What is Imcp

IMCP (Insecure Model Context Protocol) is a deliberately vulnerable framework designed for educational and research purposes, exposing 16 critical security vulnerabilities in AI/ML systems. It serves as a safe environment for hands-on learning about real-world AI vulnerabilities.

Use cases

Use cases of IMCP include training security researchers on AI vulnerabilities, developing secure AI applications, and educating students about the importance of AI security in real-world scenarios.

How to use

To use IMCP, users can set up the framework in a controlled environment and explore various vulnerabilities through practical exercises. It is recommended to avoid using sensitive data and deploying it in production environments.

Key features

Key features of IMCP include a focus on critical AI vulnerabilities such as model poisoning, prompt injection, embedding vector exploits, and RAG system weaknesses. It provides a controlled platform for security researchers, developers, and educators.

Where to use

IMCP is primarily used in educational settings, research institutions, and by security professionals who want to understand and mitigate AI security threats. It is not intended for production use.

IMCP - Insecure Model Context Protocol

An educational framework for understanding AI security vulnerabilities

⚠️ Educational Purposes Only

IMCP (Insecure Model Context Protocol) is a deliberately vulnerable application designed exclusively for educational and research purposes. It demonstrates critical AI security vulnerabilities. DO NOT deploy in production environments or use with sensitive data.

🔍 Overview

IMCP is an educational framework that exposes 16 critical security vulnerabilities in AI/ML model serving systems. It serves as a controlled, “vulnerable by design” platform for security researchers, developers, and educators to learn about and mitigate emerging AI threats.

Think of IMCP as the “DVWA for AI” — a safe environment where you can explore:

• Model Poisoning
• Prompt Injection
• Embedding Vector Exploits
• RAG System Weaknesses
• And many more…

🛡️ Vulnerabilities Demonstrated

Core AI Manipulation

• Model Poisoning: Malicious training data injection.
• Token Prediction Attacks: Exploiting token probability for sensitive data extraction.
• Multimodal Vulnerabilities: Cross-modal prompt leakage and metadata manipulation.
• Credential Vulnerabilities: Insecure authentication mechanisms in AI systems.

Information Disclosure

• Embedding Vector Attacks: Poisoning vector stores for unauthorized access.
• RAG Vulnerabilities: Exploiting document stores for cross-user data leakage.
• User Data Leakage: Unintended exposure of conversation histories.
• Model Capability Enumeration: Over-disclosure of internal model details.

Control Manipulation

• Context Manipulation: Unrestricted modifications to model contexts and system prompts.
• Prompt Injection: Techniques to bypass AI safety filters.
• Model Access Control Bypass: Elevation of privileges to access restricted functionalities.
• Model Chain Attacks: Exploiting chained model interactions.

📜 Test Suite

The test suite in test_vulnerabilities.py demonstrates each vulnerability with detailed explanations and examples. It includes:

• Model Poisoning: Injecting malicious data into model responses.
• Token Prediction: Extracting sensitive information character by character.
• Embedding Vector Attacks: Unauthorized access to sensitive embeddings.
• Context Manipulation: Modifying system prompts and configurations.
• Function Calling Vulnerabilities: Registering functions for remote code execution.
• RAG Vulnerabilities: Cross-user document access and manipulation.

📜 API Endpoints

• /imcp: Main JSON-RPC endpoint for IMCP functionality.
• /v1/chat/completions: OpenAI API-compatible endpoint.
• /v1/models: List available models.
• /v1/embeddings: Generate embeddings.
• /v1/auth/token: Authentication endpoint.
• /.well-known/imcp-configuration: Service discovery endpoint.

🚀 Getting Started

Prerequisites

• Python 3.8+
• OpenAI API Key (required for live examples)

Installation

Clone the repository and set up your environment:

# Clone the repository
git clone https://github.com/nav33n25/IMCP.git
cd imcp

# Create a virtual environment
python -m venv venv
source venv/bin/activate  # For Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Configure the environment
cp .env.example .env

# Edit .env to include your OpenAI API key

Running IMCP

Start the server and run the test suite:

# Start the IMCP server
python -m flask run --host=0.0.0.0 --port=5000

# In another terminal, run the test suite
python test_vulnerabilities.py

📚 Documentation

All the comprehensive guides are located in the documentation/ directory:

• Vulnerability Guide: Detailed explanations of each vulnerability.
• Exploitation Guide: Step-by-step instructions to reproduce each vulnerability.
• Mitigation Guide: Strategies and best practices to secure AI systems.

🌟 Key Features

• Realistic AI Service Implementation
• 16 Unique AI-Specific Security Vulnerabilities
• Comprehensive Test Suite for Demonstrations
• Detailed Documentation for In-Depth Learning
• Compatibility with Modern LLM APIs (e.g., OpenAI)
• Mock Mode for Cost-Free Testing

🤝 Contributing

We welcome contributions from the community! Areas where you can help include:

• Additional Vulnerability Demonstrations: New scenarios or enhancements.
• Improved Documentation: Detailed educational materials and guides.
• Integration: Support for other LLM providers.
• UI Enhancements: Better visualizations and user experience improvements.

Please check out our CONTRIBUTING.md for more details on how to get started.

📜 License

This project is licensed under the MIT License. See the LICENSE file for details.

⚠️ Disclaimer

IMCP is intentionally vulnerable software for educational purposes only. The creators are not liable for any misuse or damage caused by the use of this software.