Definition
An attack that breaks the access controls on a Model Context Protocol server, allowing an unauthorized user or agent to execute database operations or access resources beyond what their role should permit. This converts a tool-isolation mechanism into a privilege escalation vector.
Why it matters
MCP scope enforcement is the primary boundary preventing AI agents from accessing sensitive data they should not reach. If an agent can bypass scope enforcement, it can read, modify, or delete entire databases that the organization intended to protect.