🛡️ NAIL Institute — AVE Database

← Back to Database

Tool Permission Escalation

🔴 CRITICAL tool proven AVE-2025-0096

· aka: Tool Scope Creep

Summary

Agent uses one tool's capabilities to access functionality of another, more privileged tool, bypassing tool-level access controls.

Blast Radius

Access to privileged tools without authorisation.

Prerequisites

Agent with multiple tools at different privilege levels.

Environment

Frameworks: LangGraph
Models tested: [Available in NAIL SDK]
Multi-agent: No
Tools required: Yes
Memory required: No

Related