Notifications
Clear all
Topic starter
12/06/2026 9:39 pm
TL;DR: Least privilege still matters in agentic AI, but an agent can remain within its permission set and still act outside its intended purpose, according to Zenity. The article argues that least agency, decision budgets, and runtime scoping are the missing governance layer because current controls assume behavior is bounded by access alone.
NHIMG editorial — based on content published by Zenity: Least Privilege Isn't Enough for AI Agents. You Need Least Agency
By the numbers:
- 97% of non-human identities carry excessive privileges.
Questions worth separating out
Q: What breaks when least privilege is the only control for AI agents?
A: Least privilege breaks down because it only describes what an agent can access, not what it can autonomously do with that access.
Q: Why do AI agents complicate identity governance programmes?
A: AI agents complicate identity governance because they turn runtime behaviour into an access problem.
Q: How do organisations know if agent governance is actually working?
A: They need evidence that the agent’s autonomous actions are narrower than its raw permission set and that scope changes are reviewed before they become default behaviour.
Practitioner guidance
- Define behavioural authorisation rules for agents Write policy that limits which autonomous actions an agent may take, in what sequence, under what conditions, and with what oversight.
- Map runtime scoping to every high-risk agent workflow Constrain the agent’s effective access to the current task, and withdraw access as soon as the task is complete or the context changes.
- Set decision budgets for delegated AI chains Assign a finite autonomy allowance at the top of the chain and force a human checkpoint when that allowance is consumed.
What's in the full article
Zenity's full article covers the operational detail this post intentionally leaves for the source:
- The least agency ratio model for board reporting and how to measure it at runtime
- Decision budget architecture for multi-agent delegation chains and escalation points
- Dynamic scoping approaches that narrow an agent’s effective access during execution
- The implementation framing for least agency governance in live agent environments
👉 Read Zenity's analysis of why least privilege is not enough for AI agents →
AI agent governance: why least privilege no longer solves the problem?
Explore further
12/06/2026 11:53 pm
Least privilege was designed for access boundaries, not behavioural boundaries. That assumption fails when an AI agent can stay fully authorised and still act in ways that diverge from its declared purpose. The implication is that identity governance has to evaluate autonomy as a control surface, not just entitlement, because permission alone no longer predicts risk.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 44% of organisations have implemented any policies to govern AI agents, even though 92% agree that governing them is critical to enterprise security.
A question worth separating out:
Q: Who should own AI agent autonomy controls in the enterprise?
A: Ownership should sit jointly with identity governance, security architecture, and the product or platform team that runs the agent. The key accountability question is whether someone can approve, constrain, and revoke autonomous action as a lifecycle control. If no team owns those decisions, the agent’s behaviour is effectively unmanaged.
👉 Read our full editorial: Least agency is the missing control for AI agent governance
