Topic

Least Agency

Least Agency is a security and governance principle that restricts system access and permissions to the minimum necessary for a function to operate effectively. In AI governance contexts, this means limiting model capabilities, data access, and computational resources to only what is required for a specific task, reducing the attack surface and potential for misuse. This principle is critical for compliance frameworks and helps organizations contain risks from compromised systems, unauthorized access, or unintended model behaviors.

1 item

ResearchGlobal2026-06-17

AI agent governance: why least privilege no longer solves the problem

Zenity reported that least privilege alone fails for agentic AI because agents can act outside their intended purpose while staying within their permission set. The report advocates for 'least agency,' decision budgets, and runtime scoping as the missing governance layer to constrain autonomous actions. Teams must define behavioral authorization rules and map runtime scoping to high-risk workflows to prevent unauthorized tool use.

Least Privilege Failure Least Agency Runtime Scoping Decision Budgets