Excessive Agency
Excessive agency is giving an AI agent more capability, permission, or autonomy than its task needs — broad tool access, write permissions, the ability to act without approval. It turns a model mistake or a successful attack into real-world damage.
Also known as: excessive agency
Excessive agency is an over-permissioning problem, named in the OWASP risks for LLM applications. When an agent can call more tools, touch more systems, or take more irreversible actions than its job requires, every failure mode gets more expensive — a hallucination, a prompt injection, or a bad decision now executes against production instead of being harmless.
The defense is least privilege applied to agents. Give each agent the minimum tools and permissions for its task, require approval for high-stakes or irreversible actions, and prefer read access over write where you can. It’s the principle behind agent guardrails: the goal isn’t to make the agent incapable, but to ensure that when it’s wrong — and it will be — the blast radius is small.