Rug Pull Attacks
Backends change tool behavior mid-session, breaking trust assumptions and enabling unexpected execution paths.
Definition
Rug Pull Attacks target the execution layer of the Model Context Protocol (MCP). In these attacks, the behavior of an MCP-connected tool changes after initial registration or midway through an active session. What began as a benign and trusted tool may suddenly return harmful outputs or trigger unauthorized actions. This breaks the model’s assumption that tool behavior is consistent and predictable, leading to silent execution of malicious logic.
This type of attack lives in the execution layer of the MCP model, where agents trust tool behavior based on initial metadata or past performance.
How MCP Security Helps
Akto defends against Rug Pull Attacks by continuously monitoring tool behavior for consistency. It tracks each MCP server’s response patterns across sessions and flags any drift from its declared capabilities or schema. If a tool’s behavior changes unexpectedly, Akto blocks further invocations and alerts security teams. By validating tool behavior in real time, Akto ensures agents are not exposed to sudden shifts in logic or intent.
