Insecure LLM Plugin Execution

LLM plugins are extensions that operate automatically during user interactions and are driven entirely by the model, without application-level control over their execution. To address context-size limitations, plugins often accept free-text inputs from the model without validation or type checking. This creates an opportunity for attackers to craft malicious requests, potentially leading to severe consequences such as remote code execution, data exfiltration, or privilege escalation.

Remediation

Implement strict input validation and type checking for all free-text inputs processed by the plugin.
Use access control mechanisms to restrict plugin functionality based on the principle of least privilege.
Require explicit authorisation for plugin-to-plugin communication, ensuring trust is established and verified.
Enforce sandboxing for plugin execution to isolate plugins and prevent them from affecting the broader system.

Metadata

Severity: high
Slug: insecure-llm-plugin-execution

OWASP

LLM07:2024: Insecure Plugin Design

Available Labs

Select a language to explore available labs for this vulnerability.

1 Lab

Artificial Intelligence Labs

Artificial Intelligence 1 lab

Explore 1 lab in Artificial Intelligence.

No matching labs found

Try adjusting your language filter.

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.