All news with #tool use tag

MCP Sampling Risks: New Prompt-Injection Attack Vectors

🔒 This Unit 42 investigation (published December 5, 2025) analyzes security risks introduced by the Model Context Protocol (MCP) sampling feature in a popular coding copilot. The authors demonstrate three proof-of-concept attacks—resource theft, conversation hijacking, and covert tool invocation—showing how malicious MCP servers can inject hidden prompts and trigger unobserved model completions. The report evaluates detection techniques and recommends layered mitigations, including request sanitization, response filtering, and strict access controls to protect LLM integrations.

Agentic AI Security Scoping Matrix for Autonomous Systems

🤖 AWS introduces the Agentic AI Security Scoping Matrix to help organizations secure autonomous, tool-enabled AI agents. The framework defines four architectural scopes—from no agency to full agency—and maps escalating security controls across six dimensions, including identity, data/memory, auditability, agent controls, policy perimeters, and orchestration. It advocates progressive deployment, layered defenses, continuous monitoring, and retained human oversight to mitigate risks as autonomy increases.

OpenAI Tests ChatGPT-Powered Agent Builder Tool Preview

🧭 OpenAI is testing a visual Agent Builder that lets users assemble ChatGPT-powered agents by dropping and connecting node blocks in a flowchart. Templates like Customer service, Data enrichment, and Document comparison provide editable starting points, while users can also create flows from scratch. Agents are configurable with model choice, custom prompts, reasoning effort, and output format (text or JSON), and they can call tools and external services. Reported screenshots show support for MPC connectors such as Gmail, Calendar, Drive, Outlook, SharePoint, Teams, and Dropbox; OpenAI plans to share more details at DevDay.

Mind the Gap: TOCTOU Vulnerabilities in LLM-Enabled Agents

⚠️A new study, “Mind the Gap,” examines time-of-check to time-of-use (TOCTOU) flaws in LLM-enabled agents and introduces TOCTOU-Bench, a 66-task benchmark. The authors demonstrate practical attacks such as malicious configuration swaps and payload injection and evaluate defenses adapted from systems security. Their mitigations—prompt rewriting, state integrity monitoring, and tool-fusing—achieve up to 25% automated detection and materially reduce the attack window and executed vulnerabilities.

Cloudflare Introduces MCP Server Portals for Zero Trust

🔒 Cloudflare has launched MCP Server Portals in Open Beta to centralize and secure Model Context Protocol (MCP) connections between large language models and application backends. The Portals provide a single gateway where administrators register MCP servers and enforce identity-driven policies such as MFA, device posture checks, and geographic restrictions. They deliver unified visibility and logging, curated least-privilege user experiences, and simplified client configuration to reduce the risk of prompt injection, supply chain attacks, and data leakage.

Google Conversational Analytics API Brings Chat to Your Data

💬 The Conversational Analytics API lets developers embed natural‑language data queries and chat‑driven analysis directly into custom applications, internal tools, and workflows. It combines Google's AI, Looker’s semantic layer, and BigQuery context engineering to deliver data, chart, and text answers with trusted access controls. Features include agentic orchestration, a Python Code Interpreter, RAG‑assisted context engineering, and both stateful and stateless conversation modes. Enterprise controls such as RBAC, row‑ and column‑level access, and query limits are built in.

Agent Factory: Build Your First AI Agent with Tools

🔧 This Microsoft Azure blog post, the second entry in the six-part Agent Factory series, explains how tool ecosystems are defining the next wave of agentic AI. It argues the industry is moving from single-model prompts to extensible platforms that let agents discover and invoke a broad set of capabilities at runtime. The piece highlights the Model Context Protocol (MCP) and Azure AI Foundry for secure, enterprise-grade tool integration, and summarizes five best practices for governance, identity, and observability to achieve scalable, production-ready agents.

The Brain Behind Next-Generation Cyber Attacks and AI Risks

🧠 Researchers at Carnegie Mellon University demonstrated that leading large language models (LLMs), by themselves, struggle to execute complex, multi-host cyber-attacks end-to-end, frequently wandering off-task or returning incorrect parameters. Their proposed solution, Incalmo, is a structured abstraction layer that constrains planning to a precise set of actions and validated parameters, substantially improving completion and coordination. The work highlights both enhanced offensive potential when LLMs are scaffolded and urgent defensive challenges for security teams.

Agent Factory: Enterprise Design Patterns for Agentic AI

🤖 Microsoft introduces the Agent Factory series to share best practices and design patterns for enterprise agentic AI that reasons, acts, and collaborates across workflows. The post outlines five core patterns—tool use, reflection, planning, multi-agent, and ReAct—and links them to real-world outcomes such as reduced proposal time and automated incident delivery. It stresses the need for a unified platform to manage security, identity, observability, and connectors. Azure AI Foundry is presented as a scalable end-to-end solution with flexible model choice, 1,400+ connectors, open protocols, and managed Entra Agent ID and RBAC.