Skip to content

Empirical evidence for Section 1 problem statement — MCP access control fails 48.5–68.5% under adversarial conditions #139

Description

@rohith88

Hi — sharing empirical research that directly supports the motivation for this framework.

The gap your draft addresses quantified:

Our paper "[title]" (arXiv:2605.18414, May 2026) benchmarks prompt-based access control in MCP-based agentic deployments across adversarial scenarios. Key finding: prompt-based access control fails in 48.5–68.5% of adversarial test cases, meaning agents invoke unauthorized tools despite explicit restrictions in their system prompt.

This directly quantifies the risk described in your Section 1 problem statement — that implementations "develop solutions in isolation" without proper identity and authorization infrastructure. The failure rate is the empirical baseline for what the status quo looks like without a framework like AIMS.

Specific relevance:

  • Your Authorization layer (Section X, OAuth 2.0 delegation) addresses exactly the enforcement gap we measured
  • Our findings support the urgency of moving beyond prompt-based policy to cryptographic authorization
  • The 48.5–68.5% failure range could serve as a concrete benchmark for evaluating whether implementations conforming to this framework reduce unauthorized tool invocation

Happy to share the full paper or specific benchmark methodology if useful for the references section or security considerations.

— Rohith Uppala | arXiv: https://arxiv.org/abs/2605.18414

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions