Tag
This paper proposes Risk-Aware Causal Gating (RACG), a training-free mechanism that applies the principle of least privilege to LLM agent tool exposure, reducing attack surface from prompt injection by only exposing high-risk tools when authorized and causally necessary.