excessive-agency
Safeguard articles tagged "excessive-agency" — guides, analysis, and best practices for software supply chain and application security.
5 articles
The guardrail gap in low-code agentic AI platforms
Low-code AI builders let business users wire agents to live connectors in minutes — but most ship without per-tool scoping, approval gates, or audit trails.
AI Agent Tool-Use Security: Locking Down What Agents Can Do
The moment you give an LLM tools, it stops being a chatbot and becomes an actor in your systems. Tool-use security is about making sure a compromised agent hits a wall instead of a credential.
Rogue AI Agents: When Autonomous Systems Act Outside Inte...
Autonomous AI agents are gaining real access to production systems — and real incidents, from deleted databases to fabricated refunds, show what happens when they act outside intended boundaries.
Agentic Identity and Privilege Abuse
AI agents now inherit more privilege than they need — and incidents like the Microsoft 38TB SAS-token leak and ServiceNow's Now Assist flaw show what happens when that privilege gets abused.
Excessive Agency in LLM-Powered Applications
Excessive agency turns a bad LLM output into an executed action. From Replit's July 2025 database deletion to Air Canada's chatbot ruling, here's what it is and how to scope it down.