← Back to glossary
Glossary

Tool Call Hijacking

Reviewed 9 April 2026 Canonical definition

Tool call hijacking is an attack where a malicious actor intercepts or manipulates an agent's tool call before it reaches the intended server — redirecting it to a different endpoint, modifying the parameters, or injecting additional actions. It exploits insufficiently authenticated transport channels and can result in data theft, privilege escalation, or unintended side effects in downstream systems.

Related articles

Product releases 5 Questions Every CISO Should Ask Before Deploying AI Agents MCP Best CI/CD Tools for MCP Integration Security Top Features of AI Vulnerability Scanning Tools

Related terms

Token-Based Authentication (Agent)TokenisationTool Call AuditingTool ChainTool PoisoningTool Registry