Security Considerations for LLM Agents in Odoo

[ayushin]

"The issue of using APIs, IMHO, with production data is dangerous, because nobody assures you that there will be a leak of such data, they can train the next model using what was sent." – @zamberjo

Security is indeed a major concern when integrating LLMs with Odoo. While hosted APIs like OpenAI’s models provide convenience, they introduce potential data risks. I think these modules should provide best practices, guidelines and safeguards for the users but the ultimate choice of where to run the inference and which frameworks to integrate will be left to the end user.

Things like confirming user actions (e.g. limit actions like unlink() to prevent unintended deletions) will be addressed by the permissions and settings of individual LLM tools, for example retrieval does not require user confirmation, but update and delete will interrupt the agentic flow until the user reviewed and confirmed the resutls. @adar2378

• How should we best address data security and access control?
• What best practices should we adopt for AI-driven ERP security?

Looking forward to hearing different perspectives!

[gurneyalex]

when an AI agent is interacting with a user, it makes sense that any search / actions performed in the database by the agent are done with the same permission / context as the user.

[Kerrim-]

I think you need two layers of permissions:

1. User Permissions
2. LLM Permissions for models / fields inside the models (especially for read operations that get sent to the llm)

In muk_ai we decided to only allow read and create operations (We are working on writes but they are more difficult). We didn't find a good solution for unlink yet. As its hard to recover from an error with unlink (archiving would work with write, which for now is enough for us).

[selmanfarukyilmaz]

I believe that starting with a strict rule allowing the LLM to use only "Select" parameters is the most appropriate approach to take.