What is This?
Model Context Problems is a timeline documenting security incidents, vulnerabilities, and breaches in the Model Context Protocol (MCP) ecosystem. Think of it as a public service announcement, with a side of dry humor.
What is MCP?
The Model Context Protocol (MCP) is an open protocol that lets AI assistants interact with external tools, APIs, databases, and services. It's designed to give language models "context" about the world beyond their training data.
The idea is compelling: your AI assistant can check your calendar, read your emails, query databases, browse filesystems, and execute commands on your behalf. What could possibly go wrong?
Why Does This Site Exist?
As MCP adoption has grown, so has the discovery of critical security vulnerabilities. From prompt injection attacks that exfiltrate private data, to remote code execution flaws, to supply chain attacks targeting the ecosystem itself.
This site exists to:
- Document publicly disclosed security incidents in one place
- Raise awareness about the security challenges of agentic AI systems
- Provide a historical record for researchers and practitioners
- Remind everyone that "move fast and break things" hits different when AI agents have root access
Isn't This a Bit Cynical?
Maybe. But documenting security failures isn't about being negative, it's about learning from mistakes and building more secure systems. The tone might be tongue-in-cheek, but the incidents are real, and the lessons are valuable.
We're not saying MCP is fundamentally broken. We're saying that connecting AI agents to sensitive systems requires extremely careful security design, and the track record so far could be better.