Huihao Jing1, Haoran Li🤗 1, Wenbin Hu1, Qi Hu1, Heli Xu2, Tianshu Chu2, Peizhao Hu2, Yangqiu Song1
🤗Corresponding author.
1Hong Kong University of Science and Technology
2Huawei Technologies
As Model Context Protocol (MCP) introduces an easy-to-use ecosystem for users and developers, it also brings underexplored safety risks. Its decentralized architecture, which separates clients and servers, poses unique challenges for systematic safety analysis. This paper proposes a novel framework to enhance MCP safety. Guided by the MAESTRO framework, we first analyze the missing safety mechanisms in MCP, and based on this analysis, we propose the Model Contextual Integrity Protocol (MCIP), a refined version of MCP that addresses these gaps. Next, we develop a fine-grained taxonomy that captures a diverse range of unsafe behaviors observed in MCP scenarios. Building on this taxonomy, we develop benchmark and training data that support the evaluation and improvement of LLMs' capabilities in identifying safety risks within MCP interactions. Leveraging the proposed benchmark and training data, we conduct extensive experiments on state-of-the-art LLMs. The results highlight LLMs' vulnerabilities in MCP interactions and demonstrate that our approach substantially improves their safety performance.
bash dp_eval.sh
Please kindly cite the following paper if you found our method and resources helpful!
@misc{jing2025mcipprotectingmcpsafety,
title={MCIP: Protecting MCP Safety via Model Contextual Integrity Protocol},
author={Huihao Jing and Haoran Li and Wenbin Hu and Qi Hu and Heli Xu and Tianshu Chu and Peizhao Hu and Yangqiu Song},
year={2025},
eprint={2505.14590},
archivePrefix={arXiv},
primaryClass={cs.CL},
url={https://arxiv.org/abs/2505.14590},
}
Please send any questions about the code and/or the method to [email protected]
███╗ ███╗ ██████╗ ██╗██████╗ ████╗ ████║██╔════╝ ██║██╔══██╗ ██╔████╔██║██║ ██║██████╔╝ ██║╚██╔╝██║██║ ██║██╔═══╝ ██║ ╚═╝ ██║╚██████╗ ██║██║ ╚═╝ ╚═╝ ╚═════╝ ╚═╝╚═╝