Attacks and threats

Tool shadowing

Tool shadowing is when a malicious tool impersonates or overrides a trusted one, so the agent calls the attacker's version instead.

Definition

What is tool shadowing?

When an agent connects to several tool providers, their tools share one namespace in the model's context. Tool shadowing exploits this: a malicious server declares a tool with the same or a confusingly similar name to a trusted one, or its description instructs the model to route calls through it. The agent, seeing two similar options, can be steered to the attacker's tool.

The result is a silent man-in-the-middle over the agent's actions. Calls meant for a trusted service are intercepted, arguments (including secrets) are captured, and results can be tampered with. Defending against it requires provenance for each tool, watching for name collisions across servers, and a default-deny allowlist of which tools an agent may actually reach.

FAQ

Common questions.

How do you prevent tool shadowing?

Track the provenance of every tool, alert on duplicate or near-duplicate tool names across servers, and run a default-deny allowlist so an agent can only reach the specific tools you approved.

Govern the actions, not just the vocabulary

AxioRank scores every tool call your agents make for leaked secrets, PII, destructive operations, and prompt injection, checks it against your policy, and proves it in a tamper-evident audit log. Start free, no card.