Description

An LLM system is given excessive functionality, permissions or autonomy to perform actions without sufficient oversight.

Impact

- Unauthorized access or data modification. - System misuse (e.g., sending emails, deleting files). - Bypassing business rules or user consent.

Recommendation

- Implement human-in-the-loop controls for delicate operations (e.g., deleting or sending information). - Limit privileges granted to the LLM application.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes