Broken Authorization
LLMs invoke backend actions they should not, due to missing or bypassed authorization checks.
Definition
Broken Authorization is an attack on the output layer of the Model Context Protocol (MCP). It occurs when an agent is allowed to perform actions or access data through a tool without validating whether the user or calling context has the right permissions. This can lead to data leaks, unauthorized transactions, or privilege escalation, especially when tools assume the agent is always operating within scope.
This type of attack lives in the output layer of the MCP model, where data is returned or actions are completed without confirming proper authorization at the point of access.
How MCP Security Helps
Akto detects broken authorization paths by testing tool endpoints across different roles and access levels. It verifies whether sensitive operations are gated by proper checks and flags any instance where tools return data or perform actions outside the permitted context. Akto also monitors token propagation between agents and tools to identify over-scoped or misused credentials.
