Back to OWASP Top 10#6 High Risk

LLM06:2025 Excessive Agency

LLM systems granted excessive permissions, functionality, or autonomy that enable unauthorized actions and privilege escalation beyond intended scope.

Vulnerability Overview

Excessive Agency occurs when LLM systems are granted more permissions, functionality, or autonomy than necessary, enabling them to perform unauthorized actions or escalate privileges beyond their intended scope.

Impact Level

High

Attack Vector

Privilege Escalation

Exploitability

Medium

Excessive Permissions

LLM systems granted more system permissions than required for their intended function.

• Administrative database access
• File system write permissions
• Network access to sensitive systems
• API keys with broad scope

Excessive Functionality

LLM systems with access to functions or tools beyond their operational requirements.

• System command execution
• Code compilation and execution
• External service integrations
• Data modification capabilities

Principle of Least Privilege

LLM systems should be granted only the minimum permissions and functionality necessary to perform their intended tasks, following the principle of least privilege.