{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,10]],"date-time":"2026-01-10T03:46:05Z","timestamp":1768016765821,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,10,13]]},"DOI":"10.1145\/3733802.3764057","type":"proceedings-article","created":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:38:21Z","timestamp":1763458701000},"page":"177-182","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["MSA: A Cross-MCP Privacy Attack via Memory Exfiltration of Large Language Models"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-9105-4884","authenticated-orcid":false,"given":"Yiheng","family":"Sun","sequence":"first","affiliation":[{"name":"Xi'an Jiaotong University, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-9028-9326","authenticated-orcid":false,"given":"Linkang","family":"Du","sequence":"additional","affiliation":[{"name":"Xi'an Jiaotong University, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6518-3130","authenticated-orcid":false,"given":"Zhou","family":"Su","sequence":"additional","affiliation":[{"name":"Xi'an Jiaotong University, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3810-7076","authenticated-orcid":false,"given":"Yuntao","family":"Wang","sequence":"additional","affiliation":[{"name":"Xi'an Jiaotong University, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6416-7697","authenticated-orcid":false,"given":"Han","family":"Liu","sequence":"additional","affiliation":[{"name":"Xi'an Jiaotong University, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-6149-2401","authenticated-orcid":false,"given":"Quan","family":"Zhao","sequence":"additional","affiliation":[{"name":"Xi'an Jiaotong University, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-1914-2066","authenticated-orcid":false,"given":"Xiaolin","family":"Niu","sequence":"additional","affiliation":[{"name":"Xi'an Jiaotong University, Xi'an, China"}]}],"member":"320","published-online":{"date-parts":[[2025,11,18]]},"reference":[{"key":"e_1_3_3_1_2_2","unstructured":"Anthropic. 2025. Model Context Protocol. https:\/\/modelcontextprotocol.io\/introduction."},{"key":"e_1_3_3_1_3_2","unstructured":"Anysphere. 2025. Cursor - The AI Code Editor. https:\/\/www.cursor.com"},{"key":"e_1_3_3_1_4_2","doi-asserted-by":"publisher","unstructured":"Islem Bouzenia and Michael Pradel. 2025. You Name It I Run It: An LLM Agent to Execute Tests of Arbitrary Projects. Proc. ACM Softw. Eng. 2 ISSTA Article ISSTA047 (June 2025) 23\u00a0pages. 10.1145\/3728922","DOI":"10.1145\/3728922"},{"key":"e_1_3_3_1_5_2","unstructured":"ByteDance. 2025. Trae - The AI Code Editor. https:\/\/www.trae.ai"},{"key":"e_1_3_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.23184"},{"key":"e_1_3_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00025"},{"key":"e_1_3_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/3696410.3714602"},{"key":"e_1_3_3_1_9_2","unstructured":"Mohamed\u00a0Amine Ferrag Norbert Tihanyi and Merouane Debbah. 2025. From llm reasoning to autonomous ai agents: A comprehensive review. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2504.19678 (2025)."},{"key":"e_1_3_3_1_10_2","unstructured":"Glama. 2025. Mcp servers glama. https:\/\/glama.ai\/mcp\/servers"},{"key":"e_1_3_3_1_11_2","unstructured":"Daya Guo Dejian Yang Haowei Zhang Junxiao Song Ruoyu Zhang Runxin Xu Qihao Zhu Shirong Ma Peiyi Wang Xiao Bi et\u00a0al. 2025. Deepseek-r1: Incentivizing reasoning capability in llms via reinforcement learning. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2501.12948 (2025)."},{"key":"e_1_3_3_1_12_2","unstructured":"Yichen He Guanhua Huang Peiyuan Feng Yuan Lin Yuchen Zhang Hang Li et\u00a0al. 2025. Pasa: An llm agent for comprehensive academic paper search. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2501.10120 (2025)."},{"key":"e_1_3_3_1_13_2","unstructured":"Sirui Hong Yizhang Lin Bang Liu Bangbang Liu Binhao Wu Ceyao Zhang Chenxing Wei Danyang Li Jiaqi Chen Jiayi Zhang et\u00a0al. 2024. Data interpreter: An llm agent for data science. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2402.18679 (2024)."},{"key":"e_1_3_3_1_14_2","unstructured":"Aaron Hurst Adam Lerer Adam\u00a0P Goucher Adam Perelman Aditya Ramesh Aidan Clark AJ Ostrow Akila Welihinda Alan Hayes Alec Radford et\u00a0al. 2024. Gpt-4o system card. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2410.21276 (2024)."},{"key":"e_1_3_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670293"},{"key":"e_1_3_3_1_16_2","unstructured":"mcp.so. [n. d.]. MCP Servers. https:\/\/mcp.so"},{"key":"e_1_3_3_1_17_2","unstructured":"Microsoft. 2025. Visual Studio Code. https:\/\/code.visualstudio.com\/"},{"key":"e_1_3_3_1_18_2","unstructured":"OpenAI. 2025. Introducing GPT-4.1 in the API. https:\/\/openai.com\/index\/gpt-4-1\/."},{"key":"e_1_3_3_1_19_2","unstructured":"Smithery.ai. 2025. Model Context Protocol Registry. https:\/\/smithery.ai\/"},{"key":"e_1_3_3_1_20_2","unstructured":"Hao Song Yiming Shen Wenxuan Luo Leixin Guo Ting Chen Jiashui Wang Beibei Li Xiaosong Zhang and Jiachi Chen. 2025. Beyond the Protocol: Unveiling Attack Vectors in the Model Context Protocol Ecosystem. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2506.02040 (2025)."},{"key":"e_1_3_3_1_21_2","unstructured":"Yashar Talebirad and Amirhossein Nadiri. 2023. Multi-agent collaboration: Harnessing the power of intelligent llm agents. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2306.03314 (2023)."},{"key":"e_1_3_3_1_22_2","doi-asserted-by":"crossref","unstructured":"Yuntao Wang Qinnan Hu Zhou Su Linkang Du Qichao Xu and Weiwei Li. 2025. Large model empowered metaverse: State-of-the-art challenges and opportunities. IEEE Network (2025).","DOI":"10.1109\/MNET.2025.3597127"},{"key":"e_1_3_3_1_23_2","doi-asserted-by":"crossref","unstructured":"Yuntao Wang Yanghe Pan Zhou Su Yi Deng Quan Zhao Linkang Du Tom\u00a0H Luan Jiawen Kang and Dusit Niyato. 2025. Large model based agents: State-of-the-art cooperation paradigms security and privacy and future trends. IEEE Communications Surveys & Tutorials (2025).","DOI":"10.1109\/COMST.2025.3576176"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","location":"Taipei Taiwan","acronym":"WPES '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 24th Workshop on Privacy in the Electronic Society"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3733802.3764057","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T18:55:41Z","timestamp":1767984941000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3733802.3764057"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,13]]},"references-count":22,"alternative-id":["10.1145\/3733802.3764057","10.1145\/3733802"],"URL":"https:\/\/doi.org\/10.1145\/3733802.3764057","relation":{},"subject":[],"published":{"date-parts":[[2025,10,13]]},"assertion":[{"value":"2025-11-18","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}