Risk
Unrestricted API/Tool Invocation
Description
Agent chains API/tool calls to escalate privileges, circumvent controls, or access unauthorized data or systems.
Example
Agent discovers undocumented API and modifies user permissions or accesses restricted data.
Assets Affected
Agentic platform (no code)
Tool / function
MCP server
Mitigation
- Restrict agent permissions and APIs (least privilege, explicit allow-list)
- Monitor and log all tool invocations
- Review integration approval process and monitor for abnormal usage patterns
Standards Mapping
- ISO 42001: A.9.4, A.10.2
- OWASP Top 10 for LLM: LLM06
- NIST AI RMF: MANAGE 2.4, GOVERN 3.2
- DASF v2: MODEL SERVING 9.13