.svg)
What is Broken Object Level Authorization Excessive Agency Attack?
This probe is designed to identify vulnerabilities related to Broken Object Level Authorization (BOLA). It examines if an AI agent can be manipulated to access specific objects—such as documents, records, or files—without sufficient authorization checks. The testing evaluates whether the system can withstand attempts to access unauthorized data either through natural language requests that subtly reference these objects or through function calls with altered identifiers.
