ATR-2026-00051highExcessive Autonomyexperimental

Agent Resource Exhaustion Detection

Detects when an agent causes resource exhaustion through bulk operations, unbounded queries, mass file operations, or patterns that indicate excessive resource consumption. This rule uses regex-only detection on tool call content and agent output to identify dangerous patterns such as SELECT * without LIMIT, mass iteration directives, unbounded batch sizes, and fork/spawn patterns that can degrade system performance or cause denial of service.

Severity

high

Response Actions

reduce permissionsescalatealertsnapshot

References

OWASP Agentic

ASI05:2026 - Unexpected Code Execution

OWASP LLM

LLM06:2025 - Excessive AgencyLLM10:2025 - Unbounded Consumption

MITRE ATLAS

AML.T0046 - Spamming ML System with Chaff DataAML.T0053 - LLM Plugin Compromise

View full YAML on GitHub →

More Excessive Autonomy Rules

ATR-2026-00050highRunaway Agent Loop Detection ATR-2026-00052highCascading Failure Detection in Agent Pipelines ATR-2026-00098criticalUnauthorized Financial Action by AI Agent ATR-2026-00099lowHigh-Risk Tool Invocation Without Human Confirmation