The step where an agent learns what actions, tools, or resources a server offers before using them. For agentic systems, this is not just a usability feature. It is a security checkpoint because discovery determines the authority the agent may inherit and the controls that must validate that authority.
Expanded Definition
Capability discovery is the moment an agent inspects a server, API, or tool interface to learn which actions are available, what inputs are accepted, and which constraints or permissions apply before execution. In agentic systems, this is a security boundary, not merely a convenience feature, because the discovery result can shape the authority the agent believes it has.
Definitions vary across vendors, especially when discovery is bundled with onboarding, negotiation, or tool registration. In NHI governance, the term is best treated as a control point that should expose only the minimum capabilities required for the task, with policy checks applied before any action is invoked. That aligns with the intent of the NIST Cybersecurity Framework 2.0, which emphasises governed access and risk-aware control selection rather than blind connectivity.
NHI Management Group sees capability discovery as part of the identity and trust handshake between an autonomous actor and the systems it wants to use. The most common misapplication is treating discovery as a harmless metadata lookup, which occurs when teams let agents enumerate broad toolsets before authorization and policy validation are enforced.
Examples and Use Cases
Implementing capability discovery rigorously often introduces latency and design complexity, requiring organisations to weigh faster agent autonomy against tighter validation of what the agent is allowed to do.
- An AI agent queries a tool registry and receives only the actions it may call under its current role, preventing the agent from assuming access to high-risk functions it has not been approved to use.
- A service account discovers an API schema before invoking endpoints, but the platform filters hidden or privileged operations so discovery does not become a side channel for privilege mapping.
- An orchestration layer checks capabilities against policy at runtime, using the discovery response as input to least-privilege enforcement rather than as a blanket permission grant.
- A development team reviews discovery logs to identify tools that expose more actions than the workload needs, then reduces the surface area as part of the NHI Lifecycle Management Guide.
- A platform compares agent-discovered capabilities with published schema and vendor documentation, then flags unexpected actions as part of the control review described in Top 10 NHI Issues.
Discovery should also be constrained by trust context, not just by technical availability, which is why teams often pair it with zero-trust policy enforcement and schema review in mature environments.
Why It Matters in NHI Security
Capability discovery matters because agents often act on what they can see, not just what they were intended to use. If discovery is too broad, a malicious or misconfigured agent can enumerate hidden endpoints, infer privileged operations, and escalate from observation to misuse. That risk becomes more severe in environments where NHIs already carry excessive privileges, a pattern documented in the Ultimate Guide to NHIs, which notes that 97% of NHIs carry excessive privileges. Discovery then becomes the first place that overexposure is revealed.
This is why capability discovery should be paired with inventory, policy enforcement, and continuous validation. If an agent can discover a tool, it does not automatically mean it should inherit the right to use it. The security objective is to make discoverability narrower than authorization and observable enough to audit.
Organisations typically encounter the operational impact of capability discovery only after an agent unexpectedly reaches a sensitive function, at which point the discovery layer becomes unavoidable to investigate and contain.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent tool discovery is a core control issue in agentic security guidance. | |
| OWASP Non-Human Identity Top 10 | NHI-01 | Discovery expands NHI attack surface by exposing available identities and actions. |
| NIST Zero Trust (SP 800-207) | Zero trust requires continuous verification before discovered capabilities are trusted. |
Restrict tool discovery to approved capabilities and validate every exposed action before execution.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 11, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
