// GLOSSARY -- AI AGENT SECURITY

What is a Tool Description Mismatch?

1 min read Updated

A discrepancy between what a tool's metadata claims it does and what the underlying code actually executes, found in approximately 13% of MCP servers and enabling undocumented privileged operations.

WHY IT MATTERS

An MCP tool's description is what the agent sees when deciding whether and how to use it. If the description says 'read user profile' but the code actually modifies user settings, the agent makes decisions based on false information.

Mismatches can be accidental (sloppy documentation) or malicious (intentional deception). Either way, agents relying on descriptions alone are vulnerable. Independent classification based on code analysis and behavioural testing catches what descriptions miss.

HOW POLICYLAYER USES THIS

PolicyLayer's crawler analyses tool source code via static analysis, comparing what tools claim to do against patterns in the actual implementation.

FREQUENTLY ASKED QUESTIONS

How common are mismatches?
Security research (AgentSeal) found mismatches in approximately 13% of scanned MCP servers — tools performing operations not described in their metadata.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.