Blank-slate AI agent permissions: are your controls keeping up?

TL;DR: Local coding agents that start with browser, terminal, write, memory, and MCP access already create broad standing authority before a task begins, according to PermitIO. Zero standing permissions shifts the model to minimal baseline access plus time-limited grants, which is the practical boundary that keeps agent tool use auditable and containable.

NHIMG editorial — based on content published by PermitIO: Zero Standing Permissions for AI Agents: Lessons from Hermes Blank Slate and Toolset Pinning

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
• Only 18% of MCP server deployments implement any form of access scoping for tool permissions.

Questions worth separating out

Q: How should security teams implement zero standing permissions for AI agents?

A: Start with a blank-slate baseline, then grant only the tool classes needed for a specific task and revoke them automatically when the task ends.

Q: Why do AI agents create more access risk than traditional automation?

A: AI agents can decide at runtime which tools to use, when to use them, and how to chain actions across systems.

Q: What breaks when toolset pinning is used without runtime authorisation?

A: Toolset pinning limits what is visible, but it does not decide whether a specific action is safe in the current context.

Practitioner guidance

• Default sensitive tools to disabled at startup Make browser, terminal, write, MCP, delegation, and durable memory writes opt-in rather than present from session start.
• Separate baseline pinning from runtime approval Keep capability classes pinned at configuration level, then add per-action policy decisions for high-risk calls such as execute, write, connector access, and sub-agent spawning.
• Grant time-bounded access with explicit revocation Use short-lived grants for terminal, MCP, and memory writes, and require automatic expiry at task completion.

What's in the full article

PermitIO's full blog covers the operational detail this post intentionally leaves for the source:

• Capability-by-capability permission matrix for browser, terminal, write, memory, and MCP access
• Examples of runtime policy conditions for temporary grants, including TTL, sandboxing, and connector scope
• Migration checklist for moving from all-on defaults to blank-slate startup without breaking developer workflows
• Practical safe-starter bundle patterns for local agents and enterprise rollout

👉 Read PermitIO's guidance on zero standing permissions for AI agents →

Blank-slate AI agent permissions: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →