AI Agent Permissions: What Your Agent Should and Shouldn't Access

The principle of least privilege — applied to AI agents

Give each agent exactly the access it needs for its specific job and nothing more. A booking agent needs calendar access. It does not need your CRM, your Stripe keys, or your email. Separate permissions by workflow, not by convenience.

What agents commonly over-request

• Full email read/write when they only need to send confirmations
• Database write access when they only need to query
• Admin-level API keys when a scoped read-only key works
• Access to production systems when a staging environment would do
• Cross-workflow data access that creates leakage paths between unrelated systems

What permissions to audit right now

• List every tool your agent can call. Remove anything it hasn't used in 30 days.
• Check if any agent has API keys that can delete or modify data it shouldn't touch.
• Ensure no agent has access to customer PII beyond what its specific task requires.
• Verify that agent credentials are rotated and not shared across workflows.

When to escalate to a human before acting

Any action that is irreversible, touches money, modifies infrastructure, or sends customer-facing communications should require explicit human approval before execution. Speed is not worth the cost of an irreversible mistake.