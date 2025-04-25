AI agents are projected to revolutionize the AI online experience, performing tasks and chores we’ve asked them to do in the background while we’re doing something more productive or enjoyable.

However, it has recently been proven that AI agent infrastructure could be used to perform unsolicited actions on our behalf.

A group of security researchers at ExtensionTotal has found a suspicious Google Chrome extension that can perform actions without requiring any permission from the user or being spotted by Chrome’s security measures.

They shared their findings in a Medium article published on April 24.

Model Context Protocol, the Engine Behind AI Agents

The suspicious Chrome extension communicated with a Model Context Protocol (MCP) server running on the local machine.

MCP is an open standard introduced in November 2024 by Anthropic, the maker of several generative AI models and the AI chatbot Claude.

MPC servers are used to manage and leverage contextual information within a model’s operation.

The MCP architecture consists of an MCP host running locally and several MCP servers. The host, which acts as the agent, can be an AI-powered application (e.g. Claude Desktop), the large language model you’re running on your device or an integrated development environment (IDE) like Microsoft’s Visual Studio.

This host connects to various MCP Servers, each providing access to a different tool or resource. The MCP Servers can be categorized into two types: those that access local resources, such as a file system or database on the host computer, and those that interact with remote resources, including application programming interfaces (APIs) or cloud services available over the internet.

All communication between the host and servers happens over the standardized MCP Protocol, which ensures compatibility and structured responses.