Challenge: Model Context Protocol (MCP) introduces an easy-to-use ecosystem for users and developers, but it also brings underexplored safety risks.
Approach: They propose a framework that addresses the missing safety mechanisms in MCP and a taxonomy that captures diverse range of unsafe behaviors observed in MMP scenarios.
Outcome: The proposed framework improves safety performance on state-of-the-art LLMs by capturing unsafe behaviors and analyzing the results.

Similar Papers

Securing the Tool Layer: A Threat Taxonomy and Runtime Defense Framework for Model Context Protocol Deployments (2026.acl-industry)

Copied to clipboard

Challenge: Model Context Protocol (MCP) is the dominant standard for connecting large language models to external tools, databases, and services.
Approach: They propose a runtime security framework that performs real-time validation of MCP tool calls and responses.
Outcome: The proposed framework reduces attack success rates from 74% to under 9% for tool poisoning and from 47% to under6% for indirect prompt injection via tool responses.
MCP-Guard: A Multi-Stage Defense-in-Depth Framework for Securing Model Context Protocol in Agentic AI (2026.findings-acl)

Copied to clipboard

Challenge: Large Language Models (LLMs) are vulnerable to jailbreak, authors say . authors propose a robust, layered defense architecture designed for LLM–tool interactions .
Approach: They propose a robust, layered defense architecture designed for LLM–tool interactions . they propose XCP-Guard, which employs a three-stage detection pipeline .
Outcome: The proposed model achieves 96.01% accuracy in identifying adversarial prompts . the model is based on a three-stage detection pipeline that balances efficiency with accuracy .
SafeMCP: Proactive Power Regulation for LLM Agent Defense via Environment-Grounded Look-Ahead Reasoning (2026.acl-long)

Copied to clipboard

Challenge: Large Language Model (LLM) agents are expanding their action spaces to operate in complex environments.
Approach: They propose a server-side defense plugin that constrains tool acquisition via predictive reasoning regarding future safety risks.
Outcome: Experiments on PowerSeeking Bench, ToolEmu, and AgentHarm show that SafeMCP achieves a safe equilibrium, effectively mitigating risks while preserving agent utility.
MCP-Flow: Facilitating LLM Agents to Master Real-World, Diverse and Scaling MCP Tools (2026.acl-long)

Copied to clipboard

Challenge: Existing research on Large Language Models (LLMs) relies on few servers and lacks training support.
Approach: They propose a web-agent-driven pipeline for large-scale server discovery, data synthesis, and model training that collects and filters data from 1166 servers and 11536 tools.
Outcome: Empirical evidence shows that MCP-Flow generates higher quality instruction-function call pairs and higher agentic task performance than previous work.
Interpretation Meets Safety: A Survey on Interpretation Methods and Tools for Improving LLM Safety (2025.emnlp-main)

Copied to clipboard

Challenge: Existing surveys focus on interpretation or safety, but safety and understanding are core motivations for interpretation research.
Approach: They propose a framework that connects interpretation methods, enhancements they inform, and tools that operationalize them.
Outcome: The proposed framework summarizes nearly 70 studies at their intersections and concludes with open challenges and future directions.
Privacy in Action: Towards Realistic Privacy Mitigation and Evaluation for LLM-Powered Agents (2025.findings-emnlp)

Copied to clipboard

Challenge: Existing benchmarks for privacy performance of LLM agents are limited to static, simplified scenarios.
Approach: They propose a model-agnostic, contextual integrity based mitigation approach that effectively reduces privacy leakage from 36.08% to 7.30% on DeepSeek-R1 and from 33.06% to 8.32% on GPT-4o.
Outcome: The proposed approach reduces privacy leakage from 36.08% to 7.30% on DeepSeek-R1 and from 33.06% to 8.32% on GPT-4o while preserving task helpfulness.
MCPEval: Automatic MCP-based Deep Evaluation for AI Agent Models (2025.emnlp-demos)

Copied to clipboard

Challenge: Existing evaluation frameworks suffer from limitations such as static task benchmarks, limited scope, and inadequate integration with practical applications.
Approach: They propose an open-source, Model Context Protocol-based evaluation framework specifically tailored for comprehensive and systematic assessment of LLM-powered agents.
Outcome: The proposed framework uncovers nuanced performance patterns and identify domain-specific strengths and weaknesses, providing valuable insights beyond traditional binary success metrics.
ProMCP: Profiling Token Flows and Latency Costs in Model Context Protocol–Based LLM Agents (2026.findings-acl)

Copied to clipboard

Challenge: Large Language Models are increasingly used as agents that interact with external tools and data sources to solve tasks that require fresh knowledge, precise computation, or action in a real environment.
Approach: They propose a framework that decomposes the MCP workflow into a six-stage communication pipeline and enables granular attribution of computational costs.
Outcome: The proposed framework decomposes the MCP workflow into a six-stage communication pipeline, enabling granular attribution of computational costs.
Towards Identification and Intervention of Safety-Critical Parameters in Large Language Models (2026.findings-acl)

Copied to clipboard

Challenge: Existing safety-related methodologies for large language models are lacking . despite advances in safety alignment techniques, safeguarding LLMs during adaptation to various tasks remains a challenge.
Approach: They propose a framework to quantify how different parameters affect LLM safety . they propose two targeted intervention paradigms for safety enhancement and preservation .
Outcome: The proposed framework reveals safety-critical patterns across different LLM architectures.
USB: A COMPREHENSIVE AND UNIFIED SAFETY EVALUATION BENCHMARK FOR MULTIMODAL LARGE LANGUAGE MODELS (2026.acl-long)

Copied to clipboard

Challenge: Existing safety benchmarks fail to provide reliable assessments due to limited risk coverage, insufficient scale and the oversight of complex modality combinations.
Approach: They propose a framework that covers 61 risk categories across four modality interactions to address this gap.
Outcome: The proposed framework covers 61 risk categories across four distinct modality interactions.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations