AVE-2025-0026 — Confused Deputy Attack

Confused Deputy Attack

🔴 CRITICAL tool proven AVE-2025-0026

· aka: Tool Trust Exploitation, Tool Description Poisoning

Summary

LLMs blindly trust their own tool descriptions. When a tool description is poisoned to request PII or secrets, the model complies. 100% exploitation rate on Claude and Gemini.

Blast Radius

Full PII/API key exfiltration. Cross-model systemic vulnerability.

Prerequisites

Agent with tool-calling capability and dynamic tool registry.

Environment

Frameworks: LangGraph
Models tested: [Available in NAIL SDK]
Multi-agent: No
Tools required: Yes
Memory required: No

AVE-2025-0014
AVE-2025-0032
AVE-2025-0028
AVE-2025-0027
CWE: CWE-441 (Unintended Proxy or Intermediary / Confused Deputy)

🛡️ NAIL Institute — AVE Database

Confused Deputy Attack

Summary

Blast Radius

Prerequisites

Environment

Related