Authorized Tool Misuse
Anti-pattern: grant the agent a tool with broad authorization and trust the agent to use it in benign ways.
Problem
Authorization is binary; harm is graded. The agent that may run SQL queries can also run DROP TABLE. The agent that may send HTTP can also exfiltrate to evil.com. The agent that may send email can also impersonate. When the agent is hijacked or simply wrong, every authorized tool becomes a weapon — and the audit log shows authorized calls, which classical access control treats as legitimate.
Solution
Don't. Replace broad tools with narrow capability-scoped variants (read-only SQL, allow-listed HTTP, dry-run-then-confirm shell). Apply policy-as-code at the tool boundary; use human-in-the-loop on irreversible actions; pair with sandbox-isolation and capability-bounded-execution.
When to use
- Never. Cite when reviewing tool-permission grants.
- Replace with capability-bounded-execution and per-call policy enforcement.
- Require human-in-the-loop confirmation for irreversible tool calls.
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.