# tool-use
24 articlestagged with “tool-use”
Agent & Agentic Exploitation
Security overview of autonomous AI agents, covering the expanded attack surface created by tool use, persistent memory, multi-step reasoning, and multi-agent coordination.
Exploiting Agent Tool Use
How to manipulate AI agents into calling tools with attacker-controlled parameters, abusing tool capabilities for data exfiltration, privilege escalation, and unauthorized actions.
AI Agent Exploitation
Methodology for exploiting AI agent architectures through confused deputy attacks, goal hijacking, privilege escalation, and sandbox escape.
Function Calling Exploitation
Overview of how LLM function/tool calling works, the attack surface it creates, and systematic approaches to exploiting function calling interfaces in AI systems.
JSON Schema Injection
Techniques for manipulating function definitions and JSON schemas to alter LLM behavior, inject additional parameters, and exploit schema validation gaps in tool calling systems.
Agent Exploitation Assessment
Test your understanding of AI agent security, tool-use attacks, confused deputy scenarios, and agentic system exploitation with 10 intermediate-level questions.
Agentic Exploitation Assessment (Assessment)
Test your knowledge of agentic AI attacks, MCP exploitation, function calling abuse, and multi-agent system vulnerabilities with 15 intermediate-level questions.
Capstone: Pentest an Agentic AI System End-to-End
Conduct a full penetration test of an agentic AI system with tool use, multi-step reasoning, and autonomous decision-making capabilities.
MCP and Coding Tools Security
Security risks of Model Context Protocol in IDE environments — covering MCP server attacks in development tools, code exfiltration via tool calls, and IDE-specific hardening strategies.
CaMeL & Dual LLM Pattern
Architectural defense patterns that separate trusted and untrusted processing: Simon Willison's Dual LLM concept and Google DeepMind's CaMeL framework for defending tool-using AI agents against prompt injection.
Integration & Webhook Security
Methodology for exploiting SSRF through LLM tools, webhook hijacking, insecure function dispatch, output parsing vulnerabilities, OAuth/API key management flaws, and MCP server security in AI pipelines.
Lab: MCP Full Exploitation
Hands-on lab for conducting a complete Model Context Protocol server compromise including tool enumeration, permission escalation, cross-tool attacks, and data exfiltration through MCP channels.
CTF: Agent Heist
A multi-stage agent exploitation challenge where you infiltrate an AI agent's tool ecosystem, escalate privileges, and exfiltrate target data without triggering security alerts.
Lab: Exploiting AI Agents
Hands-on lab for exploiting AI agents with tool access through indirect prompt injection, tool-call chaining, and privilege escalation techniques.
Lab: Agent Prompt Leaking
Hands-on lab for extracting system prompts from tool-using AI agents by exploiting tool interactions, observation channels, and multi-step reasoning to leak protected instructions.
Lab: Function Calling & Tool Use Abuse
Hands-on lab exploring how attackers can manipulate LLM function calling and tool use to execute unauthorized actions, exfiltrate data, and chain tool calls for maximum impact.
Simulation: Agentic Workflow Full Engagement
Expert-level red team simulation targeting a multi-tool AI agent with code execution, file access, and API integration capabilities.
Simulation: Autonomous AI Agent Red Team
Red team engagement simulation targeting an autonomous AI agent with tool access, file system permissions, and internet connectivity. Tests for privilege escalation, unauthorized actions, and goal hijacking.
Claude Attack Surface
Claude-specific attack vectors including Constitutional AI weaknesses, tool use exploitation, system prompt handling, vision attacks, and XML tag injection techniques.
Injection via Function Calling
Exploiting function calling and tool-use interfaces to inject adversarial instructions through structured tool inputs and outputs.
Function Schema Poisoning Walkthrough
Poison function schemas to inject hidden instructions that redirect model tool selection and parameter filling.
Tool Use Confusion Attack Walkthrough
Walkthrough of confusing model tool-use decisions to invoke unintended functions or skip safety-critical tools.
Sandboxing and Permission Models for Tool-Using Agents
Walkthrough for implementing sandboxing and permission models that constrain tool-using LLM agents, covering least-privilege design, parameter validation, execution sandboxes, approval workflows, and audit logging.
Setting Up Garak Probes for MCP Tool Interactions
Advanced walkthrough on configuring garak probes that target Model Context Protocol (MCP) tool interactions, testing for tool misuse, privilege escalation through tools, and data exfiltration via tool calls.