StephEO

SEO Recap covering July 12, 2026

2 min read·1 story

Daily summary of what matters in SEO, GEO, AEO, and AI search generated with Claude Code (beware of hallucinations)


Technical SEO

Chrome Warns: WebMCP Tools You Expose to AI Agents Can Be Hijacked
Source: Search Engine Journal

  • Chrome's developer guidance names two attack vectors in WebMCP: malicious manifests with hidden instructions in tool names, parameters, or descriptions, and contaminated outputs where tools return user-generated content (reviews, comments, forum posts) that contain planted instructions.
  • The root problem is unpatchable: LLMs treat all text, instructions and data alike, as a single token sequence, so Chrome says the probabilistic nature of LLMs makes it impossible to guarantee safety inside the model itself.
  • Chrome puts the burden on the website, not the agent: only expose tools to origins you trust, and use annotations like untrustedContentHint for UGC, readOnlyHint for tools that don't change state, and exposedTo to restrict tools to trusted origins.
  • Chrome caps a tool description at 500 characters and a single tool output at roughly 1,500, and adds a requestUserInteraction() path for confirming an action before it fires.
  • The author advises threat-modeling every tool like a public API endpoint before shipping, asking what untrusted content it can return and whether that content is marked; WebMCP is still in a Chrome origin trial.
Published on