English

AgenTRIM: Tool Risk Mitigation for Agentic AI

Cryptography and Security 2026-01-21 v1 Artificial Intelligence

Abstract

AI agents are autonomous systems that combine LLMs with external tools to solve complex tasks. While such tools extend capability, improper tool permissions introduce security risks such as indirect prompt injection and tool misuse. We characterize these failures as unbalanced tool-driven agency. Agents may retain unnecessary permissions (excessive agency) or fail to invoke required tools (insufficient agency), amplifying the attack surface and reducing performance. We introduce AgenTRIM, a framework for detecting and mitigating tool-driven agency risks without altering an agent's internal reasoning. AgenTRIM addresses these risks through complementary offline and online phases. Offline, AgenTRIM reconstructs and verifies the agent's tool interface from code and execution traces. At runtime, it enforces per-step least-privilege tool access through adaptive filtering and status-aware validation of tool calls. Evaluating on the AgentDojo benchmark, AgenTRIM substantially reduces attack success while maintaining high task performance. Additional experiments show robustness to description-based attacks and effective enforcement of explicit safety policies. Together, these results demonstrate that AgenTRIM provides a practical, capability-preserving approach to safer tool use in LLM-based agents.

Keywords

Cite

@article{arxiv.2601.12449,
  title  = {AgenTRIM: Tool Risk Mitigation for Agentic AI},
  author = {Roy Betser and Shamik Bose and Amit Giloni and Chiara Picardi and Sindhu Padakandla and Roman Vainshtein},
  journal= {arXiv preprint arXiv:2601.12449},
  year   = {2026}
}

Comments

Under review

R2 v1 2026-07-01T09:09:34.517Z