Ghost Tool Calls: Issue-Time Privacy for Speculative Agent Tools

ArXi:2606.02483v1 Announce Type: cross Tool-augmented language agents speculatively issue likely future tool calls to hide latency, but those calls leak inferred user intent to external services before the agent commits to the branch. Every external observer that received the call retains the disclosure after the agent abandons the branch. Timing is the issue, not authorization: no commit-time cleanup, read-only restriction, or access-control allow-list unsends what an observer already holds.