What is OWASP LLM07 (2023) Insecure Plugin Design?
Insecure plugin design addressed LLM extensions that run with excessive permissions or get called without clear user consent - classic paths to injection and exfiltration.
What this looks like in production
Agent architectures now spread this risk across LLM03 Supply Chain, LLM06 Excessive Agency, and OWASP Agentic ASI02 Tool Misuse.