A Theory of Least Autonomy in AI Researchers propose a theory of least autonomy as a generalization of the least privilege principle for agentic AI systems, defining compositional blast radius and directed agent influence graphs to detect authorization composition and collusion across workflows. arXiv:2607.09744v1 Announce Type: new Abstract: Least privilege, the principle that an identity should hold only the permissions strictly required for its task, has been a foundational primitive of access control for decades. We argue that this principle is insufficient for agentic AI systems, which do not merely hold permissions but can combine, approve, and amplify them across workflows and system boundaries. We propose least autonomy as an appropriate generalization and develop a formal theory. First, we define a compositional blast radius d a,b that measures structural separation between actions in an enterprise hierarchy, combining an ultrametric tree with lattice-valued confidentiality, integrity, and control-context labels. Second, we define a directed agent influence graph G theta . An arc from U to V requires a directed shared-resource write-to-read meeting or a conservative undirected agent-to-agent A2A communication meeting, and a meeting-conditioned influence potential at or above an externally selected policy threshold theta. A catalogue-radius profile supports calibration and audit of theta. Finally, we define a collusion predicate over graph reachability that detects authorization composition, decision manipulation, and cross-domain capability composition.