Ghost Tool Calls: Issue-Time Privacy for Speculative Agent Tools

2026-06-01 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Expert, quick

Summary

Tool-augmented language agents, designed to hide latency, speculatively issue future tool calls, inadvertently leaking inferred user intent to external services before the agent commits to a specific branch. These "ghost tool calls" disclose information that external observers retain, even if the agent later abandons the branch. The core problem is the timing of these speculative invocations, not a lack of authorization or access control, as post-hoc measures cannot "unsent" already disclosed information. Researchers propose Speculative Tool Privacy Contracts, a runtime abstraction that treats observation before commitment as a distinct effect from state mutation. A prototype implementation evaluated twelve policies across three corpora, demonstrating that only issue-time policies, which modify or suppress the speculative call's argument or destination projection before dispatch, effectively reduce the inference of user intent.

Key takeaway

For AI Engineers designing or deploying tool-augmented language agents, recognize that speculative tool calls inherently leak user intent before commitment, bypassing standard access controls. You must implement issue-time privacy policies, such as Speculative Tool Privacy Contracts, to modify or suppress call arguments or destinations pre-dispatch. Relying on post-hoc filters or read-only restrictions will not prevent this privacy disclosure, requiring a fundamental shift in how your agents handle speculative interactions.

Key insights

Speculative tool calls in language agents leak user intent before commitment, a privacy issue addressable by issue-time privacy contracts.

Principles

• Timing, not authorization, drives speculative privacy leaks.
• Observation before commitment is a distinct effect.
• Only issue-time policies reduce user intent inference.

Method

Implement Speculative Tool Privacy Contracts as a runtime abstraction. This treats observation before commitment as a distinct effect from state mutation, allowing evaluation of policies to modify or suppress speculative calls.

In practice

• Implement issue-time policies for speculative calls.
• Modify call arguments or destinations pre-dispatch.

Topics

• Ghost Tool Calls
• Speculative Tool Privacy Contracts
• Language Agents
• User Intent Privacy
• Runtime Abstraction
• Speculative Dispatch

Best for: AI Architect, Research Scientist, CTO, AI Scientist, Machine Learning Engineer, AI Engineer

Related on AIssential

• AI tools for hearing difficulties — helpful or harmful for language learning? — AI assistive technology presents a dilemma for language learners with hearing difficulties, balancing aid with skill development.
• How Enterprise Marketing Teams Are Actually Using AI Agents in 2026 — Enterprise marketing is shifting from human-assisted AI tools to autonomous AI agents that redesign entire workflows.
• [AINews] Microsoft Build: MAI-Thinking-1 and MAI Family models — Microsoft's MAI models showcase a transparent, full-stack AI strategy emphasizing clean data and local agent execution.
• Are we getting better at explaining things because of our interaction with LLMs? — Crafting clear LLM prompts may enhance human explanatory and communication abilities.
• OpenAI expands Codex with role-specific plugins to build a general-purpose app for non-developers — OpenAI is transforming Codex into a general-purpose, role-specific AI work app, expanding beyond coding for non-developers.
• How to Use Claude Managed Agents? — Anthropic's Claude Managed Agents simplifies AI agent deployment by providing a hosted, stateful, and secure execution environment.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.