惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - Franky
有赞技术团队
有赞技术团队
博客园 - 司徒正美
量子位
N
News and Events Feed by Topic
T
Threatpost
Last Week in AI
Last Week in AI
D
Darknet – Hacking Tools, Hacker News & Cyber Security
酷 壳 – CoolShell
酷 壳 – CoolShell
C
CERT Recently Published Vulnerability Notes
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
I
Intezer
人人都是产品经理
人人都是产品经理
T
Tenable Blog
IT之家
IT之家
雷峰网
雷峰网
腾讯CDC
博客园 - 聂微东
V
Visual Studio Blog
S
SegmentFault 最新的问题
Scott Helme
Scott Helme
Spread Privacy
Spread Privacy
月光博客
月光博客
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
V2EX
大猫的无限游戏
大猫的无限游戏
Apple Machine Learning Research
Apple Machine Learning Research
爱范儿
爱范儿
T
Tailwind CSS Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
N
Netflix TechBlog - Medium
J
Java Code Geeks
宝玉的分享
宝玉的分享
F
Full Disclosure
WordPress大学
WordPress大学
A
Arctic Wolf
小众软件
小众软件
AWS News Blog
AWS News Blog
Attack and Defense Labs
Attack and Defense Labs
NISL@THU
NISL@THU
AI
AI
Hugging Face - Blog
Hugging Face - Blog
F
Fortinet All Blogs
云风的 BLOG
云风的 BLOG
N
News | PayPal Newsroom
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org

News and Events Feed by Topic

Securing AI Data Center: Architecture, Security Posture, and Emerging Standards New NCCoE Project: Asset Management and Visibility for Operational Technology (OT) Environments NIST Guidelines for Secure Remote Access in Water and Wastewater Systems NIST Workshop on Hardware CPE and CVSS Updates NCCoE Two-Pager Now Available: Effective OT Backup Management The Department of Commerce’s CHIPS Program Announces a Letter of Intent with Coherent for up to $50 Million to Expand Indium Phosphide Production Now Available: Practical Guidelines for Preventing and Mitigating Ransomware NIST NCCoE Genomic Data PETs Testbed & Dioptra Webinar NIST Mathematical Proof Supports Transition to a Continuous-Monitor-and-Update Security Model for AI Systems NCCoE Cybersecurity Connections Event: Accelerating the Adoption of Mobile Driver's Licenses NIST Expands AI Consortium’s Scope, Calls for New Members Now Available: NIST SP 1800-41, Responding to and Recovering from a Cyber Attack NCCoE Manufacturing Project Update NIST NCCoE Cyber AI Profile Virtual Working Session Series: Usability of the Profile Draft PNT Profile Updated to Align with NIST CSF 2.0 NIST NCCoE Cyber AI Profile Virtual Working Session Series: Extending the Technical Content CAISI Signs Agreements Regarding Frontier AI National Security Testing With Google DeepMind, Microsoft and xAI NIST NCCoE Cyber AI Profile Virtual Working Session Series: Updates to Profile Elements and Contents NICE Releases NICE Framework Components v2.2.0 Adoption of Mobile Driver’s Licenses for Financial Institutions Webinar NIST Updates NVD Operations to Address Record CVE Growth New Publication: Automation of the NIST Cryptographic Module Validation Program NIST Workshop on AI Incident Management Cybersecurity for IoT Workshop: Future Directions New Live Guidelines for Secure Software Development, Security, and Operations Practices Workshop on Blockchain and Distributed Ledger Technologies Improving the Nation’s Cybersecurity - an Open Forum NIST Guidelines on Implementing Mobile Driver’s Licenses for Financial Institutions NICE Webinar: Beyond Technical Skills - The Human Element of a Cyber Career Artificial Intelligence (AI) for Manufacturing Workshop Safeguarding Health Information: Building Assurance through HIPAA Security 2026 Workshop on Blockchain and Distributed Ledger Technologies 2026 Time and Frequency Seminar NCCoE Project Portfolio Webinar MLXN: Machine Learning for X-ray and Neutron Scattering Comment Now: Draft Guidelines on Data Classification Practices Technologies and Use Cases for Smart Standards NIST Allocates Over $3 Million to Small Businesses Advancing AI, Biotechnology, Semiconductors, Quantum and More Building the Strategic Supply Chain Network Iris Experts Group Annual Meeting New Concept Paper on Identity and Authority of Software Agents SUSHI@NIST: Rolling Next-Generation Secure Hardware into Standards Now Available! Transit Cybersecurity Framework Community Profile Now Available: NIST NCCoE Project Portfolio Cyber AI Workshop #2 NIST Launches Centers for AI in Manufacturing and Critical Infrastructure Apply on USAJobs: Open CAISI Position for an AI Research Scientist Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines Secure Software Development Framework (SSDF) Version 1.2 is Available for Public Comment Just Published! Final NIST Telehealth Smart Home Integration Cybersecurity White Paper Draft NIST Guidelines Rethink Cybersecurity for the AI Era Comment & Save the Date Now! NIST Cyber AI Profile Preliminary Draft & Workshop Final NCCoE IoT Secure Onboarding Publications Now Available! Mobile Driver’s License Project Update Webinar NCCoE Cybersecurity Connections – Strengthening the Cybersecurity Workforce New Draft White Paper | PQC Migration: Mappings to Risk Framework Docs Now Available: NIST Final SP 1800-37, Addressing Visibility Challenges with TLS 1.3 NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States Feedback Requested: NIST Cryptographic Module Validation Program White Paper New NIST NCCoE Mobile Drivers Licenses Project Resources Now Available! CSF 2.0 Webinar Series: Deep-Dive into the CSF 2.0 Govern Function to Improve Cybersecurity Final Publication Available: NIST IR 8523, Multi-Factor Authentication for Criminal Justice Information Systems Federal Investments in IoT Infrastructure Offer 10-20x Return, NIST Study Finds Final NIST IR 8349 Released: Characterize & Secure Your IoT Devices NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases We Want Your Feedback! Developing a Transit Cybersecurity Framework Community Profile Advances in Automation of Quantum Dot Devices Control Empowering Future Innovators: NIST CTL Connects Cybersecurity Students with Real-World Research NIST Awards Over $1.8 Million to Small Businesses Advancing AI, Semiconductors, Additive Manufacturing and More NIST Researchers Demonstrate that Superconducting Neural Networks Can Learn on Their Own STPPA8: Special Topics on Privacy and Public Auditability — Event 8: Experimenting with Privacy-Enhancing Cryptography (PEC) Implementations NIST Finalizes ‘Lightweight Cryptography’ Standard to Protect Small Devices NIST Releases Test Tools to Accelerate Adoption of Emerging Route Leak Mitigation Standards Second Seminar on Building an In-Space Circular Economy
Lessons Learned from the Consortium: Tool Use in Agent Systems
2025-08-05 · via News and Events Feed by Topic

Today concerted attention across the AI ecosystem focuses on creating effective AI agents. Increasingly capable AI agents promise great opportunities for economic competitiveness, but also require their developers, deployers, and users to manage security and reliability risks. AI agents can perceive and take actions in environments; the leading AI agent paradigm today embeds general-purpose AI models into systems with software scaffolding that enable a model to manipulate tools to take actions beyond simple text output. AI agents are increasingly deployed as experimental products that can build software applications, browse the internet, and more.

To date there has been no attempt to provide a comprehensive taxonomy of these agent tools. Such a taxonomy could enable actors across the AI supply chain to more clearly share information about system capabilities and considerations. For example, this can enable an AI agent developer to share tool capabilities and limitations with downstream developers to create applications that make full use of agent capabilities. It can similarly support third-party researchers and users to report flaws or incidents with categories of AI agent tools. A shared vocabulary can support this communication.

To take steps toward providing this resource, CAISI and NIST hosted an AISIC workshop with approximately 140 experts in January. Below we present lessons learned from the community through that workshop.

Participants identified various approaches to structure a taxonomy of tool use, including:

  1. Functionality-focused: What action(s) does the tool enable?
  2. Access patterns: Can the tools access external resources? May they be configured with write permissions?
  3. Risk-based: How critical is the type of tool-enabled action to realizing possible harms? How severe are the possible harms? Are the actions stateful (i.e., compounding, lingering effects) or stateless? Are they reversible?
  4. Reliability: Can the tool be used with some level of consistency by a given model? Is the tool itself reliable?
  5. Modality: the form in which the tool is used, whether in plain text, via robotics commands, multimodal, or otherwise.
  6. Monitoring: Tools may enable different levels of observability, with some able to leverage existing logs or transcripts, while others require novel approaches to observe the effects of tool-enabled actions.
  7. Autonomy: the extent to which the agent can take initiative or exercise discretion in using the tool without user intervention.

Each approach above has its strengths and weaknesses. Some approaches may invoke things beyond the tool. A risk-based taxonomy, for example, will depend on deployment conditions; access patterns, autonomy, and other approaches may depend on the ways in which a tool is implemented in practice. Rather than homing in on one single taxonomy, workshop participants raised these multiple approaches, and some suggested that multidimensional intersections across multiple taxonomies would be a promising direction for future work. In practice, taxonomies may build upon or otherwise complement each other: One structured around monitoring may be informed by a risk-based taxonomy, which in turn may be informed by functionality-focused or access patterns. Stakeholders may benefit from creating taxonomies of tool use to fit their particular needs.

Consider below two taxonomies that address approaches identified in the AISIC workshop. The first takes a functional approach, categorizing tools by what they enable the model to do. Reflecting workshop discussions, it aims for comprehensive coverage for the categories of tools that enable types of actions. The taxonomy provides a clear baseline that can be expanded or tailored to particular needs. Developers may use these types as a structured way to reason about the capabilities of their agent systems during system development, and to subsequently communicate externally on what types of actions are possible and which ones may be constrained. Indeed, within each category, example tools may be more or less constrained, e.g., sensors may be subject to filters that reduce the risk of indirect prompt injections from search results.

Figure 1. Functionality-Oriented Taxonomy of Tools in AI Agent Systems

PurposeTypeExamples
Perception: ways a model may perceive the environmentSensorsInternal database, monitoring, diagnostics, GUI, voice, internet search, physical world
Reasoning: ways that a model may reason beyond inferencePlanningTask-decomposition, path-finding models
AnalysisScratchpads, calculators, simulations
Resource managementMemory, self-management
Action: ways that a model may directly affect the environmentAuthenticationLogin, CAPTCHA, wallet
Computer useApplication-specific GUI interaction, website interactions, computer use
Running codeSandboxed code interpreter, IDE, file operations, code execution
Software extensionsCalendar, social media API
Physical extensionsRobotic arm, laboratory tools in factory setting, robot in an open environment
Human interactionPhone calls
Agent interactionMulti-agent simulation, sub-agents that can interact with outside world, third-party agent interactions

The second taxonomy addresses the constraints that may limit the actions possible with tool use. It considers constraints as a function of tool permissions and the action environment. Some tools may enable read-only actions, while others enable (“write”) actions that impact state. In practice, many agent implementations may limit write access by using tools with restricted interactions or constraining otherwise plausibly unlimited tools like code execution. Some agent implementations may access untrusted resources like the open internet, whereas others are designed for deployment in sanitized settings. This taxonomy reflects access patterns raised in the workshop. Stakeholders may deepen these categories with additional gradations of “write” permissions or trust levels. Such efforts, together with specific knowledge of deployments, may be useful to develop a specific agent risk taxonomy or to perform a risk assessment, complementing additional resources like NIST AI 600-1.

Figure 2. Taxonomy of Constrained Tool Access Patterns with Example AI Agent Systems

Tool Permissions/ EnvironmentRead Only(Constrained) WriteWrite
Trusted EnvironmentsRAGApplication-specific GUI or API useCoding agent in a trusted repository
Untrusted EnvironmentsDeep researchBrowser useComputer use

The Consortium contributed valuable expertise to shape these taxonomies and identify additional approaches that can be expanded upon in the future. We invite your feedback and encourage you to adapt and expand upon these findings to serve your needs. Tool taxonomies are one method to improve transparency on capabilities and deployments along the AI agent value chain. We welcome your engagement as we evaluate how best to support stakeholders in AI agent development and deployment. You can share comments via email to CAISI-agents [at] nist.gov.