What is OWASP ASI02 Tool Misuse and Exploitation?
Tool misuse is the agent calling legitimate integrations unsafely: exfiltrating via DNS checks, deleting the wrong records, or following typosquatted function names after prompt injection or misalignment.
What this looks like in production
The agent is not hacked - it is doing exactly what tools allow. OpenClaw-style failures showed session and channel boundaries breaking under autonomous tool use.
What teams usually do about it
- Scope tools narrowly and validate parameters at execution time.
- Block dangerous combinations in tool chains.
- Red-team tool abuse separately from prompt safety.