// GLOSSARY -- POLICY ENFORCEMENT

What is Agent Permission Creep?

1 min read Updated

The gradual, often unnoticed expansion of an AI agent's access rights and spending authority beyond its original scope — analogous to privilege escalation in traditional security.

WHY IT MATTERS

An agent starts with read-only access to a CRM. A developer adds write access for 'just this one task.' Another adds payment tool access. Six months later, the agent has broad, ungoverned access that no one explicitly approved.

Permission creep is insidious because each individual expansion seems reasonable. The cumulative effect is dangerous.

HOW POLICYLAYER USES THIS

Intercept's declarative YAML policies make the full scope of an agent's permissions visible and auditable. Permission changes go through code review, not ad-hoc grants.

FURTHER READING

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.