Invariant Labs A.I CyberSecurity Scoring
Invariant Labs
Company Information
Website:https://invariantlabs.ai
Employees number:6
Number of followers:0
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:invariantlabs.ai
Invariant Labs Risk Score (AI oriented)
Between 750 and 799
Invariant LabsTechnology, Information and Internet
Updated:
30/06/2026
30/06/2026
797/1000
Fair
Baa
Invariant Labs Global Score (TPRM)
xxxx
Invariant LabsTechnology, Information and Internet
Score locked

Invariant LabsFair
Current Score
797Baa (FAIR)
01000
1 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
797
JUNE 2026
797
MAY 2026
797
APRIL 2026
797
MARCH 2026
797
FEBRUARY 2026
797
JANUARY 2026
797
DECEMBER 2025
797
NOVEMBER 2025
797
OCTOBER 2025
797
SEPTEMBER 2025
796
AUGUST 2025
796
APRIL 2025
812
Vulnerability
01 Apr 2025 • Invariant Labs
Cursor, npm, Microsoft and Invariant Labs: Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
Microsoft Warns of AI Agent Hijacking via Poisoned Tool Descriptions
796
CRITICAL-16
NPMINVANYMIC1782858281
Microsoft Warns of AI Agent Hijacking via Poisoned Tool Descriptions
Microsoft’s Incident Response and Defender research teams have uncovered a stealthy attack vector targeting AI agents automated systems that perform tasks like sending emails, managing files, or accessing business data. By manipulating a tool’s description within the Model Context Protocol (MCP), attackers can silently exfiltrate sensitive company data without triggering security alerts.
### How the Attack Works
AI agents rely on MCP to interact with external tools, using plain-text descriptions to determine when and how to use them. These descriptions, however, can be altered to include hidden instructions. In a demonstrated scenario, an attacker modified a third-party "invoice enrichment" tool’s description to secretly collect and forward unpaid invoices to an external server. The agent, operating under the user’s permissions, executed the request as part of a routine task appearing legitimate at every step.
The attack exploits a fundamental trust gap: MCP blends instructions and data in the same space, making it difficult for agents to distinguish between valid commands and malicious ones. Since the tool itself remains approved and the actions appear normal, traditional security measures may fail to detect the breach.
### Real-World Precedents
This technique, dubbed "tool poisoning," has been documented in multiple proof-of-concept attacks:
- April 2025: Invariant Labs demonstrated how a poisoned calculator tool description could extract SSH keys via the Cursor editor.
- September 2025: Koi Security discovered a malicious npm package (postmark-mcp) that secretly BCC’d emails to an attacker after 15 clean releases.
- August 2025: The MCPTox benchmark tested 45 MCP servers and 20 AI models, finding a 72.8% success rate for such attacks, with models rarely refusing the malicious instructions.
OWASP now lists this as a key Agentic Supply Chain Vulnerability in its December 2025 Top 10 for AI applications.
### Mitigation Strategies
Microsoft recommends treating connected tools as part of the supply chain, with strict controls:
- Restrict tool access to approved publishers and specific, necessary functions.
- Review tool descriptions like code changes, scanning for unauthorized commands.
- Require human approval for high-risk actions (e.g., data sharing, financial transactions).
- Monitor agent activity with dedicated identities, logging actions and flagging anomalies.
- Apply "least agency" limiting an agent’s autonomy to reduce potential damage.
The research underscores a growing risk: as AI agents gain autonomy, their security hinges on the integrity of the tools they interact with a surface that remains vulnerable to manipulation.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Invariant Labs ??
What was Invariant Labs's A.I Rankiteo Cyber Score in June 2026 ??
What was Invariant Labs's A.I Rankiteo Cyber Score in May 2026 ??
What was Invariant Labs's A.I Rankiteo Cyber Score in April 2026 ??
What was Invariant Labs's A.I Rankiteo Cyber Score in March 2026 ??
What was Invariant Labs's A.I Rankiteo Cyber Score in February 2026 ??
What was Invariant Labs's A.I Rankiteo Cyber Score in January 2026 ??
What was Invariant Labs's A.I Rankiteo Cyber Score in December 2025 ??
What was Invariant Labs's A.I Rankiteo Cyber Score in November 2025 ??
What was Invariant Labs's A.I Rankiteo Cyber Score in October 2025 ??
What was Invariant Labs's A.I Rankiteo Cyber Score in September 2025 ??
What was Invariant Labs's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Invariant Labs's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Invariant Labs ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Invariant Labs's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?