Search papers, labs, and topics across Lattice.
This paper introduces MCP-38, a novel threat taxonomy comprising 38 threat categories specifically designed for Model Context Protocol (MCP) systems. The taxonomy was rigorously derived through a four-phase methodology encompassing protocol decomposition, cross-mapping with existing frameworks (STRIDE, OWASP LLM/Agentic Top 10), real-world incident analysis, and remediation-surface categorization. MCP-38 effectively addresses critical semantic attack vectors unique to MCP, such as tool description poisoning and parasitic tool chaining, which are not adequately covered by existing threat models.
Existing threat models fail to capture the unique vulnerabilities of Model Context Protocol systems, but MCP-38 fills this gap with a comprehensive taxonomy of 38 distinct threat categories.
The Model Context Protocol (MCP) introduces a structurally distinct attack surface that existing threat frameworks, designed for traditional software systems or generic LLM deployments, do not adequately cover. This paper presents MCP-38, a protocol-specific threat taxonomy consisting of 38 threat categories (MCP-01 through MCP-38). The taxonomy was derived through a systematic four-phase methodology: protocol decomposition, multi-framework cross-mapping, real-world incident synthesis, and remediation-surface categorization. Each category is mapped to STRIDE, OWASP Top 10 for LLM Applications (2025, LLM01--LLM10), and the OWASP Top 10 for Agentic Applications (2026, ASI01--ASI10). MCP-38 addresses critical threats arising from MCP's semantic attack surface (tool description poisoning, indirect prompt injection, parasitic tool chaining, and dynamic trust violations), none of which are adequately captured by prior work. MCP-38 provides the definitional and empirical foundation for automated threat intelligence platforms.
