Nothing verifies that a tool's description is what its publisher wrote, and researchers have repeatedly demonstrated poisoning attacks against MCP clients. CTMS is a signing and verification scheme that prevents these attacks at runtime.
AI in the Open
Standards, specifications, and open-source infrastructure that shape how AI is built and regulated. From community-driven specs to the frameworks emerging under new regulation worldwide.
- Tool Metadata Poisoning: An Unresolved Attack Surface in MCP