惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

有赞技术团队
有赞技术团队
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
C
Cisco Blogs
The Hacker News
The Hacker News
T
Threatpost
S
Schneier on Security
K
Kaspersky official blog
Spread Privacy
Spread Privacy
博客园_首页
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
NISL@THU
NISL@THU
量子位
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google DeepMind News
Google DeepMind News
Security Latest
Security Latest
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
博客园 - 叶小钗
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
News and Events Feed by Topic
爱范儿
爱范儿
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
Project Zero
Project Zero
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Cisco Talos Blog
Cisco Talos Blog
GbyAI
GbyAI
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Apple Machine Learning Research
Apple Machine Learning Research
T
Tenable Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
Forbes - Security
Forbes - Security
博客园 - 三生石上(FineUI控件)
C
Cyber Attacks, Cyber Crime and Cyber Security
N
News and Events Feed by Topic
V
V2EX
Webroot Blog
Webroot Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Blog — PlanetScale
Blog — PlanetScale
M
MIT News - Artificial intelligence
Scott Helme
Scott Helme
Simon Willison's Weblog
Simon Willison's Weblog
L
LangChain Blog
W
WeLiveSecurity
Cloudbric
Cloudbric

News and Events Feed by Topic

Securing AI Data Center: Architecture, Security Posture, and Emerging Standards New NCCoE Project: Asset Management and Visibility for Operational Technology (OT) Environments NIST Guidelines for Secure Remote Access in Water and Wastewater Systems NIST Workshop on Hardware CPE and CVSS Updates NCCoE Two-Pager Now Available: Effective OT Backup Management The Department of Commerce’s CHIPS Program Announces a Letter of Intent with Coherent for up to $50 Million to Expand Indium Phosphide Production Now Available: Practical Guidelines for Preventing and Mitigating Ransomware NIST NCCoE Genomic Data PETs Testbed & Dioptra Webinar NIST Mathematical Proof Supports Transition to a Continuous-Monitor-and-Update Security Model for AI Systems NCCoE Cybersecurity Connections Event: Accelerating the Adoption of Mobile Driver's Licenses NIST Expands AI Consortium’s Scope, Calls for New Members Now Available: NIST SP 1800-41, Responding to and Recovering from a Cyber Attack NCCoE Manufacturing Project Update NIST NCCoE Cyber AI Profile Virtual Working Session Series: Usability of the Profile Draft PNT Profile Updated to Align with NIST CSF 2.0 NIST NCCoE Cyber AI Profile Virtual Working Session Series: Extending the Technical Content CAISI Signs Agreements Regarding Frontier AI National Security Testing With Google DeepMind, Microsoft and xAI NIST NCCoE Cyber AI Profile Virtual Working Session Series: Updates to Profile Elements and Contents NICE Releases NICE Framework Components v2.2.0 Adoption of Mobile Driver’s Licenses for Financial Institutions Webinar NIST Updates NVD Operations to Address Record CVE Growth New Publication: Automation of the NIST Cryptographic Module Validation Program NIST Workshop on AI Incident Management Cybersecurity for IoT Workshop: Future Directions New Live Guidelines for Secure Software Development, Security, and Operations Practices Workshop on Blockchain and Distributed Ledger Technologies Improving the Nation’s Cybersecurity - an Open Forum NIST Guidelines on Implementing Mobile Driver’s Licenses for Financial Institutions NICE Webinar: Beyond Technical Skills - The Human Element of a Cyber Career Artificial Intelligence (AI) for Manufacturing Workshop Safeguarding Health Information: Building Assurance through HIPAA Security 2026 Workshop on Blockchain and Distributed Ledger Technologies 2026 Time and Frequency Seminar NCCoE Project Portfolio Webinar MLXN: Machine Learning for X-ray and Neutron Scattering Comment Now: Draft Guidelines on Data Classification Practices Technologies and Use Cases for Smart Standards NIST Allocates Over $3 Million to Small Businesses Advancing AI, Biotechnology, Semiconductors, Quantum and More Building the Strategic Supply Chain Network Iris Experts Group Annual Meeting New Concept Paper on Identity and Authority of Software Agents SUSHI@NIST: Rolling Next-Generation Secure Hardware into Standards Now Available! Transit Cybersecurity Framework Community Profile Now Available: NIST NCCoE Project Portfolio Cyber AI Workshop #2 NIST Launches Centers for AI in Manufacturing and Critical Infrastructure Apply on USAJobs: Open CAISI Position for an AI Research Scientist Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines Secure Software Development Framework (SSDF) Version 1.2 is Available for Public Comment Just Published! Final NIST Telehealth Smart Home Integration Cybersecurity White Paper Draft NIST Guidelines Rethink Cybersecurity for the AI Era Comment & Save the Date Now! NIST Cyber AI Profile Preliminary Draft & Workshop Final NCCoE IoT Secure Onboarding Publications Now Available! Mobile Driver’s License Project Update Webinar NCCoE Cybersecurity Connections – Strengthening the Cybersecurity Workforce New Draft White Paper | PQC Migration: Mappings to Risk Framework Docs Now Available: NIST Final SP 1800-37, Addressing Visibility Challenges with TLS 1.3 NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States Feedback Requested: NIST Cryptographic Module Validation Program White Paper New NIST NCCoE Mobile Drivers Licenses Project Resources Now Available! CSF 2.0 Webinar Series: Deep-Dive into the CSF 2.0 Govern Function to Improve Cybersecurity Final Publication Available: NIST IR 8523, Multi-Factor Authentication for Criminal Justice Information Systems Federal Investments in IoT Infrastructure Offer 10-20x Return, NIST Study Finds Final NIST IR 8349 Released: Characterize & Secure Your IoT Devices NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases We Want Your Feedback! Developing a Transit Cybersecurity Framework Community Profile Advances in Automation of Quantum Dot Devices Control Empowering Future Innovators: NIST CTL Connects Cybersecurity Students with Real-World Research NIST Awards Over $1.8 Million to Small Businesses Advancing AI, Semiconductors, Additive Manufacturing and More NIST Researchers Demonstrate that Superconducting Neural Networks Can Learn on Their Own STPPA8: Special Topics on Privacy and Public Auditability — Event 8: Experimenting with Privacy-Enhancing Cryptography (PEC) Implementations NIST Finalizes ‘Lightweight Cryptography’ Standard to Protect Small Devices NIST Releases Test Tools to Accelerate Adoption of Emerging Route Leak Mitigation Standards Second Seminar on Building an In-Space Circular Economy
Lessons Learned from the Consortium: Tool Use in Agent Systems
2025-08-05 · via News and Events Feed by Topic

Today concerted attention across the AI ecosystem focuses on creating effective AI agents. Increasingly capable AI agents promise great opportunities for economic competitiveness, but also require their developers, deployers, and users to manage security and reliability risks. AI agents can perceive and take actions in environments; the leading AI agent paradigm today embeds general-purpose AI models into systems with software scaffolding that enable a model to manipulate tools to take actions beyond simple text output. AI agents are increasingly deployed as experimental products that can build software applications, browse the internet, and more.

To date there has been no attempt to provide a comprehensive taxonomy of these agent tools. Such a taxonomy could enable actors across the AI supply chain to more clearly share information about system capabilities and considerations. For example, this can enable an AI agent developer to share tool capabilities and limitations with downstream developers to create applications that make full use of agent capabilities. It can similarly support third-party researchers and users to report flaws or incidents with categories of AI agent tools. A shared vocabulary can support this communication.

To take steps toward providing this resource, CAISI and NIST hosted an AISIC workshop with approximately 140 experts in January. Below we present lessons learned from the community through that workshop.

Participants identified various approaches to structure a taxonomy of tool use, including:

  1. Functionality-focused: What action(s) does the tool enable?
  2. Access patterns: Can the tools access external resources? May they be configured with write permissions?
  3. Risk-based: How critical is the type of tool-enabled action to realizing possible harms? How severe are the possible harms? Are the actions stateful (i.e., compounding, lingering effects) or stateless? Are they reversible?
  4. Reliability: Can the tool be used with some level of consistency by a given model? Is the tool itself reliable?
  5. Modality: the form in which the tool is used, whether in plain text, via robotics commands, multimodal, or otherwise.
  6. Monitoring: Tools may enable different levels of observability, with some able to leverage existing logs or transcripts, while others require novel approaches to observe the effects of tool-enabled actions.
  7. Autonomy: the extent to which the agent can take initiative or exercise discretion in using the tool without user intervention.

Each approach above has its strengths and weaknesses. Some approaches may invoke things beyond the tool. A risk-based taxonomy, for example, will depend on deployment conditions; access patterns, autonomy, and other approaches may depend on the ways in which a tool is implemented in practice. Rather than homing in on one single taxonomy, workshop participants raised these multiple approaches, and some suggested that multidimensional intersections across multiple taxonomies would be a promising direction for future work. In practice, taxonomies may build upon or otherwise complement each other: One structured around monitoring may be informed by a risk-based taxonomy, which in turn may be informed by functionality-focused or access patterns. Stakeholders may benefit from creating taxonomies of tool use to fit their particular needs.

Consider below two taxonomies that address approaches identified in the AISIC workshop. The first takes a functional approach, categorizing tools by what they enable the model to do. Reflecting workshop discussions, it aims for comprehensive coverage for the categories of tools that enable types of actions. The taxonomy provides a clear baseline that can be expanded or tailored to particular needs. Developers may use these types as a structured way to reason about the capabilities of their agent systems during system development, and to subsequently communicate externally on what types of actions are possible and which ones may be constrained. Indeed, within each category, example tools may be more or less constrained, e.g., sensors may be subject to filters that reduce the risk of indirect prompt injections from search results.

Figure 1. Functionality-Oriented Taxonomy of Tools in AI Agent Systems

PurposeTypeExamples
Perception: ways a model may perceive the environmentSensorsInternal database, monitoring, diagnostics, GUI, voice, internet search, physical world
Reasoning: ways that a model may reason beyond inferencePlanningTask-decomposition, path-finding models
AnalysisScratchpads, calculators, simulations
Resource managementMemory, self-management
Action: ways that a model may directly affect the environmentAuthenticationLogin, CAPTCHA, wallet
Computer useApplication-specific GUI interaction, website interactions, computer use
Running codeSandboxed code interpreter, IDE, file operations, code execution
Software extensionsCalendar, social media API
Physical extensionsRobotic arm, laboratory tools in factory setting, robot in an open environment
Human interactionPhone calls
Agent interactionMulti-agent simulation, sub-agents that can interact with outside world, third-party agent interactions

The second taxonomy addresses the constraints that may limit the actions possible with tool use. It considers constraints as a function of tool permissions and the action environment. Some tools may enable read-only actions, while others enable (“write”) actions that impact state. In practice, many agent implementations may limit write access by using tools with restricted interactions or constraining otherwise plausibly unlimited tools like code execution. Some agent implementations may access untrusted resources like the open internet, whereas others are designed for deployment in sanitized settings. This taxonomy reflects access patterns raised in the workshop. Stakeholders may deepen these categories with additional gradations of “write” permissions or trust levels. Such efforts, together with specific knowledge of deployments, may be useful to develop a specific agent risk taxonomy or to perform a risk assessment, complementing additional resources like NIST AI 600-1.

Figure 2. Taxonomy of Constrained Tool Access Patterns with Example AI Agent Systems

Tool Permissions/ EnvironmentRead Only(Constrained) WriteWrite
Trusted EnvironmentsRAGApplication-specific GUI or API useCoding agent in a trusted repository
Untrusted EnvironmentsDeep researchBrowser useComputer use

The Consortium contributed valuable expertise to shape these taxonomies and identify additional approaches that can be expanded upon in the future. We invite your feedback and encourage you to adapt and expand upon these findings to serve your needs. Tool taxonomies are one method to improve transparency on capabilities and deployments along the AI agent value chain. We welcome your engagement as we evaluate how best to support stakeholders in AI agent development and deployment. You can share comments via email to CAISI-agents [at] nist.gov.