SSE Session Security
Agents leave open connections vulnerable to data leaks, hijacking, or unauthorized access during tool streaming.
Definition
SSE Session Security issues target the input layer of the Model Context Protocol (MCP). These attacks occur when tools stream data to agents using Server-Sent Events (SSE) or similar mechanisms without securing the session. Attackers can hijack open connections, access responses meant for other users, or inject streaming data into the agent’s context. Without proper validation, authentication, or session binding, SSE connections become a live entry point for data exfiltration or prompt manipulation.
This attack lives in the input layer of the MCP model, where streamed data is accepted by the agent as part of ongoing input.
How MCP Security Helps
Akto secures streaming workflows by validating SSE session bindings, testing tool endpoints for hijackability, and inspecting real-time agent-stream interactions for exposure risks. It simulates unauthorized access to open streams and flags tools that do not enforce strict authentication or output filtering.
