Rules & guardrails
What is least privilege for an AI agent?
The first guardrail is access. Give the agent only what the current task requires, scoped per tool, preferring short-lived credentials so a mistake or hijack cannot reach beyond a small blast radius.
The first guardrail is access. Give the agent only what the current task requires, scoped per tool, and prefer short-lived credentials over standing ones. Okta’s guidance on least privilege for agents frames it as narrowing each grant so that a mistake, or a hijack, cannot reach beyond a small blast radius.[1] This matters most once an agent holds real tokens through tool use and MCP.