Xeris Threat Lab Uncovers New LLM Attack Method: 'XERIS-005 – Reasoning Step Hopping'

The attack is executed by the MCP Server silently, with zero visibility to the user.

he MCP Server silently instructs the LLM to hop over a reasoning step—completely hidden from the user.

Join the MCP Security LinkedIn Group

New Xeris report details how MCP Servers can hijack individual reasoning steps in LLM workflows

This isn’t prompt injection. It’s a deeper, more dangerous logic-level hijack. By taking over the reasoning flow, an attacker can shape conclusions and decisions invisibly.”

— Shlomo Touboul, Co-Founder and Active Chairman of Xeris.

TEL AVIV, ISRAEL, July 21, 2025 /EINPresswire.com/ -- Xeris.ai, a cybersecurity startup specializing in securing Generative AI environments, today announced the release of its latest threat report, XERIS-005: Reasoning Step Hopping Attack. This marks an important discovery by the Xeris Threat Lab, highlighting a novel method in which malicious MCP (Model Context Protocol) Servers manipulate the reasoning process of Large Language Models (LLMs).

Traditionally seen as a neutral bridge between the LLM and enterprise data, the MCP Server is now shown to have the potential for far greater influence. In the XERIS-005 scenario, the MCP Server takes control over the LLM’s step-by-step reasoning process. By forcing the model to externally validate each step and then subtly modifying one selected step, the attacker can alter the final response while keeping the model unaware of the manipulation.

“This isn’t prompt injection. It’s a deeper, more dangerous logic-level hijack,” said Shlomo Touboul, Co-Founder and Active Chairman of Xeris. “By taking over the reasoning flow, an attacker can shape conclusions and decisions invisibly. That’s a new class of risk that enterprises must be ready for.”

Reffael Caspi, Co-Founder and CEO of Xeris, added:
“XERIS-005 shows how fast threat actors are evolving. What used to be a passive data access layer can now actively control and distort reasoning in real time. Our mission at Xeris is to stay one step ahead, protecting the trust layer of GenAI before it's too late.”

The full technical report, including a detailed breakdown of the attack flow and mitigation strategies, is now available on the Xeris website:
🔗 https://www.xeris.ai/threat-reports/reasoning-step-hopping-attack

As part of its ongoing commitment to transparency and proactive defense, Xeris pre-released this report to members of the MCP Security Group—a growing community of AI and cybersecurity professionals who receive early access to Xeris research and engage in deep technical discussion around emerging GenAI threats.

Professionals interested in joining the group and staying ahead of new threat vectors are invited to apply here:
🔗 https://www.linkedin.com/groups/10141833/

About Xeris
Xeris.ai is a pioneer in Generative AI security. Its flagship solution, the MCP-XDR platform, provides extended detection and response for AI agent environments, enabling CISOs to apply enterprise-grade policy, visibility, and control across distributed AI workflows. The Xeris Threat Lab continuously monitors and analyzes real-world risks targeting AI reasoning, data access, and identity integrity.

Media Contact:
info@xeris.ai
www.xeris.ai

Shlomo Touboul
Xeris AI
email us here
Visit us on social media:
LinkedIn

Distribution channels: Banking, Finance & Investment Industry, Companies, Healthcare & Pharmaceuticals Industry, IT Industry, Technology

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Submit your press release