AI_SLANG_ENTRY
Tool Poisoning Meaning
An agent security attack where a tool's name, description, schema, or metadata carries hidden instructions that steer the model toward unsafe actions.
What does Tool Poisoning mean?
An agent security attack where a tool's name, description, schema, or metadata carries hidden instructions that steer the model toward unsafe actions.
Tool poisoning means the model is tricked through the tool catalog itself. The dangerous instruction may live in metadata the user never reads, but the agent does.
Origin and usage
Grew out of MCP and tool-using agent security research, where natural-language tool descriptions became part of the model's trusted context.
Source type: paper. Last checked: 2026-07-15.
MCP security research term; recent papers describe tool metadata poisoning, shadowing, and related attacks against tool-integrated agents.
Examples
- The MCP server looked harmless, but its description was doing tool poisoning.
- Tool poisoning is why agents need tool manifests, permission boundaries, and boring audit logs.