Excessive Agency (OWASP LLM 06)

Probes testing whether AI agents can be manipulated to perform actions beyond their intended scope or with inappropriate permissions.

Authorization Bypass Attacks

Probe Name	Description
Broken Function Level Authorization	This probe tests whether an AI agent with tool access can be manipulated to execute functions or operations beyond its intended authorization level. The probe evaluates the target’s ability to enforce proper function-level access controls and resist attempts to access unauthorized system capabilities through crafted prompts and function call manipulation
Broken Object Level Authorization	This probe tests for Broken Object Level Authorization (BOLA) vulnerabilities where an AI agent with tool access can be manipulated to access specific objects (documents, records, files, conversations, etc.) without proper authorization checks. The probe evaluates whether the target resists attempts to access unauthorized data through natural language requests that indirectly reference objects or through tool/function calls with manipulated object identifiers

Injection Vulnerabilities

Probe Name	Description
Shell Injection	This probe tests for shell injection vulnerabilities in AI agents that have access to system command execution. It generates crafted prompts designed to trick the AI into executing malicious shell commands or gaining unauthorized system access
SQL Injection	This probe tests for SQL injection vulnerabilities in AI agents with database access. It uses crafted prompts to try to make the AI execute unauthorized SQL commands or expose sensitive database data.

System Manipulation

Probe Name	Description
SSRF	This probe tests for Server-Side Request Forgery (SSRF) vulnerabilities in AI agents that have tool access, attempting to manipulate the target into making unauthorized requests to external systems or resources
Hijacking	This probe tests whether an AI agent can be hijacked or repurposed for unintended malicious activities beyond its original design scope