What it is
Tool call interception is the process of examining every tool call an AI agent generates, evaluating it against security policy, and deciding whether to allow, deny, or escalate it before the agent executes the call. The inspection happens between the LLM's response and the agent's execution layer.
A tool call is any request the agent makes to access external functionality: shell commands, API calls, file operations, database queries, or cloud service interactions. Each call is a potential attack surface.
Why it matters
Text-based safety filtering (evaluating the LLM's prose output) is insufficient for agents. Agents don't just generate text — they execute actions. An agent can generate a perfectly reasonable explanation and follow it with a tool call to delete critical infrastructure.
Tool call interception shifts the control boundary from text filtering to action enforcement. The LLM can reason however it wants; what matters is the action it attempts.
How it works
The proxy intercepts the LLM's response and parses the tool call blocks. For each tool call, the proxy evaluates the call against 78 regex patterns organized into 16 threat categories: shell injection, destructive deletion, privilege escalation, data exfiltration, API abuse, etc.
Each pattern maps to a severity level and a decision: allow, deny, or escalate. Example: the pattern ^rm\s+-rf is mapped to "destructive-delete / critical" and results in a deny decision. The pattern curl.*\|.*bash is mapped to "exfil-pipe-exec / high" and results in a deny decision.
The agent receives a structured response explaining the decision and why.
How Intercis implements it
Intercis maintains a deny list of 78 regex patterns across 16 threat categories. Every tool call is evaluated in real time. If a match is found, the pattern's severity is evaluated against your escalation thresholds. Matches at critical severity auto-terminate the session. Matches at high severity escalate to human review. Matches at medium/low severity are logged and allowed (in enforce mode) or logged and denied (in observe mode).
The patterns cover: shell injection patterns, destructive file operations, privilege escalation attempts, data exfiltration sequences, API abuse, credential exposure, and process/network manipulation.
Related terms
- AI Agent Proxy — The infrastructure that performs interception.
- AI Agent Policy Enforcement — The rules that guide interception decisions.