A cloud-hosted generative-AI platform allows users to install community plug-ins that extend core functionality. During a security review, engineers notice that several third-party plug-ins request administrator-level API scopes and perform no authorization checks before invoking privileged back-end services.
Which of the following controls would MOST effectively prevent a malicious or compromised plug-in from executing unintended high-privilege actions in the production environment?
Increase the default OAuth token lifetime so plug-ins do not need to re-authenticate frequently
Enable verbose audit logging of all plug-in activity and review the logs weekly
Enforce role-based access control and least-privilege scopes for each plug-in, combined with sandbox isolation
Store plug-in service credentials in environment variables instead of source code
Isolating each plug-in and granting it only the minimal API scopes it needs enforces the principle of least privilege and prevents a plug-in from invoking sensitive functions outside its intended purpose. Verbose logging (option 2) helps detection but does not stop the attack. Moving credentials to environment variables (option 3) addresses secret management, not authorization. Extending OAuth token lifetimes (option 4) actually increases risk by keeping broad privileges valid for longer.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are strict permission checks in the context of security?
Open an interactive chat with Bash
How do third-party extensions pose a security risk?
Open an interactive chat with Bash
What is the role of strong isolation in minimizing threats?