SAIL

/

Operate - Safe Execution Environment - Sandbox

/

Unrestricted API/Tool Invocation

6.2

.

Unrestricted API/Tool Invocation

sail
6.2
Risk

Unrestricted API/Tool Invocation

Description

Agent chains API/tool calls to escalate privileges, circumvent controls, or access unauthorized data or systems.

Example

Agent discovers undocumented API and modifies user permissions or accesses restricted data.

Assets Affected

Agentic platform (no code)

Tool / function

MCP server

Mitigation
  • Restrict agent permissions and APIs (least privilege, explicit allow-list)
  • Monitor and log all tool invocations
  • Review integration approval process and monitor for abnormal usage patterns
Standards Mapping
  • ISO 42001: A.9.4, A.10.2
  • OWASP Top 10 for LLM: LLM06
  • NIST AI RMF: MANAGE 2.4, GOVERN 3.2
  • DASF v2: MODEL SERVING 9.13