Skip to content

Your AI agent is the most over-privileged account you own

7.8 relevance
Score Breakdown
technical depth
7
novelty
8
actionability
8
community
8
strategic
8
personal
9

Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.

Critical look at AI agent permissions, highly relevant and actionable.

AI/ML dev.to
Your AI agent is the most over-privileged account you own
Summary

AI agents typically receive unrestricted shell access, personal API keys from environment variables, and read access to SSH keys—turning prompt injection into a command channel—so the author's six rules counteract this by scoping agents to task-specific commands like Bash(git *), granting dedicated short-lived service identities, restricting filesystem to one writable workspace, allowlisting egress, gating irreversible actions with human confirmation, and logging all activity for anomaly detection. This applies least privilege principles standard for human accounts to contain agents as potentially compromised deputies.

Author

Kiell Tampubolon

More from Kiell Tampubolon →