Why it matters

Tool abuse is a growing incident category. Understanding vectors enables defense.

Advertisement

The architecture

Excessive use: agent loops calling a costly tool. Bills spiral.

Destructive use: agent deletes/modifies things it shouldn't.

Tool abuse categoriesExcessive callscost blowupDestructive usedamage stateData leaksensitive returned to userLeast-privilege + rate-limit + destructive-action confirmation prevent most abuse
Three abuse types.
Advertisement

How it works end to end

Data leak: agent uses read tool on sensitive data, includes in response to unauthorized user.

Prompt-injection driven: attacker's injected instructions cause tool misuse.

Defenses: least-privilege scopes, rate limits per tool, per-agent budgets, explicit confirmation for destructive actions.