Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Blank-slate AI agent permissions: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Local coding agents that start with browser, terminal, write, memory, and MCP access already create broad standing authority before a task begins, according to PermitIO. Zero standing permissions shifts the model to minimal baseline access plus time-limited grants, which is the practical boundary that keeps agent tool use auditable and containable.

NHIMG editorial — based on content published by PermitIO: Zero Standing Permissions for AI Agents: Lessons from Hermes Blank Slate and Toolset Pinning

By the numbers:

Questions worth separating out

Q: How should security teams implement zero standing permissions for AI agents?

A: Start with a blank-slate baseline, then grant only the tool classes needed for a specific task and revoke them automatically when the task ends.

Q: Why do AI agents create more access risk than traditional automation?

A: AI agents can decide at runtime which tools to use, when to use them, and how to chain actions across systems.

Q: What breaks when toolset pinning is used without runtime authorisation?

A: Toolset pinning limits what is visible, but it does not decide whether a specific action is safe in the current context.

Practitioner guidance

  • Default sensitive tools to disabled at startup Make browser, terminal, write, MCP, delegation, and durable memory writes opt-in rather than present from session start.
  • Separate baseline pinning from runtime approval Keep capability classes pinned at configuration level, then add per-action policy decisions for high-risk calls such as execute, write, connector access, and sub-agent spawning.
  • Grant time-bounded access with explicit revocation Use short-lived grants for terminal, MCP, and memory writes, and require automatic expiry at task completion.

What's in the full article

PermitIO's full blog covers the operational detail this post intentionally leaves for the source:

  • Capability-by-capability permission matrix for browser, terminal, write, memory, and MCP access
  • Examples of runtime policy conditions for temporary grants, including TTL, sandboxing, and connector scope
  • Migration checklist for moving from all-on defaults to blank-slate startup without breaking developer workflows
  • Practical safe-starter bundle patterns for local agents and enterprise rollout

👉 Read PermitIO's guidance on zero standing permissions for AI agents →

Blank-slate AI agent permissions: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Blank-slate startup is a governance assumption, not a UI preference: agent systems were built around the idea that available tools can be left on because the model will use them responsibly. That assumption fails when a single session can chain browser, terminal, write, memory, and MCP reach into one fast action path. The implication is not “add more controls later”, but that standing authority is the wrong starting state for agent governance.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: How do teams know whether their agent permission model is actually working?

A: Look for fewer standing privileges, shorter grant lifetimes, and a clear audit trail for every sensitive action. If agents can still write, execute, delegate, or reach connectors without a bounded reason and expiry, the model is not working. Visibility into denied actions is as important as the allowed ones.

👉 Read our full editorial: Zero standing permissions for AI agents: why blank slate matters



   
ReplyQuote
Share: