toolpolicy.com
Menu

Safety, Security & Runtime Controls

Tool Policy

Security gateway that enforces access controls, API whitelists, and usage permissions to prevent agents from executing unauthorized tools.

Three Pillars

Why This Becomes Necessary

AI agents can reason and escalate attacks independently, meaning individually low-risk tools can chain into high-impact outcomes without explicit, runtime-enforced permission controls.

What a Solution Must Provide

A production stack needs policy-as-code, ethical enforcement layers, compliance checking at invocation time, signed decision logs, and deterministic intervention mechanisms when a policy breach is detected.

Regulatory & Standards Angle

Human-oversight obligations become operational only when each tool call can be paused, attributed to accountable operators, and verified through compliance checking before execution.

Evidence Ledger

Full ledger →

Developments that demonstrate the practical necessity of agent tool-use governance, policy engines, and containment layers. Primary sources only.

July 15, 2026

Writer AI preview flaw leaked session tokens across tenants via sandbox

Writer patched WriteOut after Sand Security found that sandbox previews could forward session cookies into attacker-controlled environments, enabling cross-tenant session token leakage.

Why this matters

This demonstrates that agent tool features like previews can inadvertently expose session credentials across trust boundaries, making strict tool-use policies and capability restrictions essential for preventing session hijacking in multi-tenant AI agent deployments.

agent tool permissions session security sandbox isolation multi-tenant safety

May 3, 2026

CertiK: AI agents with open skill ecosystems can be manipulated into draining crypto wallets

Blockchain security firm CertiK has flagged a class of attacks in which AI agents built on open skill ecosystems can be manipulated into draining cryptocurrency wallets.

Why this matters

This demonstrates that without strict tool-use policies and capability restrictions, AI agents can be weaponized through their skill/plugin interfaces—directly threatening the safety guarantees that agent platforms must provide to users and developers.

Sources

tool-use policies for AI agents agent tool permissions and capability restrictions agent safety controls and guardrails

April 29, 2026

AI-assisted commits used to inject malicious npm dependency targeting crypto wallets

A malicious npm dependency has been discovered that targets cryptocurrency wallets, with the attack vector linked to AI-assisted commits.

Why this matters

This demonstrates a concrete supply-chain risk where AI-generated code contributions can bypass human review, directly threatening environments where AI agents are granted commit or package installation permissions. It underscores the urgent need for tool-use policies that restrict or audit AI agent capabilities in software supply chains.

supply-chain agent-permissions guardrails

April 14, 2026

OpenAI revokes macOS certificate after malicious Axios supply chain compromise

OpenAI revoked a macOS app certificate following a malicious Axios supply chain incident, as reported by The Hacker News on April 14, 2026.

Why this matters

Demonstrates that even trusted agent distribution channels can be compromised, reinforcing the need for strict tool-use policies, code signing verification, and capability restrictions when granting AI agents access to third-party plugins or MCP servers.

supply-chain agent-distribution code-signing plugin-security

Latest Articles

Related Primitives

Explore the Agentic Infrastructure Ecosystem

Relevant: EU AI Act Article 14 - Article 14 requires effective human oversight measures, which tool permission control planes with intervention mechanisms directly operationalize. Source
Research: Forewarned is Forearmed: A Survey on Large Language Model-based Agents in Autonomous Cyberattacks — Minrui Xu et al. Nanyang Technological University / University of Waterloo, 2025.
“Governance/Guardrails for LLM-based Agents: Developing effective governance for LLM-based agents is critical. Unlike traditional tools, these agents can reason and escalate attacks independently. To mitigate risks, agent architectures must embed safety constraints. Research should implement ethical enforcement, compliance checking, and intervention mechanisms.”
Read paper →