dvmcp

What is this MCP

Damn Vulnerable Model Context Protocol (DVMCP) is a deliberately insecure implementation of a Model Context Protocol server designed to help researchers and developers learn about AI/ML model serving vulnerabilities through hands-on exploitation.

How to use this MCP

Install via pip, set up API keys, and run the Flask server. The repository includes detailed exploitation guides demonstrating various attack vectors against the vulnerable endpoints, with example payloads for each vulnerability.

What this MCP can be used for

Primarily for security education - to understand MCP vulnerabilities, practice exploit development, and learn mitigation strategies for AI/ML serving systems. Not for production use.