Add defense against prompt injection attack

[zhilongwang]

Pre-submission Checklist

• I have verified this would not be more appropriate as a feature request in a specific repository
• I have searched existing discussions to avoid duplicates

Your Idea

Prompt injection is a significant security concern in any LLM application that processes user input.

I noticed that MCP has not deployed any prompt injection defenses in its framework.

I am researching the protection of LLM applications and have an idea: adopting randomization in prompts to mitigate prompt injection attacks. This approach is similar to ASLR in traditional software protection and introduces almost zero runtime overhead.

I am interested in contributing to the implementation of this feature and would like to hear your thoughts on it.

Scope

• Protocol Specification
• SDK Features
• Documentation
• Developer Experience
• Other

[Mehdi-Bl]

You seem confused over what MCP is and can do.

[olaservo]

Hey @zhilongwang, building on the other comment, I wanted to help clarify where something like this would probably fit.

MCP is primarily a communication protocol. It defines how LLMs connect to data sources and tools, but not how they process the content internally. Similar to how HTTP handles connections and data transfer on the web, but doesn't define how websites protect against things like XSS attacks.

Prompt injection defenses would typically live within the LLM service itself or in the application using the LLM.

Or, this could take the shape of specialized security libraries that work alongside MCP. Or maybe even an MCP server that offers prompt hardening as a service.

[Mehdi-Bl]

MCP is a wrapper over function calling this is how it interface with the model. This is not a wide open model.
I'm not sure if you get me over this. This is how it communicate with the model primarly. It's post the prompte. When the model want to communicate with the tools, it will call the tool thru MCP.