Beyond Detection: Autonomous Anomaly Remediation for MCP Against Tool Poisoning Attacks

LLM-powered agents are evolving from passive recommenders into autonomous executors, leveraging tools via the Model Context Protocol (MCP) for web automation. However, this paradigm introduces a new vulnerability: tool poisoning attacks that manipulate the MCP context can corrupt an agent's reasoning. Existing methods focus on anomaly detection and lack autonomous correction mechanisms, hindering their real-world deployment. In this paper, we introduce MCPFixGen, to the best of our knowledge, the first framework to provide automated anomaly detection and correction. We tackle three fundamental challenges: (1) when to initiate anomaly inspection with minimal overhead, (2) what features effectively characterize abnormality, and (3) how to automatically execute remedial actions. MCPFixGen achieves this through a novel multi-checkpoint rollback mechanism for anomaly management. MCPFixGen proposes a multi-checkpoint rollback anomaly management mechanism. Strategically places checkpoints at high-risk operations based on the tools-calling risk distribution. Then it identifies unanticipated tool behaviors by leveraging the correlation between attention activation values and tool calls. Finally, it introduces an attention-mask-based backtracking and correction mechanism. By masking the root cause of the anomaly, the LLM is prompted to re-infer, facilitating efficient and low-cost anomaly resolution. Our evaluation on real-world datasets demonstrates that MCPFixGen reduces interruptions caused by anomalies to below 13%, decreases the success rate of tool poisoning attacks to less than 0.3%, and significantly improves the robustness, computational efficiency, and task completion rate of web intelligence applications compared to existing approaches.