{"title":"Shadow API Discovery: Preventing Unauthorized Tool Usage","region":"Global","category":"Security","description":"Hardening agents against searching for and calling undocumented endpoints.","lastUpdated":"2026-02-23","steps":["Disable 'Auto-Discovery' features in agent framework configurations.","Apply strict OpenAPI schema validation for all outgoing tool calls.","Implement an API Gateway with an explicit 'Allow-List' per agent ID.","Mask internal URL structures in system prompts and error messages.","Log and alert on agent attempts to guess '/api/v1/' or '/admin' paths."],"url":"https://checklist.day/shadow-api-discovery-preventing-unauthorized-tool-usage"}