// GLOSSARY -- POLICY ENFORCEMENT

What is Agent Permission Creep?

1 min read Updated

The gradual, often unnoticed expansion of an AI agent's access rights and spending authority beyond its original scope — analogous to privilege escalation in traditional security.

WHY IT MATTERS

An agent starts with read-only access to a CRM. A developer adds write access for 'just this one task.' Another adds payment tool access. Six months later, the agent has broad, ungoverned access that no one explicitly approved.

Permission creep is insidious because each individual expansion seems reasonable. The cumulative effect is dangerous.

HOW POLICYLAYER USES THIS

Intercept's declarative YAML policies make the full scope of an agent's permissions visible and auditable. Permission changes go through code review, not ad-hoc grants.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.