// GLOSSARY -- AI AGENT SECURITY

What is Tool Misuse?

1 min read Updated

When an AI agent invokes a legitimate tool in an unsafe way — through ambiguous prompts, manipulated input, or unexpected tool chaining — causing data loss, exfiltration, or unauthorised state changes.

WHY IT MATTERS

Tool misuse doesn't require a malicious tool. A perfectly legitimate file deletion tool becomes dangerous when an agent uses it on the wrong directory. A safe database query tool becomes a data exfiltration vector when an agent passes query results to an untrusted endpoint.

The tool works as designed. The agent's use of it is the problem. This makes tool misuse harder to detect than malicious tools — every individual component is legitimate.

HOW POLICYLAYER USES THIS

Intercept's argument validation and rate limiting catch many misuse patterns — restricting what arguments an agent can pass and how frequently it can invoke each tool.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.