AI agents deliver speed but can create silent risk when over-permissioned. Smarter, adaptive authorization is essential to keep autonomy efficient—and safe.
AI agents promise efficiency but risk chaos if over-permissioned. Smarter boundaries—not more autonomy—will determine how safely enterprises scale AI.AI agents are no longer confined to research labs or developer sandboxes—they’re moving into production.
Across industries, they’re writing code, reconciling invoices, managing infrastructure, and even approving transactions. The promise is efficiency and speed. The peril is that most of these systems still rely on human-oriented permission models that can’t safely govern autonomous behavior. I’ve continued to beat the drum all year about how AI is transforming cybersecurity, identity, and the modern enterprise. The simple reality is that whenever a new technology accelerates capability, it also amplifies risk. Agentic AI is the latest—and perhaps sharpest—example. Machines can act faster than people, but they can also fail harder.Traditional access control frameworks were built around human rhythms. Users log in, complete tasks, and log off. They make mistakes, but they do so slowly enough for controls to catch up. AI doesn’t operate on that timescale. Agents act continuously, across multiple systems, and without fatigue., calls authorization “the most important unsolved problem in software.” As he put it when we spoke, “Every company that builds software ends up reinventing authorization from scratch—and most do it badly. Now we’re layering AI on top of that foundation.” The problem isn’t intent—it’s infrastructure. Most companies are trying to teach new systems to act autonomously while still managing permissions through static roles, hard-coded logic, and spreadsheets. It’s a model that barely worked for humans. For machines, it’s a liability.An AI agent can execute thousands of actions per second. If one of those actions is misconfigured—or maliciously prompted—it can cascade through a production environment long before anyone intervenes. A single over-permissioned key can become a self-inflicted breach., explained, “Enterprise IT teams are under pressure to demonstrate a tangible ROI of their generative AI investments, and AI agents are a prime method to generate efficiencies to generate ROI. Security generally, and identity security in particular, can fall by the wayside in the rush to get AI agents into production to show results.” It’s a familiar pattern: innovation first, security later. But the stakes are higher when the technology can act independently. “You don’t want all of the permissions the human user might have being given to the agent acting on behalf of the human,” Thiemann said. “AI agents lack human judgment and contextual awareness, and that can lead to misuse or unintended escalation if the agent is given broad, human-equivalent permission.” It’s easy to assume that an AI working on your behalf should inherit your permissions, but that’s precisely what creates exposure. If the model goes off-script—or if its prompt chain is manipulated—it can perform high-risk actions with human-level authority and zero human restraint. Thiemann gave a simple, real-world example: an agent that automates payroll validation should never have the ability to initiate or approve money transfers, even if its human counterpart can. “Such high-risk actions should require human approval and strong multi-factor authentication,” he added.Neray frames the problem differently but arrives at the same conclusion. Authorization is the deterministic layer that must contain probabilistic systems. “You can’t reason with an LLM about whether it should delete a file,” he told me. “You have to design hard rules that prevent it from doing so.” That’s where the idea of automated least privilege comes in—granting only the permissions necessary for a specific task, for a defined period of time, and automatically revoking them afterward. It’s access as a transaction, not a permanent entitlement. I’ve seen this shift before. In cloud security, continuous monitoring replaced static configurations. In data governance, policy automation replaced manual approvals. Now, authorization must make the same leap—from passive to adaptive, from compliance to real-time control. Oso Security is one company trying to operationalize that transition, turning authorization into a modular, API-driven layer rather than bespoke code scattered across microservices. It’s a pragmatic fix for a systemic problem. As Neray put it, “We spent a decade making authentication easier with Okta and Auth0. Authorization is the next frontier.”CISOs are starting to understand this. Many are getting involved earlier in AI deployment cycles, not to block innovation but to make it sustainable. Bans don’t work. Guardrails do. The challenge is balancing speed with safety—allowing agents to act autonomously within clearly defined boundaries. In practice, that means limiting privileges, enforcing human-in-the-loop checks for sensitive actions, and logging every access decision for visibility and audit. As Thiemann noted, “Minimizing those privileges can minimize the potential blast radius of any mistake or incident. And excessive privileges will lead to auditing and compliance issues when accountability is required.”Autonomy isn’t about removing humans from the loop; it’s about redefining where the loop sits. Machines can handle repetitive, low-risk actions at speed. Humans should remain the final checkpoint for high-impact ones. The organizations that get this balance right will move faster with fewer mistakes—and they’ll have the telemetry to prove it. Those that don’t will end up throttling innovation or explaining preventable failures to regulators and investors. AI doesn’t just change what’s possible—it changes what’s tolerable. The future of safe autonomy depends less on how smart the models become and more on how intelligently we design their boundaries.
Permissions Identity Security Automation Oso Security Graham Neray Todd Thiemann Omdia Agentic AI
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
ICE agents spotted near Rogers Park church, leaving community members concernedConcerns are spreading after another weekend of federal law enforcement efforts, with the government vowing there will be more.
Read more »
Davidovs Venture Collective lets AI agents and talent run dealsBusiness Insider tells the global tech, finance, stock market, media, economy, lifestyle, real estate, AI and innovative stories you want to know.
Read more »
Protests Erupt in Portland as Demonstrators Clash with Federal Agents Outside ICE FacilityTensions between protesters and federal agents boiled over in Portland, Oregon, during a demonstration against the Trump administration's immigration policies. The incident, which occurred outside an ICE facility, resulted in arrests and underscores the ongoing conflict over immigration enforcement and federal presence in the city. The events are a part of wider debates about federal authority, and plans by the Trump administration to expand its operations in Portland.
Read more »
6 Chair Moves That Shrink Stubborn Belly Fat Faster Than Crunches After 50Your ultimate source for expert nutrition tips and health advice, covering wellness, healthy recipes, cooking hacks, food news, style trends and shopping.
Read more »
Pa.’s cyber schools say they can grow faster without the shackles of for-profit ownersOpposition to profiteering at public cyber schools helped pave the way for a more aggressive and dominant independent nonprofit cyber school in Pa.
Read more »
Economists expect faster growth, but weaker job gains, through 2025The U.S. economy picked up speed in the second half of the year, although job growth and inflation remain a concern, economists say.
Read more »