Skip to content
← Back to explorer

When Lower Privileges Suffice: Investigating Over-Privileged Tool Selection in LLM Agents

Kaiyue Yang, Yuyan Bu, Jingwei Yi, Yuchi Wang, Biyu Zhou, Juntao Dai, Songlin Hu, Yaodong Yang · Jun 18, 2026 · Citations: 0

General Pairwise Preference Tool Use
Open arXiv Find Implementation RSS feed Shortlist (0)

How to use this page

Moderate trust

Use this for comparison and orientation, not as your only source.

Best use

Secondary protocol comparison source

What to verify

Validate the evaluation procedure and quality controls in the full paper before operational use.

Evidence quality

Moderate

Derived from extracted protocol signals and abstract evidence.

Abstract

As LLM agents increasingly select tools autonomously, their choices among tools with different privileges become safety-relevant. However, prior tool-selection studies focus on safety-agnostic metadata preferences, leaving privilege-sensitive choices underexplored. To address this gap, we study over-privileged tool selection, in which an agent selects or escalates to a higher-privilege tool despite a sufficient lower-privilege alternative. We introduce ToolPrivBench to evaluate whether agents choose higher-privilege tools despite sufficient lower-privilege alternatives, measuring both initial selection and escalation after transient tool failures. Across eight domains and five recurring risk patterns, we find that over-privileged tool selection is common among mainstream LLM agents and is further amplified by transient failures. We further find that general safety alignment does not reliably transfer to least-privilege tool choice, while prompt-level controls provide only limited mitigation under transient failures. We therefore introduce a privilege-aware post-training defense that teaches agents to prefer sufficient lower-privilege tools and escalate only when necessary. Our mitigation experiments show that this defense substantially reduces unnecessary high-privilege tool use while preserving general capabilities.

Should You Rely On This Paper?

This paper has useful evaluation signal, but protocol completeness is partial; pair it with related papers before deciding implementation strategy.

Best use

Secondary protocol comparison source

Use if you need

A secondary eval reference to pair with stronger protocol papers.

Main weakness

No major weakness surfaced.

Trust level

Moderate

Usefulness score

50/100 • Medium

Useful as a secondary reference; validate protocol details against neighboring papers.

Human Feedback Signal

Detected

Evaluation Signal

Detected

Usefulness for eval research

Moderate-confidence candidate

Extraction confidence 60%

If you are doing eval pipeline work, start here:

Human Eval Hub LLM-as-Judge Hub Pairwise Preference Hub Tool-Use Eval Hub

What We Could Verify

These are the protocol signals we could actually recover from the available paper metadata. Use them to decide whether this paper is worth deeper reading.

Human Feedback Types

strong

Pairwise Preference

Directly usable for protocol triage.

"As LLM agents increasingly select tools autonomously, their choices among tools with different privileges become safety-relevant."

Evaluation Modes

missing

None explicit

Validate eval design from full paper text.

"As LLM agents increasingly select tools autonomously, their choices among tools with different privileges become safety-relevant."

Quality Controls

missing

Not reported

No explicit QC controls found.

"As LLM agents increasingly select tools autonomously, their choices among tools with different privileges become safety-relevant."

Benchmarks / Datasets

strong

Toolprivbench

Useful for quick benchmark comparison.

"We introduce ToolPrivBench to evaluate whether agents choose higher-privilege tools despite sufficient lower-privilege alternatives, measuring both initial selection and escalation after transient tool failures."

Reported Metrics

missing

Not extracted

No metric anchors detected.

"As LLM agents increasingly select tools autonomously, their choices among tools with different privileges become safety-relevant."

Human Feedback Details

  • Uses human feedback: Yes
  • Feedback types: Pairwise Preference
  • Rater population: Not reported
  • Expertise required: General

Evaluation Details

  • Evaluation modes:
  • Agentic eval: Tool Use
  • Quality controls: Not reported
  • Evidence quality: Moderate
  • Use this page as: Secondary protocol comparison source

Protocol And Measurement Signals

Benchmarks / Datasets

Toolprivbench

Reported Metrics

No metric terms were extracted from the available abstract.

Research Brief

Metadata summary

As LLM agents increasingly select tools autonomously, their choices among tools with different privileges become safety-relevant.

Based on abstract + metadata only. Check the source paper before making high-confidence protocol decisions.

Key Takeaways

  • As LLM agents increasingly select tools autonomously, their choices among tools with different privileges become safety-relevant.
  • However, prior tool-selection studies focus on safety-agnostic metadata preferences, leaving privilege-sensitive choices underexplored.
  • To address this gap, we study over-privileged tool selection, in which an agent selects or escalates to a higher-privilege tool despite a sufficient lower-privilege alternative.

Researcher Actions

  • Compare this paper against nearby papers in the same arXiv category before using it for protocol decisions.
  • Validate inferred eval signals (Tool-use evaluation) against the full paper.
  • Use related-paper links to find stronger protocol-specific references.

Caveats

  • Generated from abstract + metadata only; no PDF parsing.
  • Signals below are heuristic and may miss details reported outside the abstract.

Recommended Queries

Research Summary

Contribution Summary

  • As LLM agents increasingly select tools autonomously, their choices among tools with different privileges become safety-relevant.
  • However, prior tool-selection studies focus on safety-agnostic metadata preferences, leaving privilege-sensitive choices underexplored.
  • We introduce ToolPrivBench to evaluate whether agents choose higher-privilege tools despite sufficient lower-privilege alternatives, measuring both initial selection and escalation after transient tool failures.

Why It Matters For Eval

  • As LLM agents increasingly select tools autonomously, their choices among tools with different privileges become safety-relevant.
  • We introduce ToolPrivBench to evaluate whether agents choose higher-privilege tools despite sufficient lower-privilege alternatives, measuring both initial selection and escalation after transient tool failures.

Researcher Checklist

  • Pass: Human feedback protocol is explicit

    Detected: Pairwise Preference

  • Gap: Evaluation mode is explicit

    No clear evaluation mode extracted.

  • Gap: Quality control reporting appears

    No calibration/adjudication/IAA control explicitly detected.

  • Pass: Benchmark or dataset anchors are present

    Detected: Toolprivbench

  • Gap: Metric reporting is present

    No metric terms extracted.

Related Papers

Papers are ranked by protocol overlap, extraction signal alignment, and semantic proximity.

Get Started

Join the #1 Platform for AI Training Talent

Where top AI builders and expert AI Trainers connect to build the future of AI.
Self-Service
Post a Job
Post your project and get a shortlist of qualified AI Trainers and Data Labelers. Hire and manage your team in the tools you already use.
Create Account & Post a Job
Managed Service
For Large Projects
Done-for-You
We recruit, onboard, and manage a dedicated team inside your tools. End-to-end operations for large or complex projects.
Learn About Managed Service
For Freelancers
Join as an AI Trainer
Find AI training and data labeling projects across platforms, all in one place. One profile, one application process, more opportunities.
Join Now