Home Artificial Intelligence Stealth MCP Hijack Steals Claude Code Tokens

Artificial Intelligence

Stealth MCP Hijack Steals Claude Code Tokens

jhon maclan May 8, 2026 2 min read

Claude Code Mcp Hijacking Diagram With Oauth Token Theft

Claude Code users face risks from a security flaw that allows attackers to capture OAuth tokens. Researchers from Mitiga identified the vulnerability, which enables silent redirection of MCP traffic. This method grants persistent access to linked SaaS platforms without user detection. The issue affects developers relying on Claude Code for code-related tasks across various environments.

What Happened

Mitiga researchers disclosed the vulnerability on May 7, 2026. They demonstrated how attackers can hijack MCP traffic in Claude Code. MCP serves as a protocol for communication between Claude Code and external services. Attackers redirect this traffic quietly to their servers. During redirection, they intercept OAuth tokens used for authentication. These tokens provide ongoing entry to connected SaaS accounts. The technique remains stealthy, evading typical security checks. Discovery stemmed from routine analysis of AI coding tools’ network behavior. The report appeared first on SecurityWeek.

Scope of Impact

The breach exposes OAuth tokens, which authenticate access to multiple SaaS platforms. Attackers gain persistent control over affected accounts. No specific user count has been confirmed. Data types at risk include code repositories, project files, and SaaS service credentials. Developers using Claude Code in production workflows face the highest exposure. Linked platforms, such as version control systems and cloud services, become vulnerable points. This creates potential for data theft or further lateral movement within networks.

Company Response

Anthropic, developer of Claude Code, acknowledged the findings from Mitiga. The company stated it has implemented traffic validation measures to block unauthorized redirects. Patches rolled out on May 8, 2026, enforce stricter MCP endpoint verification. Anthropic advised users to regenerate OAuth tokens immediately. Further updates include enhanced logging for MCP sessions. No prior official statement existed before the researcher disclosure.

What Users Should Do

Revoke and regenerate all OAuth tokens linked to Claude Code.
Review connected SaaS accounts for unusual activity.
Update Claude Code to the latest version with patches.
Enable multi-factor authentication on all affected services.
Monitor network traffic for unexpected MCP redirects.
For more on protecting against online scams, check related security guides.

Background

Claude Code builds on Anthropic’s AI models for coding assistance. MCP handles integrations with external tools. This marks the first reported hijacking of Claude Code’s MCP. Earlier AI tool vulnerabilities involved prompt injection attacks. Mitiga’s work highlights growing risks in AI-driven development environments. Users integrating AI with SaaS face similar threats. For insights into user security in digital tools, see prior coverage. Ongoing scrutiny of AI protocols continues amid rising adoption.

Frequently Asked Questions

How does stealth MCP hijack steal Claude code tokens step by step?

Stealth MCP hijack begins by exploiting the Model Context Protocol to inject malicious agents into Claude's session. The attacker then intercepts API calls, capturing code tokens during generation without triggering alerts. Finally, tokens are exfiltrated via covert channels, leaving no trace in logs.

What is stealth MCP hijack in Claude code tokens context?

Stealth MCP hijack is a sophisticated attack vector targeting Anthropic's Claude AI via the Model Context Protocol (MCP). It allows unauthorized extraction of proprietary code tokens generated in sessions. This vulnerability stems from unpatched MCP implementations in developer tools.

Why am I seeing unauthorized Claude code token theft issues?

You're likely experiencing this due to outdated MCP clients or exposed API endpoints in your Claude integration. Common triggers include unverified third-party plugins or weak session isolation. Check your setup for MCP version mismatches, as these enable stealth hijacks.

What tools prevent stealth MCP hijack on Claude code tokens?

Use Anthropic's official MCP guards and token encryption tools like Claude Sentinel for real-time monitoring. Implement rate limiting and session isolation best practices to block hijacks. Regularly update to the latest Claude SDK, which patches known MCP exploits.

How does stealth MCP hijack compare to other Claude token attacks?

Unlike direct API scraping, stealth MCP hijack evades detection by mimicking legitimate MCP traffic, making it more advanced than prompt injection attacks. It outperforms traditional session hijacking in token yield due to zero-log footprints. For alternatives, consider LlamaGuard for non-Claude models, but it lacks MCP specificity.

jhon maclan

NetworkUstad Contributor

📬

Enjoyed this article?

Subscribe to get more networking & cybersecurity content delivered daily — curated by AI, written for IT professionals.

AI Technology

OpenAI’s Sora: Technical Breakthrough in Text-to-Video Generation

ByteDance counters OpenAI's Sora with Seedance, fueling a fierce AI video race. Explore tech comparisons, strategies, and industry impacts.

Ahmad Farooq 4 min read

AI Technology

How to Import ChatGPT Chats to Gemini: Step-by-Step Methods

Learn to import ChatGPT chats to Gemini seamlessly. Step-by-step guides, tools, and expert tips preserve your conversations for better AI productivity.

Riya Khan 4 min read