Tool discovery

The process by which an AI agent learns what functions or actions are available to it at runtime. It becomes a security issue when discovery is broader than entitlement, because the agent can map capabilities even when it should not be able to use them.

Expanded Definition

Tool discovery describes the runtime process an AI agent uses to identify available functions, APIs, plugins, or actions before deciding what to call. In NHI and agentic AI environments, it sits between orchestration and authorization, so the security question is not just what the agent can invoke, but what it can learn exists. Usage in the industry is still evolving, and definitions vary across vendors, especially around whether discovery is a planning feature, a registry lookup, or an agent-side capability scan. For governance, the important distinction is that discovery can expose a broader capability surface than actual entitlement. That makes it a visibility issue and a control issue at the same time, particularly when agent tooling spans NIST Cybersecurity Framework 2.0 control domains for access management and monitoring.

The most common misapplication is treating tool discovery as harmless metadata, which occurs when teams allow unrestricted enumeration of actions even though execution should remain tightly scoped.

Examples and Use Cases

Implementing tool discovery rigorously often introduces latency and policy complexity, requiring organisations to weigh faster agent planning against tighter control over what the agent can enumerate and infer.

• An internal support agent queries a tool registry and learns about incident-response actions it should never see in production.
• A code-generation agent inspects available deployment tools, then maps out CI/CD functions that exceed its assigned RBAC role.
• An MCP-connected agent discovers secret-management and database utilities, but only a subset is approved for its workflow.
• A governance team reviews discovery logs against the NHI Lifecycle Management Guide to verify that runtime visibility matches approved entitlements.
• Security engineers use discovery telemetry to compare an agent’s observable tool surface with the narrower action set documented in Top 10 NHI Issues.

Tool discovery should also be assessed alongside NIST Cybersecurity Framework 2.0 because enumeration without governance can become a precursor to overreach, even when the agent never executes the discovered tools.

Why It Matters in NHI Security

Tool discovery matters because modern AI agents often operate with delegated execution authority, and broad discovery can reveal paths into systems that were never meant to be agent-addressable. That exposure becomes dangerous when an agent is compromised, misrouted, or prompted into unsafe behavior, because the attacker inherits not only what the agent can do, but what it has learned about the environment. In practice, this is where discovery becomes a bridge to privilege escalation, data access, and lateral movement. The risk is amplified when discovery surfaces stale, overbroad, or third-party tools, which is why governance should treat runtime visibility as part of the attack surface. NHIMG research shows that Ultimate Guide to NHIs — Key Challenges and Risks reports 97% of NHIs carry excessive privileges, which makes broad discovery especially hazardous when entitlement boundaries are already weak.

Organisations typically encounter the consequences only after an agent has mapped more capabilities than expected, at which point tool discovery becomes operationally unavoidable to address.

Related resources from NHI Mgmt Group

• When should organizations consider adopting advanced tool discovery for AI agents?
• Why is NHI discovery and inventory the primary goal of NHI security?
• Why is continuous discovery of AI agents important?
• When does secrets discovery become insufficient on its own?