Back to Catalog
Owasp Llm
top10_2025
LLM06 - Excessive Agency
LLM system granted too much autonomy or overly permissive access to tools and APIs.
Intent & Description
'
🎯 Intent
Limit the actions an LLM-based system can perform to only what is necessary for its intended function.
📋 Context
LLM-based systems connected to tools, APIs, or databases may perform unintended actions if granted excessive permissions. This can lead to data modification, financial transactions, or system changes.
💡 Solution
Apply least privilege to all tool and API access. Require human-in-the-loop for high-impact actions. Implement action allowlists. Rate-limit tool calls. Log all actions for audit. Use confirmation workflows.'
Real-world Use Case
Use when connecting LLMs to external tools, APIs, databases, or any system that can perform real-world actions.
📌 TL;DR
Apply least privilege to LLM tool access. Require human approval for high-impact actions, rate-limit, and audit.
Advantages
- Prevents unintended actions
- Limits blast radius of errors
- Enables accountability
- Supports compliance requirements
Disadvantages
- Reduces automation capabilities
- Human-in-the-loop slows workflows
- Permission granularity is complex