Bridging AI and Software Security: A Comparative Vulnerability Assessment of LLM Agent Deployment Paradigms
It addresses security risks for LLM agent developers by providing a cross-domain assessment, though it is incremental in bridging AI and software security gaps.
This study tackled the security vulnerabilities of LLM agents by comparing Function Calling and Model Context Protocol deployment paradigms, finding that Function Calling had higher attack success rates (73.5% vs. 62.59%) and chained attacks achieved 91-96% success rates.
Large Language Model (LLM) agents face security vulnerabilities spanning AI-specific and traditional software domains, yet current research addresses these separately. This study bridges this gap through comparative evaluation of Function Calling architecture and Model Context Protocol (MCP) deployment paradigms using a unified threat classification framework. We tested 3,250 attack scenarios across seven language models, evaluating simple, composed, and chained attacks targeting both AI-specific threats (prompt injection) and software vulnerabilities (JSON injection, denial-of-service). Function Calling showed higher overall attack success rates (73.5% vs 62.59% for MCP), with greater system-centric vulnerability while MCP exhibited increased LLM-centric exposure. Attack complexity dramatically amplified effectiveness, with chained attacks achieving 91-96% success rates. Counterintuitively, advanced reasoning models demonstrated higher exploitability despite better threat detection. Results demonstrate that architectural choices fundamentally reshape threat landscapes. This work establishes methodological foundations for cross-domain LLM agent security assessment and provides evidence-based guidance for secure deployment. Code and experimental materials are available at https: // github. com/ theconsciouslab-ai/llm-agent-security.