Why it matters
Tool abuse is a growing incident category. Understanding vectors enables defense.
Advertisement
The architecture
Excessive use: agent loops calling a costly tool. Bills spiral.
Destructive use: agent deletes/modifies things it shouldn't.
Advertisement
How it works end to end
Data leak: agent uses read tool on sensitive data, includes in response to unauthorized user.
Prompt-injection driven: attacker's injected instructions cause tool misuse.
Defenses: least-privilege scopes, rate limits per tool, per-agent budgets, explicit confirmation for destructive actions.