Agentic tool-chain confused deputy TL;DR: Manipulate tool metadata or shared state across a multi-tool agent loop so the agent uses a trusted tool to exfil on the attacker’s behalf. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://www.crowdstrike.com/en-us/blog/how-agentic-tool-chain-attacks-threaten-ai-agent-security/