From 015452af4fff135ed4d6f07f6f3de8cfcb46c38f Mon Sep 17 00:00:00 2001 From: Setotet Date: Sun, 17 Nov 2024 14:03:47 -0800 Subject: [PATCH] Put back missing item to LLM06 Common Examples of Risks (#477) --- 2_0_vulns/LLM06_ExcessiveAgency.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/2_0_vulns/LLM06_ExcessiveAgency.md b/2_0_vulns/LLM06_ExcessiveAgency.md index b41231a1..2e6fd540 100644 --- a/2_0_vulns/LLM06_ExcessiveAgency.md +++ b/2_0_vulns/LLM06_ExcessiveAgency.md @@ -23,6 +23,8 @@ Note: Excessive Agency differs from Insecure Output Handling which is concerned An LLM agent has access to extensions which include functions that are not needed for the intended operation of the system. For example, a developer needs to grant an LLM agent the ability to read documents from a repository, but the 3rd-party extension they choose to use also includes the ability to modify and delete documents. #### 2. Excessive Functionality An extension may have been trialled during a development phase and dropped in favor of a better alternative, but the original plugin remains available to the LLM agent. +#### 3. Excessive Functionality + An LLM plugin with open-ended functionality fails to properly filter the input instructions for commands outside what's necessary for the intended operation of the application. E.g., an extension to run one specific shell command fails to properly prevent other shell commands from being executed. #### 4. Excessive Permissions An LLM extension has permissions on downstream systems that are not needed for the intended operation of the application. E.g., an extension intended to read data connects to a database server using an identity that not only has SELECT permissions, but also UPDATE, INSERT and DELETE permissions. #### 5. Excessive Permissions