MCP security risk: Session hijacking - OAuth Tutorial

- We also have session hijacking. That's when someone literally sees an ongoing session between an authorized MCP server and some other, some external service, and take over that entire session. This can happen if the MCP server is built to do it. So someone can build a malicious MCP server that hands over the session to some third party. So, normally, when you're working with it and you're logged in, everything is fine. But then someone may go in and be like, "No, I'm going to take over the session." And then suddenly, you lose control of the service and someone else is acting on your behalf within the service. This is something that can happen because the MCP server is working as that middle worker and because the LLM is doing the interaction with the service instead of you. If someone hijacks the session, you may not know for a long time. So there may be an entirely different thing happening out of your purvey while your LLM is not interacting with the service. So this, again, is a…