Zero standing permissions means an actor holds no durable broad privileges between tasks. Access is issued only when needed, scoped tightly to the action, and removed or contracted when the task ends or the context changes. For agents, this is a behavioural control as much as an access model.
Expanded Definition
Zero standing permissions is a stricter operating model than traditional least privilege. It means an actor, including an AI agent or service account, has no durable permissions that remain broadly usable between tasks. Access exists only for the exact action, context, and duration required, then is removed or narrowed immediately after use. In NHI and agentic AI governance, the concept is closely related to OWASP Non-Human Identity Top 10 guidance on reducing long-lived privilege and secret exposure, though usage in the industry is still evolving and no single standard governs this phrase yet.
The practical distinction is important: least privilege can still allow broad rights to sit idle between jobs, while zero standing permissions removes that standing access entirely and reconstructs it on demand. That makes it especially relevant for agents that can call tools, retrieve secrets, or trigger workflows autonomously. It is also aligned with the governance patterns discussed in the Ultimate Guide to NHIs — Key Challenges and Risks, where overprivilege and secret persistence are recurring failure modes. The most common misapplication is treating a dormant token or static role as “safe” because it is rarely used, when the condition that creates risk is the permission remaining valid outside the task window.
Examples and Use Cases
Implementing zero standing permissions rigorously often introduces latency and orchestration overhead, requiring organisations to weigh stronger containment against more complex access workflows.
- An AI coding agent receives time-bound repository write access only while opening a specific pull request, then loses it when the task completes.
- A payment reconciliation service is granted a narrowly scoped API token just long enough to post ledger entries, with automatic expiry after the batch run.
- A cloud automation job assumes a temporary role to rotate certificates, using controls consistent with OWASP Non-Human Identity Top 10 guidance on ephemeral access.
- A contractor-facing integration is issued permissions only after policy checks and is fully revoked when the workflow ends, reflecting patterns highlighted in the Ultimate Guide to NHIs — Key Challenges and Risks.
- A model tool invocation is allowed to read one customer record but not to retain the token or reuse the permission for subsequent calls.
Why It Matters in NHI Security
Zero standing permissions matters because most NHI compromise paths exploit durable access, not the task itself. NHIMG reports that 97% of NHIs carry excessive privileges, which means standing access is often far broader than operators realise. When permissions persist, a stolen token, abused service account, or misdirected agent action can escalate from a single workflow to a system-wide incident. That is why zero standing permissions is not just an access-design preference but a containment strategy for blast-radius reduction, auditability, and safer automation. It complements the OWASP Non-Human Identity Top 10 focus on privilege misuse and helps operationalise zero trust principles for machine identities.
Organisations typically encounter the full cost of standing access only after a token is reused, an agent misfires, or a dormant integration is found to have silently retained broad rights, at which point zero standing permissions becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Directly addresses excessive standing privileges and long-lived NHI access. |
| NIST CSF 2.0 | PR.AA-05 | Supports management of identities and access rights across machine workflows. |
| NIST Zero Trust (SP 800-207) | SCF | Zero trust requires dynamic, context-aware access decisions instead of standing privilege. |
Issue permissions per request, validate context continuously, and remove access when trust changes.
