Prompt Injection Attack to Tool Selection in

Shi, Jiawen, Yuan, Zenghui, Tie, Guiyao, Zhou, Pan, Gong, Neil Zhenqiang, Sun, Lichao , journal =

1 Pith paper cite this work. Polarity classification is still indexing.

1 Pith paper citing it

browse 1 citing papers

representative citing papers

Prompts Don't Protect: Architectural Enforcement via MCP Proxy for LLM Tool Access Control

cs.CR · 2026-05-18 · unverdicted · novelty 6.0

MCP proxy enforces ABAC for LLM tool access by filtering discovery and invocation, achieving 0% unauthorized invocation rate across tested models and attacks where prompts reduce risk by only 11-18 points.

citing papers explorer

Showing 1 of 1 citing paper.

Prompts Don't Protect: Architectural Enforcement via MCP Proxy for LLM Tool Access Control cs.CR · 2026-05-18 · unverdicted · none · ref 7
MCP proxy enforces ABAC for LLM tool access by filtering discovery and invocation, achieving 0% unauthorized invocation rate across tested models and attacks where prompts reduce risk by only 11-18 points.

Prompt Injection Attack to Tool Selection in

fields

years

verdicts

representative citing papers

citing papers explorer