Beta
Automated Least Privilege for Agents
Authorization, monitoring, alerting, and access throttling.
LLM agents make permissions harder
Permissions are already hard enough: broken access control rose to #1 in the OWASP Top 10 list of AppSec failures. The explosion of agents increases the attack surface.
A human with incorrect permissions is bad enough, but an LLM agent can potentially cause orders of magnitude more damage.
We have the opportunity, however, to rethink permissions and avoid making the same mistakes again.
Agentic AI can do amazing things, but you need to give agents access to your systems for them to work. That’s risky:
Humans are often overprovisioned, and replicating that for agents can be disastrous
Humans work on the scale of wall clock time and waking hours, while agents move faster and don’t stop
Agents may or may not follow controls applied in prompting and are vulnerable to prompt injection
Agents need a new approach
It’s not feasible to handle this with hard-coded permissions logic and basic role-based access control. You need a system to monitor and enforce least privilege for agents, with human-in-the-loop control:
- Centralized permissions controls that are deterministic rather than probabilistic, and enforced rather than interpreted
- Ongoing monitoring and risk categorization of agentic data access and actions
- Alerting for anomalous agent behaviours
- Recommend responses — quarantine, permissions reductions, time-bound permissions expansion, etc. — with single click application of changes
- Auditing and logging of authorization decisions for agent actions
Automated Least Privilege for Agents
Schedule time with Graham Neray, Oso’s founder, to learn more about automated least privilege enforcement for agents and our private beta program.
.png)