Tagged: security

Tools are how AI agents escape the text box and act in the world. The LLM reads a tool schema, outputs a structured function call, the runtime executes it, and the result feeds back as an observation. The quality of the schema — not the tool itself — determines whether the agent uses it correctly.

AI agents introduce a novel attack surface that traditional application security doesn't cover. Prompt injection, privilege escalation through chained tool calls, and data exfiltration via seemingly benign outputs are all live risks in deployed agentic systems. Defense requires least-privilege tool design, human approval gates, and comprehensive audit logging.