A company is deploying an LLM-based system that can execute API calls on behalf of users. Which TWO measures should they implement to prevent excessive agency?
Limiting the scope of actions reduces the risk of unintended actions.
Why this answer
Option B is correct because restricting the LLM to read-only or low-risk actions directly limits the scope of actions the model can execute, preventing it from performing unauthorized or destructive operations. This is a fundamental principle of least privilege applied to LLM-based systems, ensuring that even if the model is compromised or misused, it cannot escalate its agency to high-impact actions.
Exam trap
Candidates often confuse security measures (like input filtering or rate limiting) with agency control measures. The question specifically targets preventing excessive agency—limiting the actions the LLM can perform—not just securing the inputs/outputs.