SEO Recap covering July 12, 2026
2 min read·1 story
Daily summary of what matters in SEO, GEO, AEO, and AI search generated with Claude Code (beware of hallucinations)
Technical SEO
Chrome Warns: WebMCP Tools You Expose to AI Agents Can Be Hijacked
Source: Search Engine Journal
- Chrome's developer guidance names two attack vectors in WebMCP: malicious manifests with hidden instructions in tool names, parameters, or descriptions, and contaminated outputs where tools return user-generated content (reviews, comments, forum posts) that contain planted instructions.
- The root problem is unpatchable: LLMs treat all text, instructions and data alike, as a single token sequence, so Chrome says the probabilistic nature of LLMs makes it impossible to guarantee safety inside the model itself.
- Chrome puts the burden on the website, not the agent: only expose tools to origins you trust, and use annotations like untrustedContentHint for UGC, readOnlyHint for tools that don't change state, and exposedTo to restrict tools to trusted origins.
- Chrome caps a tool description at 500 characters and a single tool output at roughly 1,500, and adds a requestUserInteraction() path for confirming an action before it fires.
- The author advises threat-modeling every tool like a public API endpoint before shipping, asking what untrusted content it can return and whether that content is marked; WebMCP is still in a Chrome origin trial.
Published on