# tool-use
標記為「tool-use」的 56 篇文章
Function Calling Exploitation
Practical attacks against OpenAI function calling, Anthropic tool use, and similar APIs -- injecting function calls through prompt injection, exploiting parameter validation gaps, and chaining calls.
Agent & Agentic Exploitation
Security overview of autonomous AI agents, covering the expanded attack surface created by tool use, persistent memory, multi-step reasoning, and multi-agent coordination.
MCP Security: Understanding and Defending the Protocol
A comprehensive guide to Model Context Protocol security — understanding the attack surface, known vulnerabilities (30+ CVEs in early 2026), and implementing robust defenses for MCP-enabled AI agent systems.
Exploiting Agent Tool Use
How to manipulate AI agents into calling tools with attacker-controlled parameters, abusing tool capabilities for data exfiltration, privilege escalation, and unauthorized actions.
Tool Use Exploitation
Comprehensive techniques for exploiting how AI agents call external tools and APIs, including tool description poisoning, overly permissive access abuse, and tool output manipulation.
AI Agent Exploitation
Methodology for exploiting AI agent architectures through confused deputy attacks, goal hijacking, privilege escalation, and sandbox escape.
Function Calling Exploitation
Overview of how LLM function/tool calling works, the attack surface it creates, and systematic approaches to exploiting function calling interfaces in AI systems.
JSON Schema Injection
Techniques for manipulating function definitions and JSON schemas to alter LLM behavior, inject additional parameters, and exploit schema validation gaps in tool calling systems.
Agent Exploitation Assessment
Test your understanding of AI agent security, tool-use attacks, confused deputy scenarios, and agentic system exploitation with 10 intermediate-level questions.
Agentic Exploitation Assessment (Assessment)
Test your knowledge of agentic AI attacks, MCP exploitation, function calling abuse, and multi-agent system vulnerabilities with 15 intermediate-level questions.
Capstone: Pentest an Agentic AI System End-to-End
Conduct a full penetration test of an agentic AI system with tool use, multi-step reasoning, and autonomous decision-making capabilities.
MCP and Coding Tools Security
Security risks of Model Context Protocol in IDE environments — covering MCP server attacks in development tools, code exfiltration via tool calls, and IDE-specific hardening strategies.
CaMeL & Dual LLM Pattern
Architectural defense patterns that separate trusted and untrusted processing: Simon Willison's Dual LLM concept and Google DeepMind's CaMeL framework for defending tool-using AI agents against prompt injection.
Integration & Webhook Security
Methodology for exploiting SSRF through LLM tools, webhook hijacking, insecure function dispatch, output parsing vulnerabilities, OAuth/API key management flaws, and MCP server security in AI pipelines.
Lab: MCP Full Exploitation
Hands-on lab for conducting a complete Model Context Protocol server compromise including tool enumeration, permission escalation, cross-tool attacks, and data exfiltration through MCP channels.
CTF: Agent Heist
A multi-stage agent exploitation challenge where you infiltrate an AI agent's tool ecosystem, escalate privileges, and exfiltrate target data without triggering security alerts.
Lab: Exploiting AI Agents
Hands-on lab for exploiting AI agents with tool access through indirect prompt injection, tool-call chaining, and privilege escalation techniques.
Lab: Agent Prompt Leaking
Hands-on lab for extracting system prompts from tool-using AI agents by exploiting tool interactions, observation channels, and multi-step reasoning to leak protected instructions.
Lab: Function Calling & Tool Use Abuse
Hands-on lab exploring how attackers can manipulate LLM function calling and tool use to execute unauthorized actions, exfiltrate data, and chain tool calls for maximum impact.
Simulation: Agentic Workflow Full Engagement
Expert-level red team simulation targeting a multi-tool AI agent with code execution, file access, and API integration capabilities.
Simulation: Autonomous AI Agent Red Team
Red team engagement simulation targeting an autonomous AI agent with tool access, file system permissions, and internet connectivity. Tests for privilege escalation, unauthorized actions, and goal hijacking.
Claude Attack Surface
Claude-specific attack vectors including Constitutional AI weaknesses, tool use exploitation, system prompt handling, vision attacks, and XML tag injection techniques.
Injection via Function Calling
Exploiting function calling and tool-use interfaces to inject adversarial instructions through structured tool inputs and outputs.
Function Schema Poisoning Walkthrough
Poison function schemas to inject hidden instructions that redirect model tool selection and parameter filling.
Tool Use Confusion Attack Walkthrough
Walkthrough of confusing model tool-use decisions to invoke unintended functions or skip safety-critical tools.
Sandboxing and Permission Models for Tool-Using Agents
Walkthrough for implementing sandboxing and permission models that constrain tool-using LLM agents, covering least-privilege design, parameter validation, execution sandboxes, approval workflows, and audit logging.
Setting Up Garak Probes for MCP Tool Interactions
Advanced walkthrough on configuring garak probes that target Model Context Protocol (MCP) tool interactions, testing for tool misuse, privilege escalation through tools, and data exfiltration via tool calls.
Function Calling 利用ation
Practical attacks against OpenAI function calling, Anthropic tool use, and similar APIs -- injecting function calls through prompt injection, exploiting parameter validation gaps, and chaining calls.
代理與代理式利用
自主 AI 代理的安全概覽,涵蓋由工具呼叫、持久記憶體、多步推理與多代理協調所建立的擴大攻擊面。
MCP 安全: Understanding and Defending the Protocol
A comprehensive guide to 模型 Context Protocol security — understanding the attack surface, known vulnerabilities (30+ CVEs in early 2026), and implementing robust defenses for MCP-enabled AI agent systems.
利用代理工具使用
如何操弄 AI 代理,使其以攻擊者可控的參數呼叫工具,並濫用其能力達成資料外洩、提權,以及未授權動作。
工具 Use 利用ation
Comprehensive techniques for exploiting how AI agents call external tools and APIs, including tool description poisoning, overly permissive access abuse, and tool output manipulation.
AI 代理利用
經混淆代理攻擊、目標劫持、特權升級與沙箱逃逸利用 AI 代理架構之方法論。
函式呼叫攻擊(Function Calling Exploitation)
概述 LLM 函式/工具呼叫的運作方式、其產生的攻擊面,以及對 AI 系統中函式呼叫介面進行利用的系統化方法。
JSON Schema 注入
操弄函式定義與 JSON schema 以改變 LLM 行為、注入額外參數,以及利用工具呼叫系統中 schema 驗證缺口之技術。
章節評量:代理利用
15 題校準評量,測試你對代理式 AI 利用的理解——工具濫用、MCP 攻擊、記憶體投毒與多代理安全。
章節評量:MCP 安全
15 題校準評量,測試你對模型上下文協議安全的理解——工具遮蔽、傳輸攻擊、伺服器審查與設定安全。
代理式 AI 安全完整指南
保護代理式 AI 系統的完整指南——涵蓋工具使用風險、多代理架構、MCP 安全、記憶體投毒與實務防禦策略。
MCP 安全:新的攻擊面
深入探討模型上下文協議安全——分析工具註冊攻擊、傳輸層風險、跨伺服器利用與實務強化策略。
Capstone: Pentest an 代理式 AI System End-to-End
Conduct a full penetration test of an agentic AI system with tool use, multi-step reasoning, and autonomous decision-making capabilities.
MCP 與程式設計工具安全
IDE 環境中模型上下文協議的安全風險——涵蓋開發工具中的 MCP 伺服器攻擊、透過工具呼叫的程式碼外洩與 IDE 特定強化策略。
CaMeL & Dual LLM Pattern
Architectural defense patterns that separate trusted and untrusted processing: Simon Willison's Dual LLM concept and Google DeepMind's CaMeL framework for defending tool-using AI agents against prompt injection.
Integration & Webhook 安全
Methodology for exploiting SSRF through LLM tools, webhook hijacking, insecure function dispatch, output parsing vulnerabilities, OAuth/API key management flaws, and MCP server security in AI pipelines.
實驗室: MCP Full 利用ation
Hands-on lab for conducting a complete 模型 Context Protocol server compromise including tool enumeration, permission escalation, cross-tool attacks, and data exfiltration through MCP channels.
CTF:代理劫案
多階段代理利用挑戰,你滲透 AI 代理之工具生態系、提升權限並於不觸發安全警報下外洩目標資料。
實驗室: 利用ing AI 代理s
Hands-on lab for exploiting AI agents with tool access through indirect prompt injection, tool-call chaining, and privilege escalation techniques.
實驗室: 代理 Prompt Leaking
Hands-on lab for extracting system prompts from tool-using AI agents by exploiting tool interactions, observation channels, and multi-step reasoning to leak protected instructions.
實驗室: Function Calling & 工具 Use Abuse
Hands-on lab exploring how attackers can manipulate LLM function calling and tool use to execute unauthorized actions, exfiltrate data, and chain tool calls for maximum impact.
模擬:代理式工作流程完整案件
針對具程式碼執行、檔案存取與 API 整合能力之多工具 AI 代理的專家級紅隊模擬。
模擬:自主 AI 代理紅隊
針對具工具存取、檔案系統權限與網際網路連線之自主 AI 代理之紅隊委任模擬。測試特權升級、未授權動作與目標劫持。
Claude 攻擊面
Claude 特有攻擊向量,含憲法 AI 弱點、工具使用利用、系統提示處理、視覺攻擊與 XML 標籤注入技術。
Injection via Function Calling
利用ing function calling and tool-use interfaces to inject adversarial instructions through structured tool inputs and outputs.
Function Schema 投毒 導覽
Poison function schemas to inject hidden instructions that redirect model tool selection and parameter filling.
工具 Use Confusion 攻擊 導覽
導覽 of confusing model tool-use decisions to invoke unintended functions or skip safety-critical tools.
Sandboxing and Permission 模型s for 工具-Using 代理s
導覽 for implementing sandboxing and permission models that constrain tool-using LLM agents, covering least-privilege design, parameter validation, execution sandboxes, approval workflows, and audit logging.
Setting Up Garak Probes for MCP 工具 Interactions
進階 walkthrough on configuring garak probes that target 模型 Context Protocol (MCP) tool interactions, testing for tool misuse, privilege escalation through tools, and data exfiltration via tool calls.