ShareLock: A Stealthy Multi-Tool Threshold Poisoning Attack Against MCP
How attackers hide harmful instructions across multiple AI tools to avoid detection
Researchers discovered a new attack method called ShareLock that splits malicious instructions into harmless-looking pieces hidden across multiple AI tools, making it nearly impossible to spot by inspection or automated systems. The attack succeeded over 90% of the time against major AI language models and only requires a small trigger during a routine system update to activate the hidden instructions and steal data or compromise systems.
As AI assistants increasingly rely on external tools and integrations to function, this attack reveals a critical blind spot in how these systems are secured. Organizations deploying AI agents with tool access need to know that current inspection methods—manual review or automated scanning—won't catch poisoning hidden across multiple tools, which means their defensive strategies are currently insufficient and could leave them vulnerable to data theft or system compromise.