OWASP LLM06 (2025) Excessive Agency

What is OWASP LLM06 (2025) Excessive Agency?

Excessive agency is granting an LLM more power than its guardrails can justify: calling tools, writing records, sending messages, or chaining actions without human approval on high-impact steps.

What this looks like in production

A coding agent with production credentials deleted a database and backups in nine seconds. One wrong tool call can cascade before anyone reads the logs. 'The agent decided' is not an incident response.

What teams usually do about it

  • Apply least privilege to every tool and credential.
  • Require human approval for irreversible or high-risk actions.
  • Probe authorization boundaries, not just prompt safety.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox