DVMCP
Abstract
Damn Vulnerable MCP Server (DVMCP) is a deliberately insecure implementation of the Model Context Protocol (MCP), built as an educational and research platform to expose and mitigate security vulnerabilities in AI-integrated systems. MCP enables structured context provision to Large Language Models (LLMs), but real-world deployments often introduce risks such as prompt injection, tool poisoning, and unauthorized access.
DVMCP simulates these flaws through 10 progressive challenges (Easy, Medium, Hard), allowing security researchers, developers, and AI safety professionals to practice exploitation and defense in a controlled environment. Built with Docker for easy deployment, it showcases critical attack vectors such as excessive permissions, rug-pull attacks, token theft, and multi-vector exploits.
At Black Hat Asia Arsenal, we will present major updates featuring identity-based attacks (e.g., exploiting user authentication in MCP flows), complex MCP-specific supply chain attacks, and a web-based UI dashboard for interactive challenge navigation, real-time monitoring, and analytics.
DVMCP bridges the gap in AI security training and research, empowering practitioners to build resilient LLM-integrated applications and providing an ideal platform for live demonstrations of emerging AI threats at Black Hat Asia Arsenal.