MCP Tool

Tools are described to the model through name, description, and JSON schema. The model uses those descriptions to choose which tool to call and with what arguments, which is why tool poisoning and tool misuse attacks are so impactful.

MCP tools have several risk-relevant attributes:

• Name and description: Drive model tool selection and are vulnerable to poisoning.
• Input schema: Defines argument structure and constrains attacker creativity.
• Side effects: Read-only versus write-and-act behavior with very different blast radius.
• Permissions: Underlying credentials and scopes the tool inherits at execution.
• Observability: Logs and traces that link each call back to user, agent, and intent.

In production, MCP tools are also where most useful audit signal lives. Capturing tool names, arguments, and outcomes per call is the foundation for both forensics and runtime defense.

Programs that operate MCP tools well also tag each tool with sensitivity and blast-radius metadata, so policy decisions can use tool-level context rather than just identity.

How PointGuard AI Helps

PointGuard's MCP Security Gateway enforces tool-level policy, scans tool descriptions for poisoning, and produces unified telemetry across every tool an agent reaches. The result is a tool-level control surface that scales with the agent population and keeps audit trail complete.

Learn More

• Wikipedia: Model Context Protocol
• OWASP Top 10 for Agentic Applications
• MITRE ATLAS