Ultra13
Platform · Tool-Call Inspection

How does Ultra13 inspect AI agent tool calls?

Ultra13 inspects every tool call before it executes: the tool name, arguments, target resource, identity, tenant, data class, destination, and side effects — weighted by the trust of the context that triggered the call. High-risk sinks such as exports, writes, shell execution, browser actions, payments, and webhooks require policy or human approval.

By the Ultra13 teamPublished Updated
TL;DR
  • Inspect before execution, not after.
  • Check name, args, resource, identity, tenant, data class, side effects.
  • Weight by the trust of the triggering context.
  • Gate high-risk sinks with approval; fail closed on shell and code execution.

Stopping excessive agency

Most agent incidents are excessive agency — the agent could do more than the situation warranted. Pre-execution inspection plus least privilege prevents untrusted context from expanding what the agent may do. Background: tool-call security and the MCP tool gateway.

FAQ

Frequently asked questions

What happens when a tool call is high-risk?
Exports, writes, shell/code execution, payments, and webhooks are gated behind policy or human approval, and can be configured to fail closed under uncertainty.

See where the firewall stops the path.

Give us one agent workflow. We’ll map the context boundary, replay the abuse paths, and show where the Context Firewall blocks them.