▲ 7 r/AskNetsec
Anyone actually restricting what agents can access, or are they just inheriting whatever the user has?
We've started giving AI agents access to internal tools and realized they're inheriting full user-level permissions with no guardrails. Nobody questions what they can read, write, or delete.
Is anyone actually scoping AI agent access deliberately, or is full inherited access just becoming the default? Curious how teams are thinking about this.
u/Cubeless-Developers — 1 day ago