Free Trial Dark Web Report

2. Overly Permissive Agent-Tool Routing

Home / Security: Threats, Risks, and Controls / Top 10 Deep Security Risks in Real Deployments / 2. Overly Permissive Agent-Tool Routing

Published on • Updated on

2. Overly Permissive Agent-Tool Routing

Without enforced routing constraints, LLM agents can invoke any available tool, regardless of sensitivity or intended scope.

Tech Detail:

  • tool_registry.json lacks per-agent allowlists
  • Absence of capability_scope tagging in orchestration YAML/JSON

Exploit Potential:

  • Agent instructed to “run full scan” may trigger internal pentest tools without approval
  • LLM may hallucinate tool names and match incorrectly

Mitigation:

  • Define scoped registries with execution_context tags (e.g., SOC_ONLY, DEVOPS_INTERNAL)
  • Apply server-side validation on tool invocation chains
ON THIS PAGE