OWASP Flags "Excessive Agency" as a Top AI Threat
January 20, 2026
Giving AI autonomous control is like giving a toddler a credit card.
What happened
The Open Web Application Security Project (OWASP) the group that lists the most critical security flaws has highlighted "Excessive Agency" (LLM06) in their Top 10 list for Large Language Models. This warns developers about the dangers of letting AI "agents" do too many things without permission.
Details
"Excessive Agency" happens when an AI is given the power to take actions—like sending emails, buying things, or deleting files—based on its own decisions.
- The Risk: If an attacker tricks the AI (using a prompt injection) the AI might use its "agency" to do something bad, like deleting a user's entire database, because it thought it was helping.
- The Fix: OWASP recommends that AI should only have "read-only" access whenever possible, and a human should always have to click "approve" before the AI does anything big.
Context
In the past we only worried about AI saying bad things. Now that we are connecting AI to our email and bank accounts we have to worry about AI doing bad things. This warning from OWASP is a wake up call that "autonomous" AI is dangerous if you don't put guardrails around it.
My Take
It is like giving a toddler a credit card. Even if the toddler (the AI) means well they might accidentally buy a pony. This vulnerability shows that we need to limit what buttons the AI is allowed to push no matter how smart we think it is.