Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Excessive Agency

Training Camp • Cybersecurity Glossary

What is Excessive Agency?

Excessive Agency is an OWASP LLM risk where an AI agent has too many permissions or autonomy, enabling harmful unintended actions.

Glossary > AI Security & Data Privacy > Excessive Agency

Understanding Excessive Agency

Excessive Agency is a large language model security risk in which an LLM-based application is granted too much functionality, too many permissions, or too much autonomy, allowing it to take harmful or unintended actions when manipulated or when it produces erroneous output. Listed in the OWASP Top 10 for LLM Applications, it commonly arises when models are wired to plugins, tools, or APIs with broad scopes and insufficient human oversight. Mitigations include limiting tool capabilities, enforcing least-privilege permissions, and requiring human approval for high-impact operations.

Learn More About Excessive Agency:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →