AND LOGGED.
7 subsystems. 172 tests. MCP protocol exploitation. The tool that proves your AI tool integrations aren't safe.