OWASP ASI02 Tool Misuse and Exploitation

What is OWASP ASI02 Tool Misuse and Exploitation?

Tool misuse is the agent calling legitimate integrations unsafely: exfiltrating via DNS checks, deleting the wrong records, or following typosquatted function names after prompt injection or misalignment.

What this looks like in production

The agent is not hacked - it is doing exactly what tools allow. OpenClaw-style failures showed session and channel boundaries breaking under autonomous tool use.

What teams usually do about it

  • Scope tools narrowly and validate parameters at execution time.
  • Block dangerous combinations in tool chains.
  • Red-team tool abuse separately from prompt safety.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox