Subscribe to the Non-Human & AI Identity Journal
Agentic AI & Autonomous Identity

Tool Catalogue

← Back to Glossary
By NHI Mgmt Group Updated July 9, 2026 Domain: Agentic AI & Autonomous Identity

A tool catalogue is the list of actions, connectors, or capabilities an AI client can discover through an MCP server. When exposed without authentication, it can reveal internal structure, system names, and possible targets, giving attackers reconnaissance value before any direct compromise occurs.

Expanded Definition

A tool catalogue is the discoverable inventory of actions, connectors, or capabilities exposed by an MCP server to an AI client. In practice, it is the interface layer that tells an AI agent what it can call, what parameters it can pass, and what operational surface is available for execution authority. Under the NIST Cybersecurity Framework 2.0, discovery and access control should be treated as governed security functions, not convenience features.

Definitions vary across vendors because some tools catalogue entries are presented as harmless metadata, while others treat them as part of the agent’s effective trust boundary. In NHI and agentic AI environments, the catalogue matters because it can expose internal service names, workflow structure, environment hints, and latent attack paths even before a single action is invoked. NHI Management Group treats this as a visibility and exposure problem, not just an API documentation issue, because discovery data itself can become reconnaissance value. The most common misapplication is publishing the catalogue broadly without authentication or scoping, which occurs when teams assume “read-only” discovery cannot be abused.

Examples and Use Cases

Implementing a tool catalogue rigorously often introduces friction in onboarding and debugging, requiring organisations to weigh agent flexibility against the risk of overexposure. That tradeoff is especially important when the catalogue is used by autonomous systems that can chain tools faster than human reviewers can observe.

  • An internal AI coding assistant queries a private MCP server and enumerates deployment actions, secret lookup tools, and ticketing connectors. If exposed unauthenticated, the catalogue itself can reveal which production systems are in scope and which are not.
  • A support agent uses a catalogue to discover approved remediation tools, then invokes a limited set of connectors based on role and environment. This aligns with secure discovery patterns described in the NIST Cybersecurity Framework 2.0.
  • A red team reviews the catalogue as part of pre-exploitation reconnaissance and maps possible lateral movement paths before any payload is delivered. This is why NHI Management Group includes discovery surfaces in its guidance on the Ultimate Guide to NHIs.
  • An operations platform publishes separate catalogues per tenant so that an agent only discovers tools relevant to its assigned boundary, reducing cross-environment leakage.

Why It Matters in NHI Security

Tool catalogues are security-sensitive because they sit at the junction of identity, authorization, and capability exposure. If the catalogue is too broad, unauthenticated, or weakly segmented, attackers can learn system names, infer privilege boundaries, and identify the most promising targets for token theft or prompt-driven misuse. This is especially dangerous in environments where NHIs already carry excessive privileges, a pattern highlighted in NHI Management Group research where Ultimate Guide to NHIs reports that 97% of NHIs carry excessive privileges and only 5.7% of organisations have full visibility into their service accounts.

That combination means a catalogue can become the first readable map of an otherwise opaque machine identity estate. Controls should therefore include authenticated discovery, tenant scoping, least-privilege tool exposure, logging of catalogue access, and periodic review of what the client can enumerate versus what it can execute. Where agent governance is immature, catalogue exposure often precedes secret harvesting, tool chaining, and privilege escalation. Organisations typically encounter the impact only after a reconnaissance-driven incident or unexpected agent action, at which point tool catalogue control becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-01Tool discovery expands the attack surface and must be scoped like other NHI exposure points.
OWASP Agentic AI Top 10A2Agent tool selection and execution depend on the discovered catalogue surface.
NIST CSF 2.0PR.AC-3Access enforcement applies to who can discover and use exposed capabilities.
NIST Zero Trust (SP 800-207)PA-1Zero Trust requires explicit verification before a client can learn or invoke resources.
CSA MAESTROIIAAgentic systems need inventory and isolation of tools before execution authority is granted.

Restrict catalogue exposure to authenticated, least-privilege clients and log all discovery access.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org