Tool-use failure
Tool Misuse in AI Agents
When agents pick the wrong tool, pass bad arguments, ignore tool output, or act without required confirmation.
What failed
Tool misuse occurs when an AI agent selects the wrong tool, calls a tool at the wrong time, passes invalid arguments, ignores tool output, overuses tools, or takes an action that should have required confirmation. This failure mode is central to agentic systems because tools connect model reasoning to real workflows.
Architecture context
Customer support agents, sales assistants, data analysts, IT automation agents, coding agents, CRM agents, procurement workflows, and internal operations copilots.
Impact
A tool-use mistake can change records, send messages, retrieve the wrong data, expose sensitive information, trigger unnecessary costs, or create a cascade of downstream failures. Tool misuse is especially risky when agents have write access, customer-facing permissions, or operational authority.
Symptoms
- The agent calls a tool unrelated to the user request.
- The tool is called with missing, malformed, or unsafe arguments.
- The agent ignores an error returned by the tool.
- The agent retries the same failing tool call repeatedly.
- The agent takes action without required approval.
- The final answer contradicts tool output.
Detection signals
- Tool-call error rates.
- Invalid argument frequency.
- Tool-output/output contradiction.
- Excessive retries.
- Tool calls outside allowed workflow state.
- Write actions without confirmation.
- User corrections after tool execution.
Mitigations
- Improve tool descriptions and schemas.
- Add strict argument validation.
- Require confirmation for write actions.
- Use policy gates for sensitive tools.
- Add tool-call allowlists by workflow.
- Add recovery behavior for tool errors.
- Evaluate tool-use behavior after model or prompt changes.