← Latest news 
AI tool poisoning reveals enterprise agents can trust signed tools that secretly change behavior
Technology
Published on 10 May 2026
Signed tools can still pass—then exfiltrate later
Enterprise AI agents pick tools from shared registries using natural-language descriptions, without human verification that those descriptions are true. Research highlights that “tool poisoning” isn’t one bug but multiple failures across selection and execution. Legacy supply-chain controls prove artifact integrity, not behavioral integrity—so a signed, verifiably sourced tool can still inject instructions, drift over time, or break contracts.
- Artifact integrity tools like SBOM and signatures do not verify real runtime behavior
- Description and metadata can smuggle instructions that steer tool choice and actions
- Server-side behavioral drift can exfiltrate data weeks after a clean attestation
- A runtime verification proxy for MCP can enforce endpoint allowlists and output schemas
Read the full story at Venture Beat
This summarization was done by Beige for a story published on 
Venture Beat