AI Confused Deputy — Make the Agent Use Its Privileges Against Its User

FinanceBot has elevated privileges — it can call transfer_funds() between any user accounts because it acts as a system-level reconciliation tool. When a user (Alice, low-privilege) chats with it, the bot uses ITS privileges to fulfil what it interprets as Alice's request. The confused-deputy flaw: the bot doesn't reduce privileges to match the requester. Alice can ask FinanceBot to do things Alice could never do directly.