OWASP LLM07 (2023) Insecure Plugin Design

What is OWASP LLM07 (2023) Insecure Plugin Design?

Insecure plugin design addressed LLM extensions that run with excessive permissions or get called without clear user consent - classic paths to injection and exfiltration.

What this looks like in production

Agent architectures now spread this risk across LLM03 Supply Chain, LLM06 Excessive Agency, and OWASP Agentic ASI02 Tool Misuse.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox