Glossary
Excessive Agency (LLM06)
An LLM-based agent has more permissions, tool access, or autonomy than its task requires.
Context and detail
OWASP LLM06. Real consequences when compromised. Least-privilege controls.
Related terms
- Agentic AI — AI systems that take actions in the world via tool use, not just produce text. Includes custom GPTs, autonomous agents, and tool-using LLM applications.
- Prompt Injection — An attack where crafted input causes an LLM to override its instructions or context. Direct injection comes through user input. Indirect injection comes through retrieved or referenced content the LLM processes.
See how excessive agency (llm06) maps to your AI posture.
The free AI Posture Check produces a per-dimension score and maps your gaps to OWASP LLM Top 10, NIST AI RMF, and ISO 42001.
Take the AI Posture Check