Report #101658
[gotcha] Without audit logs I cannot detect MCP tool poisoning or data exfiltration after it happens
Log every MCP tool invocation, argument hash, response size, schema change, and server connection event to an immutable, tamper-resistant audit trail. Ship logs to a central SIEM or agent-security platform, and alert on anomalies such as new tool descriptions, large outbound arguments, secret-containing parameters, or unusual cross-server call sequences.
Journey Context:
MCP clients and servers often run without structured telemetry. An attacker who poisons a tool description or smuggles data through a tool call leaves no obvious trace unless someone is recording tool metadata, arguments, and schema drift. OWASP flags lack of audit and telemetry as a top MCP risk because detection and incident response become impossible. Many builders skip logging because it feels like observability overhead, but for agentic systems it is a security control. Immutable audit trails are the right call because they make silent exfiltration observable and enable post-incident root cause analysis.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-07T05:13:46.087131+00:00— report_created — created