security2026-01-251 min read
Tooling Catalog and Blast Radius Control
Treat tools as product surface area—documented schemas, permissions, and safe defaults.
title: Tooling Catalog and Blast Radius Control
description: Treat tools as product surface area—documented schemas, permissions, and safe defaults.
date: 2026-01-25
tags: [security, governance, tools, compliance]
The problem
Tools are where agents become actionable—and where risk becomes real.
Make tools first-class assets
For every tool:
- schema (inputs/outputs)
- permissions required
- data sources touched
- rate limits / timeouts
- error behavior
- audit fields emitted
Blast radius controls
- per-tenant allowlists
- per-workflow allowlists
- max tool calls per run
- max bytes per tool response
Operational guardrails
- circuit breaker on repeated failures
- idempotency keys for external writes
- “dry-run” mode for new workflows
Related insights
View all →security2026-01-22
Data Minimization for Agentic AI
Reduce data exposure while improving reliability—scoped retrieval, redaction, and least-privilege connectors.
security2026-01-12
Security Posture for Agent Platforms
Threat model, isolation boundaries, key management, and safe tool execution for multi-tenant agentic systems.
security2026-01-24
Incident Response for LLM Agents
Runbooks for misfires—containment, rollback, evidence capture, and post-incident improvements.
auditability2026-01-18
Audit Evidence and Lineage for LLM Agents
How to generate audit-ready evidence from agent runs—tool call lineage, approvals, and replayability.
Governance2026-01-12
Governance-First Agentic AI: A Practical Blueprint
A step-by-step blueprint for governed agents: policy gates, audit evidence, risk controls, and enterprise deployment patterns.
governance2026-01-05
Enterprise AI Governance Basics
A practical governance baseline for agentic AI: policies, approvals, audits, and risk controls.