Principle of Least Privilege

The Principle of Least Privilege says: give each agent only the tools its role actually needs — nothing more.

In a multi-agent system, the coordinator decomposes work and delegates to specialist subagents. Each subagent should receive a tightly scoped toolset. A research subagent does not need a refund tool. A read-only reviewer does not need Write or Bash.

This is not just security hygiene. Scoped tools also make Claude select the right tool more reliably, which directly improves accuracy on the exam scenarios.

Tool selection is driven by the model reading tool descriptions. The more tools you pile onto one agent, the harder that choice becomes.

• 4-5 tools per agent is the sweet spot for reliable selection.
• At 18+ tools, selection reliability degrades noticeably.
• Overlapping or ambiguous descriptions cause misrouting to the wrong tool.

Least privilege and good accuracy point the same direction: keep each agent's toolset small and role-specific.