Risk
Insecure Tool Invocation
AI systems call tools or APIs without sufficient validation, authorization, rate limits, or operational safeguards.
tools agents API security
Exposure
Insecure Tool Invocation occurs when model output can trigger functions, APIs, plugins, workflows, or automation tools in unsafe ways. The model may select the tool, construct arguments, interpret results, and continue acting on the new context.
Tool access turns language into system behavior. That transition is where ATLAS watches for missing authorization.
Signals
- Tool arguments are accepted because the model produced them.
- Authorization is described in prompts but not enforced by the tool or API.
- Tool calls can change records, send messages, move money, deploy code, or change access without a separate check.
- Failures are hard to reconstruct because tool calls and outcomes are not logged.
Failure pattern
The application trusts the model as if it were an authenticated operator. Prompt Injection, ambiguous user intent, or incomplete context can then produce real changes in connected systems.
Related controls
- Validate tool inputs with strict schemas.
- Enforce authorization at the tool layer.
- Rate-limit and isolate sensitive operations.
- Require approval for high-impact actions.
- Record tool calls, arguments, responses, errors, and approval decisions.