MCPHunt: Benchmarking Credential Leakage in Multi-Server MCP Agents

A new benchmark called MCPHunt has been developed by researchers to identify non-adversarial credential propagation across multi-server MCP (Model Context Protocol) trust boundaries. This framework tackles an information-flow control challenge, where benign read/write permissions can unintentionally leak credentials between servers due to structural effects rather than malicious intent. MCPHunt presents three key innovations: (1) canary-based taint tracking that simplifies propagation detection to straightforward string matching; (2) a controlled environment design that includes risky, benign, and hard-negative scenarios to ensure pipeline integrity and manage credential-format issues; and (3) CRS (Credential Risk Stratification), which differentiates between task-mandated and policy-violating propagation. This benchmark focuses on isolating verbatim credential leakage, laying the groundwork for assessing cross-boundary data propagation in multi-server systems. The study is accessible on arXiv, ID 2604.27819.