Glossary · Term

tool poisoning

← all terms

Definition

Plain language

An attack that tampers with one of an AI agent's tools, or with the description of what the tool does, so the agent misbehaves when it uses it.

As stated in the literature

An attack class against tool-using agents that modifies a tool's implementation or its advertised description; distinguished from prompt injection, data poisoning, and Oracle Poisoning, which corrupt other parts of the pipeline.

Why it matters: It shows that securing an agent means trusting not just its prompts but every tool and tool description it relies on, since any of them can be quietly corrupted.

For example, an attacker rewrites the description of a 'send email' tool so the agent unknowingly leaks private data every time it uses it.

Heard on the show

“The full annotated version is on paperdive dot AI — every technical term tap-to-define, with links to the related work on prompt injection and tool poisoning grouped by theme.”
Episode 208 — The Blank Space in Your AI Approval Box That Isn't Empty

Mentioned in 2 episodes

  1. 208
    The Blank Space in Your AI Approval Box That Isn't Empty
  2. 039
    When Smarter Agents Get Fooled by Three Extra Nodes in a Database

Related terms