Glossary term
Glossary term
Security
Controls limiting which tools, actions, data, and credentials an agent can access.
LangGraph's tool-binding API supports per-agent tool lists - a customer-facing agent is bound only to knowledge-base search and ticket-creation tools, with no access to admin or billing tools.
AWS Bedrock Agents use IAM resource-based policies to restrict which Lambda functions (tools) each agent can invoke - a read-only research agent cannot invoke write-operation Lambda functions.
Anthropic's enterprise deployment guide recommends using OAuth 2.0 scopes to limit agent tool permissions - an agent authorised for 'calendar:read' cannot book or delete calendar events even if instructed to.