Sep 05, 2025 – Lina Romero – In 2025, we are seeing an unprecedented rise in the volume and scale of AI attacks. Since AI is still a relatively new beast, developers and security teams alike are struggling to keep up with the changing landscape. The OWASP Top 10 Risks for LLMs is a great jumping-off point to gain insight into the biggest risks and how to mitigate them.Excessive AgencyAgency refers to a model’s ability to call functions, interface systems, and undertake actions. Developers grant each AI agent a necessary degree of agency depending on its use case. When an LLM malfunctions, an AI agent should respond appropriately according to the agency it’s been given. However, Excessive Agency occurs when an AI agent responds inappropriately, performing “damaging actions” in response to unusual LLM outputs. Excessive Agency is ultimately caused by design flaws, stemming from one of the following:Excessive functionality: an LLM has access to extensions which include functions not needed to perform its job, or it may still have access to plugins from the development phase that are no longer neededExcessive permissions: an LLM has permissions for downstream functionality and systems not originally intendedExcessive autonomy: an LLM performs actions that it has not been approved for.And the effects of Excessive Agency vulnerabilities can be catastrophic, leading to PII breaches, financial losses, and more. However, there are ways to mitigate and prevent Excessive Agency.Limit extensions: Only allow the LLM to interact with the minimum necessary amount of extensions.Know your agents: If you can’t see it, you can’t secure it! Keep a centralized inventory to track all agents and interactions.Limit extension functionality: Ensure that the functions implemented to an LLM’s extensions are strictly necessary for its intended purpose.Assess your agents: Test agents as a whole, including the sum of their application code.No open-ended extensions: Open-ended extensions with more granular functionality are not strictly necessary, and open the LLM up to more vulnerabilities than they are worth.Require human approval: For some high-impact actions, it may be necessary to have guardrails around them that require permission from an actual user.Assess application code: Assess for input and output handling to see where upstream and downstream vulnerabilities lay.Sanitize LLM inputs and outputs: Sanitization is a best practice for AI security in general, but particularly
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: