Definition
A confused deputy attack tricks a trusted, privileged system component into misusing its own authority on an attacker's behalf — like fooling a bank teller with legitimate access into handing money to the wrong person. In AI systems, this often happens when an AI gateway or tool server is manipulated into making requests to internal systems it was never meant to reach.
Why it matters
AI gateways and agent tool-servers sit in privileged network positions with broad access; a confused deputy flaw can turn a helpful automation layer into an attacker's proxy into sensitive internal infrastructure.