LLM06:2025 — Excessive Agency

Slide 3 · The Definition

Now that you’ve seen it, here’s how OWASP defines it.

The name matches exactly what you just read.

OWASP LLM06:2025 — Official Definition

“Excessive Agency enables damaging actions to be performed in response to unexpected, ambiguous, or manipulated outputs from an LLM, regardless of what is causing the LLM to malfunction.”

Excessive agency occurs when an AI system has more autonomy, permissions, tools, or action scope than the task requires.

Key Insight

LLM06 is not about the model making wrong decisions. It’s about the system around the model granting it too much power. The model can be working exactly as intended — and still cause serious damage if it has capabilities it shouldn’t.

🔧

Excessive Functionality

The agent has access to tools or features beyond what the task requires.

🔑

Excessive Permissions

The agent’s credentials have broader scope than needed — write when only read is required, admin when user is enough.

🤖

Excessive Autonomy

High-impact actions are taken without human confirmation — no checkpoint between decision and consequence.

← Back Next → The three root causes, one by one