Papers with MCP
AgentMaster: A Multi-Agent Conversational Framework Using A2A and MCP Protocols for Multimodal Information Retrieval and Analysis (2025.emnlp-demos)
Copied to clipboard
| Challenge: | Recent advances in AI focus on multi-agent systems (MAS) that can be integrated with Large Language Models (LLMs) but current systems still face challenges of inter-agency communication, coordination, and interaction with heterogeneous tools and resources. |
| Approach: | They propose a modular multi-protocol MAS framework with self-implemented A2A and MCP . the framework supports natural language interaction without prior technical expertise . |
| Outcome: | The proposed framework supports natural language interaction without prior technical expertise and responds to multimodal queries for tasks including information retrieval, question answering, and image analysis. |
IDP Accelerator: Agentic Document Intelligence from Extraction to Compliance Validation (2026.acl-demo)
Copied to clipboard
Md Mofijul Islam, Md Sirajus Salekin, Joe King, Priyashree Roy, Vamsi Thilak Gudi, Spencer Romo, Akhil Nooney, Bob Strahan, Boyi Xie, Diego A. Socolinsky
| Challenge: | Large Language Models (LLMs) are inadequate for extracting structured insights from unstructured documents. |
| Approach: | They propose a framework enabling agentic AI for end-to-end document intelligence with four key components: DocSplit, configurable Extraction Module, and Rule Validation Module. |
| Outcome: | The proposed framework achieves 98% classification accuracy, 80% reduced processing latency, and 77% lower operational costs over legacy baselines. |
rosaOS: Agentic Operating System for Embodied LLMs (2026.acl-demo)
Copied to clipboard
| Challenge: | Existing LLM–robotic systems are tightly intertwined, making it difficult to switch hardware, add extra capabilities, or expand to multiple devices without bespoke integration. |
| Approach: | They propose an open-source agentic operating system for embodied LLMs . rosaOS integrates agentic tool-calling and ROS for robot interactions . |
| Outcome: | The proposed system integrates with the Reachy Mini robot and supports a multi-device setup with a quadruped robot, wheeled mobile robot, and smart lamp. |
Paper2Web: Let’s Make Your Paper Alive! (2026.acl-demo)
Copied to clipboard
| Challenge: | Current approaches to creating layout-aware, interactive academic webpages are limited. |
| Approach: | They propose a benchmark dataset and evaluation framework for assessing academic webpage generation that incorporates rule-based metrics like Connectivity, Completeness and PaperQuiz. |
| Outcome: | The proposed framework outperforms baselines like template-based webpages and arXiv/alphaXivo versions while maintaining low cost. |
Securing the Tool Layer: A Threat Taxonomy and Runtime Defense Framework for Model Context Protocol Deployments (2026.acl-industry)
Copied to clipboard
| Challenge: | Model Context Protocol (MCP) is the dominant standard for connecting large language models to external tools, databases, and services. |
| Approach: | They propose a runtime security framework that performs real-time validation of MCP tool calls and responses. |
| Outcome: | The proposed framework reduces attack success rates from 74% to under 9% for tool poisoning and from 47% to under6% for indirect prompt injection via tool responses. |
MCIP: Protecting MCP Safety via Model Contextual Integrity Protocol (2025.emnlp-main)
Copied to clipboard
| Challenge: | Model Context Protocol (MCP) introduces an easy-to-use ecosystem for users and developers, but it also brings underexplored safety risks. |
| Approach: | They propose a framework that addresses the missing safety mechanisms in MCP and a taxonomy that captures diverse range of unsafe behaviors observed in MMP scenarios. |
| Outcome: | The proposed framework improves safety performance on state-of-the-art LLMs by capturing unsafe behaviors and analyzing the results. |
MCP: Self-supervised Pre-training for Personalized Chatbots with Multi-level Contrastive Sampling (2022.findings-emnlp)
Copied to clipboard
| Challenge: | Existing studies focus on generating implicit user profiles from the user’s dialogue history, thus it suffers from data sparsity and performance degradation. |
| Approach: | They propose a self-supervised learning framework MCP for capturing better representations from users’ dialogue history for personalized chatbots. |
| Outcome: | The proposed model improves on two real-world datasets. |
Common Sense Beyond English: Evaluating and Improving Multilingual Language Models for Commonsense Reasoning (2021.acl-long)
Copied to clipboard
| Challenge: | Using multilingual language models, commonsense reasoning research has been limited to English. |
| Approach: | They propose a Mickey Probe task to evaluate commonsense across languages . they propose X-CSQA and XCODAH datasets to be translated to 14 languages based on the Mickey corpus . |
| Outcome: | The proposed method significantly improves sentence representations beyond English. |
AutoPenBench: A Vulnerability Testing Benchmark for Generative Agents (2025.emnlp-industry)
Copied to clipboard
Luca Gioacchini, Alexander Delsanto, Idilio Drago, Marco Mellia, Giuseppe Siracusano, Roberto Bifulco
| Challenge: | LLM agents are promising for vulnerability testing, but lack benchmarks to evaluate and compare them. |
| Approach: | They propose an open-source benchmark for the evaluation of vulnerability testing agents that includes 33 tasks ranging from introductory exercises to actual vulnerable systems. |
| Outcome: | The proposed benchmark includes 33 tasks ranging from introductory exercises to actual vulnerable systems. |
MCP-Guard: A Multi-Stage Defense-in-Depth Framework for Securing Model Context Protocol in Agentic AI (2026.findings-acl)
Copied to clipboard
Wenpeng Xing, Zhonghao Qi, Yupeng Qin, Yilin Li, Caini Chang, Jiahui Yu, Changting Lin, Zhenzhen Xie, Meng Han
| Challenge: | Large Language Models (LLMs) are vulnerable to jailbreak, authors say . authors propose a robust, layered defense architecture designed for LLM–tool interactions . |
| Approach: | They propose a robust, layered defense architecture designed for LLM–tool interactions . they propose XCP-Guard, which employs a three-stage detection pipeline . |
| Outcome: | The proposed model achieves 96.01% accuracy in identifying adversarial prompts . the model is based on a three-stage detection pipeline that balances efficiency with accuracy . |
MobileWorld: Benchmarking Autonomous Mobile Agents in Agent-User Interactive and MCP-Augmented Environments (2026.acl-long)
Copied to clipboard
Quyu Kong, Xu Zhang, Zhenyu Yang, Nolan Gao, Chen Liu, Panrong Tong, Chenglin Cai, Hanzhang Zhou, Jianan Zhang, Liangyu Chen, Zhidan Liu, Steven Hoi, Yue Wang
| Challenge: | AndroidWorld is the dominant mobile GUI agent evaluation benchmark, but its success rates are low . despite reproducible emulator environment, it lacks key application categories such as e-commerce and enterprise communication. |
| Approach: | They propose a benchmark for mobile GUI agents that reflects real-world usage through long-horizon, cross-application workflows. |
| Outcome: | The proposed framework achieves over 90% success rates, while AndroidWorld is the dominant benchmark. |
ACE-Router: Generalizing History-Aware Routing from MCP Tools to the Agent Web (2026.acl-long)
Copied to clipboard
Zhiyuan Yao, Zishan Xu, Yifu Guo, Zhiguang Han, Cheng Yang, Shuo Zhang, Weinan Zhang, Xingshan Zeng, Weiwen Liu
| Challenge: | Existing routers that use hardcoded tools are limited by scalability and generality bottlenecks. |
| Approach: | They propose a pipeline for training history-aware routers to empower precise navigation in large-scale ecosystems. |
| Outcome: | The proposed pipeline can train routers with dynamic context understanding to create the plug-and-play Light Routing Agent. |
Invisible Prompts, Visible Threats: Malicious Font Injection in External Resources for Large Language Models (2025.findings-emnlp)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) are increasingly equipped with capabilities of real-time web search and integrated with protocols like the Model Context Protocol (MCP). |
| Approach: | They investigate the vulnerability of Large Language Models to hidden adversarial prompts . they evaluate two critical attack scenarios: malicious content relay and sensitive data leakage . |
| Outcome: | The proposed extension could introduce new security vulnerabilities. |
SafeMCP: Proactive Power Regulation for LLM Agent Defense via Environment-Grounded Look-Ahead Reasoning (2026.acl-long)
Copied to clipboard
| Challenge: | Large Language Model (LLM) agents are expanding their action spaces to operate in complex environments. |
| Approach: | They propose a server-side defense plugin that constrains tool acquisition via predictive reasoning regarding future safety risks. |
| Outcome: | Experiments on PowerSeeking Bench, ToolEmu, and AgentHarm show that SafeMCP achieves a safe equilibrium, effectively mitigating risks while preserving agent utility. |
“Where Does This Strange Smell Come from?”: Enabling Conversational Interfaces for Artificial Olfaction (2025.findings-emnlp)
Copied to clipboard
| Challenge: | Existing Artificial Olfaction (AO) systems are not compatible with smart home scenarios due to diverse obstacles and the need for natural interaction. |
| Approach: | They propose to use large language models to train a CIAO system for Odor Classification and Odor Source Localization in smart home scenarios. |
| Outcome: | The proposed system outperforms existing systems in indoor event detection scenarios. |
Reliably Bounding False Positives: A Zero-Shot Machine-Generated Text Detection Framework via Multiscaled Conformal Prediction (2025.acl-long)
Copied to clipboard
| Challenge: | Existing methods focus excessively on detection accuracy, neglecting the societal risks posed by high false positive rates (FPRs). |
| Approach: | They propose a Conformal Prediction framework that constrains the upper bound of false positive rates and introduces a real-time detection framework. |
| Outcome: | The proposed framework reduces false positive rates and improves detection performance. |
Beyond Quantity: Trajectory Diversity Scaling for Code Agents (2026.findings-acl)
Copied to clipboard
Guhong Chen, Chenghao Sun, Cheng Fu, Qiyao Wang, Zhihong Huang, ChaoPeng Wei, Guangxu Chen, Feiteng Fang, Ahmadreza Argha, Bing Zhao, Xander Xu, Qi Han, Hamid Alinejad-Rokny, Qiang Qu, Binhua Li, Shiwen Ni, Min Yang, HU Wei, Yongbin Li
| Challenge: | Code large language models (LLMs) are becoming tool-interactive agents . quantity-centric scaling exhibits an early bottleneck that underutilizes trajectory data . et al.: a new approach to scale trajectory diversity improves tool-use generalization . |
| Approach: | They propose a Trajectory Diversity Scaling-based data synthesis framework for code agents that scales performance through diversity rather than raw volume. |
| Outcome: | Experiments on general tool-use benchmarks and code agent tasks show that TDScaling improves tool-user generalization and inherent coding proficiency. |
Privacy in Action: Towards Realistic Privacy Mitigation and Evaluation for LLM-Powered Agents (2025.findings-emnlp)
Copied to clipboard
Shouju Wang, Fenglin Yu, Xirui Liu, Xiaoting Qin, Jue Zhang, Qingwei Lin, Dongmei Zhang, Saravan Rajmohan
| Challenge: | Existing benchmarks for privacy performance of LLM agents are limited to static, simplified scenarios. |
| Approach: | They propose a model-agnostic, contextual integrity based mitigation approach that effectively reduces privacy leakage from 36.08% to 7.30% on DeepSeek-R1 and from 33.06% to 8.32% on GPT-4o. |
| Outcome: | The proposed approach reduces privacy leakage from 36.08% to 7.30% on DeepSeek-R1 and from 33.06% to 8.32% on GPT-4o while preserving task helpfulness. |
Tool Preferences in Agentic LLMs are Unreliable (2025.emnlp-main)
Copied to clipboard
Kazem Faghih, Wenxiao Wang, Yize Cheng, Siddhant Bharti, Gaurang Sriramanan, Sriram Balasubramanian, Parsa Hosseini, Soheil Feizi
| Challenge: | Large language models (LLMs) can now access a wide range of external tools thanks to the Model Context Protocol (MCP). |
| Approach: | They expose a vulnerability in prevalent tool/function-calling protocols by editing tool descriptions to find out which tools are used by LLMs. |
| Outcome: | The proposed changes in the tool descriptions can increase the usage of tools from LLMs when competing with alternatives. |
SGVEF-LOOP: Coverage-Guided Progressive Topological Exploration and Fact-Grounded Metamorphic Evaluation for MCP Agents (2026.acl-long)
Copied to clipboard
| Challenge: | Existing frameworks for modeling agents are inadequate for comprehensive evaluation . evaluation of 8 diverse MCP Agents reveals capability stratification and behavioral anomalies . |
| Approach: | They propose a coverage-guided framework for progressive topological exploration and fact-augmented metamorphic testing that exploits sparse regions using adaptive sampling and dual-constraint validation. |
| Outcome: | The proposed framework achieves 100% coverage and 80.54% of the theoretical transition bound. |
TPS-Bench: Evaluating AI Agents’ Tool Planning & Scheduling Abilities in Compounding Tasks (2026.acl-long)
Copied to clipboard
| Challenge: | Large language model (LLM) agents have demonstrated strong problem-solving competence across domains like research and coding. |
| Approach: | They propose to use a tool repository to analyze the ability of large language model agents to solve complex problems. |
| Outcome: | The proposed model outperforms open-source and closed-source models in task completion rate and efficiency. |
ProMCP: Profiling Token Flows and Latency Costs in Model Context Protocol–Based LLM Agents (2026.findings-acl)
Copied to clipboard
| Challenge: | Large Language Models are increasingly used as agents that interact with external tools and data sources to solve tasks that require fresh knowledge, precise computation, or action in a real environment. |
| Approach: | They propose a framework that decomposes the MCP workflow into a six-stage communication pipeline and enables granular attribution of computational costs. |
| Outcome: | The proposed framework decomposes the MCP workflow into a six-stage communication pipeline, enabling granular attribution of computational costs. |