Integration for security testing via GitHub Copilot in VS Code, allowing automated vulnerability testing and exploitation through pre-configured MCP tools.
Built on Node.js as the runtime environment for the vulnerable MCP server implementation.
Integration with Salesforce demonstrated through a vulnerable 'Salesforce Connector' that can be exploited through server name collision attacks.
Framework built with TypeScript, exposing type-safe vulnerability demonstrations for educational purposes.
Uses Zod for schema validation with intentionally bypassable validation to demonstrate security vulnerabilities.
⚠️ WARNING: This is a deliberately vulnerable application. DO NOT deploy in production!
Welcome to IMCP – a deliberately vulnerable framework that exposes 14 critical security weaknesses in MCP Servers. Whether you're a security researcher, developer, or educator, IMCP is your playground for hands-on learning about real-world AI MCP vulnerabilities.
IMCP (Insecure Model Context Protocol) specifically designed for the emerging world of AI Model Context Protocol (MCP) security.
IMCP provides a safe, legal environment to explore, understand, and learn how to exploit and defend against MCP vulnerabilities.
🏫 Educational Focus: Learn MCP security in a controlled environment
💼 Business Realistic: Vulnerabilities presented in real-world business contexts
🎓 Progressive Learning: From basic concepts to advanced attack techniques
🛡️ Defensive Mindset: Every vulnerability includes prevention strategies
🤝 Community Driven: Open source and continuously updated by security researchers
IMCP exposes 14 critical MCP security vulnerabilities across 5 major categories:
Direct Prompt Injection - Corporate Knowledge Base Data Exposure
Jailbreak Prompt Injection - AI Executive Assistant Social Engineering
Tool Response Injection - Marketing Intelligence Platform Manipulation
Tool Poisoning - Software Development Hidden Backdoor
Rug Pull Attack - HR Benefits Manager Betrayal
Tool Shadowing - Enterprise Security Vault Impersonation
Context Leakage - Customer Service Cross-Tenant Data Breach
Boundary Confusion - Customer Data Processing Context Mixing
Session ID Exposure - Corporate SSO Portal Data Leakage
Server Name Collision - Salesforce Connector Deception
Configuration Drift - Enterprise Config Manager Settings Exposure
Metadata Manipulation - Enterprise Document Manager Access Escalation
Consent Fatigue Exploitation - Progressive Permission Escalation
Instruction Override - Security Compliance Scanner Privilege Escalation
Node.js 18+
TypeScript
VS Code with GitHub Copilot (recommended)
IMCP is designed to work seamlessly with GitHub Copilot in VS Code:
Open VS Code in the project directory
Ensure GitHub Copilot is enabled
MCP Configuration is automatically loaded from .vscode/mcp.json
Start testing: Ask Copilot to "Use the vulnerability-summary tool"
Corporate Data Exposure:
AI Social Engineering:
Tool Backdoor Exploitation:
For detailed step-by-step testing instructions, see: GITHUB_COPILOT_TESTING_GUIDE.md
After using IMCP, you will understand:
How MCP vulnerabilities are exploited in real business contexts
Progressive attack techniques that build trust before exploitation
Human psychology factors in AI security (consent fatigue, authority claims)
Financial consequences of MCP security failures
Regulatory compliance violations (GDPR, HIPAA, SOX)
Competitive intelligence and corporate espionage risks
Input validation and sanitization best practices
Proper authorization and access control implementation
Secure MCP server development patterns
Recognition of social engineering patterns in AI interactions
Critical thinking about AI tool trust and verification
Risk assessment for AI integration in business environments
MCP SDK: Model Context Protocol implementation
TypeScript: Type-safe vulnerability demonstrations
Zod: Schema validation (intentionally bypassable)
Node.js: Runtime environment
VS Code: Integrated development and testing environment
Corporate knowledge bases and document management
HR systems and employee data processing
Customer service and CRM integrations
IT security and infrastructure management
Financial systems and compliance reporting
Trust Building - Tools appear helpful and legitimate initially
Gradual Escalation - Permissions and access increase over time
Full Exploitation - Complete compromise demonstrated
Educational Revelation - Attack explanation and defense strategies
Red Flags Training - Learn to recognize attack indicators
Business Impact Analysis - Understand real-world consequences
Mitigation Strategies - Practical defense implementations
Compliance Considerations - Regulatory and legal implications
We welcome contributions from the security research community!
New Vulnerabilities: Discover and implement new MCP attack vectors
Enhanced Scenarios: Create more realistic business contexts
Educational Content: Improve learning materials and documentation
Testing Tools: Build automated vulnerability testing frameworks
Educational Purpose: All contributions must be for educational use only
Realistic Context: Vulnerabilities should reflect real-world scenarios
Comprehensive Documentation: Include attack explanation and defense strategies
Ethical Guidelines: Follow responsible disclosure and educational ethics
See CONTRIBUTING.md for detailed contribution guidelines.
🎯 Vulnerabilities: 14 critical MCP security flaws
💼 Business Scenarios: 10+ realistic enterprise contexts
🎓 Learning Modules: Progressive difficulty levels
🛡️ Defense Strategies: Comprehensive mitigation guidance
📱 Platform Support: VS Code + GitHub Copilot integration
This project is licensed under the MIT License - see the LICENSE file for details.
Additional Educational Use Clause: This software is intended for educational and research purposes only. Commercial use requires explicit permission from the maintainers.
🔓 IMCP - Making AI MCP Security Education Accessible to Everyone
Learn. Practice. Secure.
⭐ Star this repository if IMCP helps you learn MCP security!
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
Welcome to IMCP – a deliberately vulnerable framework that exposes 14 critical security weaknesses in MCP Servers. Whether you're a security researcher, developer, or educator, IMCP is your playground for hands-on learning about real-world AI MCP vulnerabilities.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/nav33n25/IMCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server