Securing GenAI Multi-Agent Systems Against Tool Squatting: A Zero Trust Registry-Based Approach

The rise of generative AI (GenAI) multi-agent systems (MAS) necessitates standardized protocols enabling agents to discover and interact with external tools. However, these protocols introduce new security challenges, particularly; tool squatting; the deceptive registration or representation of tools. This paper analyzes tool squatting threats within the context of emerging interoperability standards, such as Model Context Protocol (MCP) or seamless communication between agents protocols. It introduces a comprehensive Tool Registry system designed to mitigate these risks. We propose a security-focused architecture featuring admin-controlled registration, centralized tool discovery, fine grained access policies enforced via dedicated Agent and Tool Registry services, a dynamic trust scoring mechanism based on tool versioning and known vulnerabilities, and just in time credential provisioning. Based on its design principles, the proposed registry framework aims to effectively prevent common tool squatting vectors while preserving the flexibility and power of multi-agent systems. This work addresses a critical security gap in the rapidly evolving GenAI ecosystem and provides a foundation for secure tool integration in production environments.

@article{narajala2025_2504.19951,
  title={ Securing GenAI Multi-Agent Systems Against Tool Squatting: A Zero Trust Registry-Based Approach },
  author={ Vineeth Sai Narajala and Ken Huang and Idan Habler },
  journal={arXiv preprint arXiv:2504.19951},
  year={ 2025 }
}