Table of Contents
Fetching ...

Securing GenAI Multi-Agent Systems Against Tool Squatting: A Zero Trust Registry-Based Approach

Vineeth Sai Narajala, Ken Huang, Idan Habler

TL;DR

This work tackles the security risk of tool squatting in GenAI MAS by proposing a centralized, admin-controlled Tool Registry framework that enforces zero trust through admin-verified registrations, policy-based access, and just-in-time credentialing. The architecture comprises Tool and Agent Registries, Access Control, Credential Management, and Monitoring, tied together by an API gateway and SBOM/VC-based data management and dynamic trust scoring. Key contributions include a formal threat analysis of tool squatting, a secure registry design, JIT credential flow, and a PoC implementation concept that integrates with A2A and MCP protocols. The approach aims to secure tool discovery and invocation in enterprise MAS while balancing security with usability and operational deployment considerations.

Abstract

The rise of generative AI (GenAI) multi-agent systems (MAS) necessitates standardized protocols enabling agents to discover and interact with external tools. However, these protocols introduce new security challenges, particularly; tool squatting; the deceptive registration or representation of tools. This paper analyzes tool squatting threats within the context of emerging interoperability standards, such as Model Context Protocol (MCP) or seamless communication between agents protocols. It introduces a comprehensive Tool Registry system designed to mitigate these risks. We propose a security-focused architecture featuring admin-controlled registration, centralized tool discovery, fine grained access policies enforced via dedicated Agent and Tool Registry services, a dynamic trust scoring mechanism based on tool versioning and known vulnerabilities, and just in time credential provisioning. Based on its design principles, the proposed registry framework aims to effectively prevent common tool squatting vectors while preserving the flexibility and power of multi-agent systems. This work addresses a critical security gap in the rapidly evolving GenAI ecosystem and provides a foundation for secure tool integration in production environments.

Securing GenAI Multi-Agent Systems Against Tool Squatting: A Zero Trust Registry-Based Approach

TL;DR

This work tackles the security risk of tool squatting in GenAI MAS by proposing a centralized, admin-controlled Tool Registry framework that enforces zero trust through admin-verified registrations, policy-based access, and just-in-time credentialing. The architecture comprises Tool and Agent Registries, Access Control, Credential Management, and Monitoring, tied together by an API gateway and SBOM/VC-based data management and dynamic trust scoring. Key contributions include a formal threat analysis of tool squatting, a secure registry design, JIT credential flow, and a PoC implementation concept that integrates with A2A and MCP protocols. The approach aims to secure tool discovery and invocation in enterprise MAS while balancing security with usability and operational deployment considerations.

Abstract

The rise of generative AI (GenAI) multi-agent systems (MAS) necessitates standardized protocols enabling agents to discover and interact with external tools. However, these protocols introduce new security challenges, particularly; tool squatting; the deceptive registration or representation of tools. This paper analyzes tool squatting threats within the context of emerging interoperability standards, such as Model Context Protocol (MCP) or seamless communication between agents protocols. It introduces a comprehensive Tool Registry system designed to mitigate these risks. We propose a security-focused architecture featuring admin-controlled registration, centralized tool discovery, fine grained access policies enforced via dedicated Agent and Tool Registry services, a dynamic trust scoring mechanism based on tool versioning and known vulnerabilities, and just in time credential provisioning. Based on its design principles, the proposed registry framework aims to effectively prevent common tool squatting vectors while preserving the flexibility and power of multi-agent systems. This work addresses a critical security gap in the rapidly evolving GenAI ecosystem and provides a foundation for secure tool integration in production environments.
Paper Structure (32 sections, 4 figures, 1 table)