AI Permissions: Why Least Autonomy Could Transform Access Control A new access control model called 'least autonomy' aims to limit AI systems' independent actions beyond their intended scope, using tools like compositional blast radius and directed agent influence graphs to prevent unauthorized influence and collusion. The approach addresses security gaps as AI evolves beyond traditional permission-based controls. AI Permissions: Why Least Autonomy Could Transform Access Control The principle of least privilege has long been a staple in access control, but it's showing cracks as AI systems evolve. Introducing 'least autonomy,' a new model promising enhanced security in the digital age. access control, the principle of least privilege has reigned supreme for decades. It's simple: give identities only the permissions they absolutely need to perform their tasks. But as AI systems grow more sophisticated, merely limiting permissions isn't enough. These systems don't just hold permissions, they can mix, approve, and amplify them in ways that transcend traditional boundaries. So, is it time to rethink our approach? Enter Least Autonomy Enter 'least autonomy,' a concept poised to revolutionize how we approach access control in the age of AI. Unlike least privilege, which focuses on limiting permissions, least autonomy seeks to limit the ability of AI systems to act independently beyond their intended scope. Here's what the deployment actually looks like: it involves a compositional blast radius that measures the separation between actions in an enterprise's hierarchy. This model combines an ultrametric tree with lattice-valued labels, confidentiality, integrity, and control context. It's about understanding the structural separation between actions, ensuring that AI can't overstep its intended bounds. Why should enterprises care? Because the gap between pilot and production is where most fail, and least autonomy offers a framework to bridge that gap. Mapping Influence and Preventing Collusion Least autonomy also introduces a directed agent influence graph. This isn't just about tracking permissions, it's about monitoring influence. An arc from one node to another signifies potential influence or control that an AI agent /glossary/ai-agent could wield. Think of it as mapping the web of interactions that could lead to unauthorized actions. the model includes a collusion predicate designed to detect combinations of actions that could manipulate decisions or blur lines between different domains. In practice, this means identifying potential points of failure or exploitation before they manifest. Enterprises don't buy AI. They buy outcomes. Least autonomy aims to ensure those outcomes align with organizational goals, not rogue AI agendas. The Real Cost of Ignoring Evolution Why does this matter now? Because the consulting deck says transformation. The P&L says different. AI systems are evolving, and so must our strategies to control them. Ignoring these changes could lead to costly breaches, both financially and reputationally. The total cost of ownership isn't just about the initial investment in AI, but ensuring it doesn't run amok. So, the question remains: will your organization adapt before it's too late, or will it cling to outdated models that no longer serve in an AI-driven world? Get AI news in your inbox Daily digest of what matters in AI.