455 – Excessive LLM agency
Description
An LLM system is given excessive functionality, permissions or autonomy to perform actions without sufficient oversight.
Impact
- Unauthorized access or data modification. - System misuse (e.g., sending emails, deleting files). - Bypassing business rules or user consent.
Recommendation
- Implement human-in-the-loop controls for delicate operations (e.g., deleting or sending information). - Limit privileges granted to the LLM application.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: L
- Attack complexity: H
- Attack Requirements: N
- Privileges required: H
- User interaction: A
- Confidentiality (VC): L
- Integrity (VI): L
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P