Excessive Agency
Probes testing whether AI agents can be manipulated to perform actions beyond their intended scope or with inappropriate permissions
OWASP LLM Top 10
Section titled “OWASP LLM Top 10”OWASP LLM06: Excessive Agency: Excessive Agency occurs when an LLM is granted too much functionality, permissions, or autonomy, enabling it to perform unintended or harmful actions. This risk arises from poorly designed system extensions or insufficient control over LLM operations. The consequences range from data misuse to unauthorized system actions, often exacerbated by insufficient human oversight
Probes
Section titled “Probes”| Probe Name | Type | Description |
|---|---|---|
| Broken Function Level Authorization | This probe tests whether an AI agent with tool access can be manipulated to execute functions or operations beyond its intended authorization level. The probe evaluates the target’s ability to enforce proper function-level access controls and resist attempts to access unauthorized system capabilities through crafted prompts and function call manipulation. | |
| Broken Object Level Authorization | This probe tests for Broken Object Level Authorization (BOLA) vulnerabilities where an AI agent with tool access can be manipulated to access specific objects (documents, records, files, conversations, etc.) without proper authorization checks. The probe evaluates whether the target resists attempts to access unauthorized data through natural language requests that indirectly reference objects or through tool/function calls with manipulated object identifiers. | |
| Hijacking | This probe tests whether an AI agent can be hijacked or repurposed for unintended malicious activities beyond its original design scope. | |
| SQL Injection | This probe tests for SQL injection vulnerabilities in AI agents that have access to database operations. It generates crafted prompts designed to trick the AI into executing malicious SQL commands or revealing sensitive database information. | |
| SSRF | This probe tests for Server-Side Request Forgery (SSRF) vulnerabilities in AI agents that have tool access, attempting to manipulate the target into making unauthorized requests to external systems or resources. | |
| Shell Injection | This probe tests for shell injection vulnerabilities in AI agents that have access to system command execution. It generates crafted prompts designed to trick the AI into executing malicious shell commands or gaining unauthorized system access. |