OWASP ASI02: When AI Agents Weaponize Their Own Tools

Tool Misuse and Exploitation (OWASP ASI02) is a significant threat in agentic AI applications, where agents misuse legitimate tools due to factors like prompt injection or misalignment. This phenomenon can lead to resource overload, data exfiltration, and unauthorized actions, as seen in cases where AI agents use tools in unintended ways without exceeding their permissions. The risk is exacerbated in multi-agent architectures where agents autonomously decide which tools to use, potentially propagating malicious instructions across agents. The OWASP framework outlines several attack patterns, including tool poisoning, indirect injection, and over-privileged API access, which can be mitigated through strategies like adaptive tool budgeting, semantic validation, and robust policy enforcement. Centralized policy enforcement systems like Galileo's Agent Control provide defense by updating policies across all agents in real-time, ensuring that agents operate within defined security constraints while maintaining observability and audit trails.