APIM

Preventing OWASP ASI02 Tool Misuse in a .NET AI agent with date range limits, page size caps, read-only tools, egress controls, and managed identity.

Preventing Tool Misuse in AI Agents

In my side project (Biotrackr), I have a chat agent that I use to query my data using natural language. This agent has 12 tools that call APIs to retrieve data that provides context to a LLM. I’m using Claude as my LLM provider, so Claude will decide which tool to call, and with what parameters. Let’s pretend that we are bad actors trying to disrupt my agent. Say we decide to prompt inject the agent, and get it to perform an expensive query to retrieve 100 years of data (I’m not that old thankfully!) in an attempt to return a massive payload, consume thousands of Claude API tokens, and hammer my APIM gateway. ...

March 11, 2026 · 14 min · Will Velida
Preventing OWASP ASI05 Unexpected Code Execution in a .NET AI agent with input validation, non-root containers, static tool registration, and runtime monitoring.

Preventing Unexpected Code Execution in AI Agents

Can your AI Agent run code? If not, you probably don’t think that unexpected code execution applies to you. However, this goes a lot deeper than eval(). Input validation, container security, static analysis, and runtime monitoring all play a part here. Even an Agent with read-only capabilities and no code interpreter has an execution environment, tool parameters that flow from LLM output, and a CI/CD pipeline that needs to be secure. ...

March 11, 2026 · 16 min · Will Velida