Sunday 05 July 2026 07:26:07 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Tool use

A workflow where an LLM calls external functions or services.

Tool use is an LLM workflow in which the model can call external functions, APIs, databases, or other services to complete a task. Instead of only generating text, the model can ask a calculator, search system, ticketing API, or cloud action to do work and then use the result in its response.

In cyber security, tool use matters because it expands both capability and attack surface. A compromised prompt, malicious document, or prompt injection can try to steer the model into sending data, changing records, or triggering unsafe actions through connected tools. Defenders therefore treat tool-enabled agents like privileged automation: they use least-privilege credentials, strict allowlists, input validation, human approval for sensitive actions, and detailed logging. Properly controlled, tool use helps with detection, investigation, and response; poorly controlled, it can turn an AI assistant into an execution path for abuse.

← WIKICROOK index