← Template libraryMode on clone: log
OWASP LLM Top 10LLM06:2025highv1.0.0 · System
Agent Tool Restriction
Restricts which tools an agent can invoke based on user role and application context. Prevents agents from overstepping their authorised scope.
📘Clone & start observing
Creates a Guideline policy. Observation only — nothing is blocked until you promote to Strict.
Defaults to template name. Customise to distinguish multiple instances of the same template.
Leave empty to apply broadly via the template's default data-classification / risk-tier filters.
Rationale
Agentic AI with broad tool access creates excessive agency risk. A customer-service agent should not be able to invoke financial-transaction tools.
Example violation
Customer Service agent attempting to call "transferFunds(account=ACC123, amount=10000)" toolTriggers (1)
- tool_callInspect every tool invocation against allowed scope
Detectors (1)
- keyword_listtool-allowlistCompare tool name against per-role allowlist
Actions (3)
- blockRefuse the tool call
- logRecord attempted out-of-scope call
- notifyAlert agent owner
Tunable parameters (3)
Allowed tools (per role)
basickeywords
Comma-separated list of tool names this agent may invoke.
Default: ["search_kb","fetch_user_profile","create_ticket"]
Block unknown tools
advancedboolean
Block any tool not on the allowlist. Disable only for development.
Default: true
Notification channel
basicchannel
Where to send out-of-scope alerts.
Default: "#agent-security"
Regulatory references
EU AI Act Art. 14
Template defaults (suggested target after promotion)
Suggested mode
block
Risk tiers
High-Risk
Data classifications
—
Departments
—
Cloned policies start in Guideline mode. Use the promotion wizard to flip to Strict once you trust the false-positive rate.