CFP last date
22 December 2025
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 22 December 2025

Submit your paper
Know more
The week's pick
Responsive image
A Hybrid Transformer-CNN Framework with Early and Late Fusion for Robust Skin Lesion Classification

Raihan Tanvir
Random Articles
Reseach Article

Robustness of Automated AI Agents Against Adversarial Context Injection in MCP

by Prudhvi Ratna Badri Satya, Ajay Guyyala, Vijay Putta, Krishna Teja Areti
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Number 56
Year of Publication: 2025
Authors: Prudhvi Ratna Badri Satya, Ajay Guyyala, Vijay Putta, Krishna Teja Areti
10.5120/ijca2025925957

Prudhvi Ratna Badri Satya, Ajay Guyyala, Vijay Putta, Krishna Teja Areti . Robustness of Automated AI Agents Against Adversarial Context Injection in MCP. International Journal of Computer Applications. 187, 56 ( Nov 2025), 1-14. DOI=10.5120/ijca2025925957

@article{ 10.5120/ijca2025925957,
author = { Prudhvi Ratna Badri Satya, Ajay Guyyala, Vijay Putta, Krishna Teja Areti },
title = { Robustness of Automated AI Agents Against Adversarial Context Injection in MCP },
journal = { International Journal of Computer Applications },
issue_date = { Nov 2025 },
volume = { 187 },
number = { 56 },
month = { Nov },
year = { 2025 },
issn = { 0975-8887 },
pages = { 1-14 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume187/number56/robustness-of-automated-ai-agents-against-adversarial-context-injection-in-mcp/ },
doi = { 10.5120/ijca2025925957 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2025-11-18T21:11:06.800537+05:30
%A Prudhvi Ratna Badri Satya
%A Ajay Guyyala
%A Vijay Putta
%A Krishna Teja Areti
%T Robustness of Automated AI Agents Against Adversarial Context Injection in MCP
%J International Journal of Computer Applications
%@ 0975-8887
%V 187
%N 56
%P 1-14
%D 2025
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Multi-agent systems based on the Model Context Protocol enable agents to share information, tool outputs, and memory across distributed servers. While this design supports complex tasks such as browsing, coding, and data entry, it also expands the attack surface through adversarial context injection. Malicious inputs can enter through web pages, APIs, files, or memory and persist across steps, making detection difficult. Existing defenses often target single prompts and fail to address multi-step persistence or crossserver propagation. To address this gap, a defense stack was introduced that combines schema checks, anomaly detection, trustweighted arbitration, and quarantine. Evaluation was conducted on WebArena, Mind2Web, and InjectBench using reproducible trials with clean and injected runs. Results showed a reduction in ASR from over 60% to as low as 16.3% and improvements in decision accuracy up to 62.7%, with modest overhead of 2.6–3.0 seconds per task. The findings highlight the importance of layered defenses, reproducible testing, and transparent reporting for safe deployment of automated agent networks.

References
  1. ALAA S ALNEMARI and SAMAH H ALAJMANI. Collaborative sql and json injection detection system using machine learning. Journal of Theoretical and Applied Information Technology, 103(11), 2025.
  2. Ludovic Arga, Franc¸ois B´elorgey, Arnaud Braud, Romain Carbou, Nathalie Charbonniaud, Catherine Colomes, Lionel Delphin-Poulat, David Excoffier, Christel Fauch´e, Thomas George, et al. Frugal ai: Introduction, concepts, development and open questions. ACM SIGKDD Explorations Newsletter, 27(1):72–111, 2025.
  3. Oriol Artime, Marco Grassia, Manlio De Domenico, James P Gleeson, Hern´an A Makse, Giuseppe Mangioni, Matjaˇz Perc, and Filippo Radicchi. Robustness and resilience of complex networks. Nature Reviews Physics, 6(2):114–131, 2024.
  4. Kshitiz Aryal, Maanak Gupta, Mahmoud Abdelsalam, Pradip Kunwar, and Bhavani Thuraisingham. A survey on adversarial attacks for malware analysis. IEEE Access, 2024.
  5. First Asici and Others. Towards role-based engineering for llm-enhanced mas. Journal Name, 2025.
  6. UweMBorghoff, Paolo Bottoni, and Remo Pareschi. Beyond prompt chaining: The tb-cspn architecture for agentic ai. Future Internet, 17(8):363, 2025.
  7. Alexandria Boyle. Experience replay algorithms and the function of episodic memory. Space, time, and memory, 2024.
  8. Zhe Sage Chen and Matthew AWilson. How our understanding of memory replay evolves. Journal of Neurophysiology, 129(3):552–580, 2023.
  9. Vignan Chintala and Tirunagari Puneeth Datta. Federated learning for privacy-preserving medical diagnosis on edge devices: A comprehensive research framework. 2025.
  10. Jan Clusmann, Dyke Ferber, Isabella C Wiest, Carolin V Schneider, Titus J Brinker, Sebastian Foersch, Daniel Truhn, and Jakob Nikolas Kather. Prompt injection attacks on vision language models in oncology. Nature Communications, 16(1):1239, 2025.
  11. Xiang Deng, Yu Gu, Boyuan Zheng, Shijie Chen, Samuel Stevens, Boshi Wang, Huan Sun, and Yu Su. Mind2web: Towards a generalist agent for the web. In Advances in Neural Information Processing Systems 36 (NeurIPS 2023), Datasets and Benchmarks Track. Neural Information Processing Systems Foundation, 2023.
  12. Zehang Deng, Yongjian Guo, Changzhou Han, Wanlun Ma, Junwu Xiong, Sheng Wen, and Yang Xiang. Ai agents under threat: A survey of key security challenges and future pathways. ACM Computing Surveys, 57(7):1–36, 2025.
  13. Tianyi Fu, Brian Jauw, and Mohan Sridharan. Combining llm, non-monotonic logical reasoning, and human-in-the-loop feedback in an assistive ai agent.
  14. Akhilesh Gadde. Ai agents: The autonomous workforce for automating workflows across industries.World Journal of Advanced Engineering Technology and Sciences, 15(2):2183– 2203, 2025.
  15. Christian Garbin and Oge Marques. Assessing methods and tools to improve reporting, increase transparency, and reduce failures in machine learning applications in health care. Radiology: Artificial Intelligence, 4(2):e210127, 2022.
  16. Muhammad Ahmad Hanif, Fizza Muhammad Aleem, Farheen Anwar, Mohtishim Siddique, Kashif Iqbal, Muhammad Sajjad, and Gulzar Ahmad. Bringing autonomy and cooperation together: A comparison of agentic ai systems and ai agents. Spectrum of Engineering Sciences, 3(8):59–68, 2025.
  17. Valentin Hofmann, Pratyusha Ria Kalluri, Dan Jurafsky, and Sharese King. Ai generates covertly racist decisions about people based on their dialect. Nature, 633(8028):147–154, 2024.
  18. Md Tamjid Hossain, Hung La, and Shahriar Badsha. Rampart: Reinforcing autonomous multi-agent protection through adversarial resistance in transportation. Journal on Autonomous Transportation Systems, 1(4):1–25, 2024.
  19. Hideaki Ishii, Yuan Wang, and Shuai Feng. An overview on multi-agent consensus under adversarial attacks. Annual Reviews in Control, 53:252–272, 2022.
  20. Arsalan Javeed, Cemal Yilmaz, and Erkay Savas. Microarchitectural side-channel threats, weaknesses and mitigations: a systematic mapping study. IEEE Access, 11:48945–48976, 2023.
  21. Wenyu Jiang and Fuwen Hu. Artificial intelligence agentenabled predictive maintenance: Conceptual proposal and basic framework. Computers, 14(8):329, 2025.
  22. Nathan S Johnson. Multi-agent llm systems for autonomous laboratory instrument operation. 2025.
  23. Sevinj Karimova and Ulviya Dadashova. The model context protocol: a standardization analysis for application integration. Journal of Computer Science and Digital Technologies, 1(1):50–59, 2025.
  24. Mirae Kim, ´ Etienne Charbonneau, and Jessica Sowa. The nonprofit starvation cycle: The extent of overhead ratios’ manipulation, distrust, and ramifications. Nonprofit and Voluntary Sector Quarterly, 54(1):151–175, 2025.
  25. Nicholas Ka-Shing Kong. Injectbench: An indirect prompt injection benchmarking framework. Master’s thesis, Virginia Tech, Blacksburg, VA, 2024. VTechWorks Electronic Theses and Dissertations.
  26. Xiangyi Kong, Peng Gao, Jing Wang, Yi Fang, and Kuo Chu Hwang. Advances of medical nanorobots for future cancer treatments. Journal of Hematology & Oncology, 16(1):74, 2023.
  27. Naveen Krishnan. Advancing multi-agent systems through model context protocol: Architecture, implementation, and applications. arXiv preprint arXiv:2504.21030, 2025.
  28. Apurva Kumar. Building autonomous ai agents based ai infrastructure. International Journal of Computer Trends and Technology, 72(11):116–125, 2024.
  29. Weifeng Li and Yidong Chai. Assessing and enhancing adversarial robustness of predictive analytics: An empirically tested design framework. Journal of Management Information Systems, 39(2):542–572, 2022.
  30. Richard Owoputi and Sandip Ray. Security of multi-agent cyber-physical systems: A survey. IEEE Access, 10:121465– 121479, 2022.
  31. Brandon Radosevich and John Halloran. Mcp safety audit: Llms with the model context protocol allow major security exploits. arXiv preprint arXiv:2504.03767, 2025.
  32. Partha Pratim Ray. A survey on model context protocol: Architecture, state-of-the-art, challenges and future directions. Authorea Preprints, 2025.
  33. David Segod, Ricardo Alvarez, Patrick McAllister, and Michael Peterson. Experiments of a diagnostic framework for addressee recognition and response selection in ideologically diverse conversations with large language models. 2024.
  34. Theophilus Siameh, Abigail Akosua Addobea, and Chun- Hung Liu. Context injection vulnerabilities and resource exploitation attacks in model context protocol. Authorea Preprints, 2025.
  35. Sudha Srinivasan, Nidhi Amonkar, Patrick D Kumavor, Deborah Bubela, and Kristin Morgan. Joystick-operated ride-on toy navigation training for children with hemiplegic cerebral palsy: A pilot study. The American Journal of Occupational Therapy, 78(4):7804185070, 2024.
  36. Stefan Stein, Michael Pilgermann, Simon Weber, and Martin Sedlmayr. Leveraging mds2 and sbom data for llm-assisted vulnerability analysis of medical devices. Computational and Structural Biotechnology Journal, 2025.
  37. Taichi Takemura, Ryo Yamamoto, and Kuniyasu Suzaki. Teepa: Tee is a cornerstone for remote provenance auditing on edge devices with semi-tcb. IEEE Access, 12:26536–26549, 2024.
  38. Xingyao Wang, Boxuan Li, Yufan Song, Frank F Xu, Xiangru Tang, Mingchen Zhuge, Jiayi Pan, Yueqi Song, Bowen Li, Jaskirat Singh, et al. Opendevin: An open platform for ai software developers as generalist agents. arXiv preprint arXiv:2407.16741, 3, 2024.
  39. Yuntao Wang, Yanghe Pan, Shaolong Guo, and Zhou Su. Security of internet of agents: Attacks and countermeasures. IEEE Open Journal of the Computer Society, 2025.
  40. Alexander Wei, Nika Haghtalab, and Jacob Steinhardt. Jailbroken: How does llm safety training fail? Advances in Neural Information Processing Systems, 36:80079–80110, 2023.
  41. First Wu, Second Zhu, and Third Liu. Agentic tool use with mind map memory. arXiv preprint arXiv:2502.01234, 2025.
  42. Xingyu Wu, Yunzhe Tian, Yuanwan Chen, Ping Ye, Xiaoshu Cui, Jingqi Jia, Shouyang Li, Jiqiang Liu, and Wenjia Niu. Curriculumpt: Llm-based multi-agent autonomous penetration testing with curriculum-guided task scheduling. Applied Sciences, 15(16):9096, 2025.
  43. Xiayu Xiang, Changchang Ma, Liyi Zeng, Wenying Feng, Yushun Xie, and Zhaoquan Gu. Uncovering multi-step attacks with threat knowledge graph reasoning. Security and Safety, 4:2024019, 2025.
  44. Shasha Yu, Fiona Carroll, and Barry L Bentley. Trust and trustworthiness: privacy protection in the chatgpt era. In Data Protection: The Wake of AI and Machine Learning, pages 103–127. Springer, 2024.
  45. Guorui Zhang, Chao Song, Liyuan Liu, Qiuyu Wang, and Chunquan Li. Transagent: Dynamizing transcriptional regulation analysis via multi-omics-aware ai agent. bioRxiv, pages 2025–04, 2025.
  46. Qian Zhang and Le Xie. Poweragent: A roadmap towards agentic intelligence in power systems. Authorea Preprints, 2025.
  47. Shuyan Zhou, Frank F Xu, Hao Zhu, Xuhui Zhou, Robert Lo, Abishek Sridhar, Xianyi Cheng, Yonatan Bisk, Daniel Fried, Uri Alon, et al. Webarena: A realistic web environment for building autonomous agents. arXiv preprint arXiv:2307.13854, 2023.
Index Terms

Computer Science
Information Sciences

Keywords

Automated AI agents Adversarial Context Injection Model Context Protocol (MCP) Robustness Anomaly Detection Defense Mechanisms

Powered by PhDFocusTM