Least privilege
Grant an agent the minimum capabilities its job requires, and nothing more — starting from zero.
Least privilege is the principle of giving any actor the minimum access it needs to do its job, and nothing more. Applied to AI agents, it’s the single control that shrinks the blast radius of every future mistake at once: if a capability isn’t granted, no prompt injection, bug, or bad sampling step can use it.
For agents, least privilege starts from zero. A new agent has no capabilities and earns each one deliberately, mapped to its job. This is stricter than the human version because agents can’t be trusted to refrain from using access they happen to have — they’ll use whatever’s in front of them, including when steered by untrusted text.
Least privilege for agents has two layers. The first is the familiar one: don’t grant what the job doesn’t need. The second is specific to agents: don’t even show what you didn’t grant. Ungranted capabilities are filtered from the agent’s tool manifest, so a denied tool becomes a nonexistent one — closing the prompt-injection door before it opens.
In practice, least privilege is implemented through scope and roles, and maintained by watching the denial log, pruning unused grants, and reviewing roles on a cadence. The goal is to make your worst case small, on purpose, in advance.
Related terms
Guard
Your business rules, enforced before an agent's action runs — caps, allowlists, approval thresholds, freeze blocks.
RBAC (role-based access control)
Govern agents by job function — bundle capabilities into roles and assign them, instead of per-agent keys.
Scope
Least privilege for agents: the deliberate set of capabilities an agent is granted — and everything else is invisible.
Agent control plane
The layer in the path of every agent action that decides, enforces, and records what each agent can do.
Put every agent your company runs under one policy.
Watch HiveKey scope, guard, and block a live action on your own agents — 30 minutes, no slides, no commitment.