LLM06:2025 Excessive Agency
Description
- Risk Level: High
- Attack Surface: System Access, Plugin Integration
- Impact Areas: Security, Safety, Control
- Detection Tools:
- Related Risks:
- Key Regulations:
- EU AI Act - System Control
- Last Update: 2025 02 22
Excessive Agency represents a critical security risk that emerges when LLMs are granted unrestricted capabilities, uncontrolled actions, unauthorized access, insufficient oversight, or improper permissions within a system. This vulnerability becomes particularly significant due to the autonomous nature of LLMs and their ability to execute actions, access sensitive systems, and make critical decisions, especially when operating with plugins or tools.
The potential impact of excessive agency is far-reaching. Organizations may face unauthorized actions, system compromises, data breaches, resource abuse, and safety violations when LLMs operate without proper constraints. The risk is amplified by the models' broad capabilities and their potential to interact with various system components.
It's important to note that even well-designed systems require proper agency controls. The sophisticated nature of LLMs means they can potentially find unexpected ways to achieve their objectives, making it crucial to implement robust boundaries and oversight mechanisms. This includes careful consideration of both direct actions and potential indirect consequences of granting various capabilities to the model.
Common Examples of Risks
1. Unrestricted System Access
- File system operations
- Network connections
- System commands
- Database queries
2. Plugin/Tool Misuse
- Unauthorized plugin access
- Tool chain exploitation
- API abuse
- Resource depletion
3. Autonomous Actions
- Uncontrolled execution
- Unauthorized decisions
- Automated processes
- System modifications
4. Permission Issues
- Excessive privileges
- Missing restrictions
- Weak boundaries
- Access control gaps
5. Oversight Failures
- Insufficient monitoring
- Inadequate logging
- Missing audits
- Poor traceability
Prevention and Mitigation Strategies
1. Access Control
- Principle of least privilege
- Role-based access
- Permission boundaries
- Access monitoring
2. Plugin Management
- Plugin sandboxing
- Capability restrictions
- Version control
- Security reviews
3. Action Validation
- Request verification
- Output validation
- Action logging
- Audit trails
4. System Isolation
- Process separation
- Network segmentation
- Resource limits
- Environment controls
5. Human Oversight
- Approval workflows
- Review processes
- Activity monitoring
- Incident response
Example Attack Scenarios
Scenario #1: Plugin Exploitation
An attacker manipulates a plugin to gain unauthorized system access through the LLM.
Scenario #2: Permission Escalation
The LLM's excessive permissions allow execution of dangerous system commands.
Scenario #3: Resource Abuse
Unrestricted access leads to resource exhaustion and service disruption.
Scenario #4: Data Exposure
Excessive agency enables unauthorized data access and exfiltration.
Scenario #5: System Compromise
Uncontrolled LLM actions result in critical system modifications.
Reference Links
Related Frameworks and Standards
- OWASP Top 10 for LLM Applications
- EU AI Act Control Requirements
- NIST AI Risk Management Framework
- ISO/IEC 27001:2013 Access Control
- CWE-269: Improper Privilege Management
- OWASP ASVS v4.0: Access Control