πŸš€ Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Insecure LLM Plugin Execution

LLM plugins are extensions that operate automatically during user interactions and are driven entirely by the model, without application-level control over their execution. To address context-size limitations, plugins often accept free-text inputs from the model without validation or type checking. This creates an opportunity for attackers to craft malicious requests, potentially leading to severe consequences such as remote code execution, data exfiltration, or privilege escalation.

Remediation

  • Implement strict input validation and type checking for all free-text inputs processed by the plugin.
  • Use access control mechanisms to restrict plugin functionality based on the principle of least privilege.
  • Require explicit authorisation for plugin-to-plugin communication, ensuring trust is established and verified.
  • Enforce sandboxing for plugin execution to isolate plugins and prevent them from affecting the broader system.

Metadata

  • Severity: high
  • Slug: insecure-llm-plugin-execution

OWASP

  • LLM07:2024: Insecure Plugin Design

Available Labs

Select a language to explore available labs for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing β€” fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.