// GLOSSARY -- AGENTIC AI

What is Least Agency?

1 min read Updated

The principle that AI agents should be granted only the minimum autonomy required for their task — not just what they can access (least privilege), but how much freedom they have to act without human approval.

WHY IT MATTERS

Least privilege restricts what an agent can access. Least agency goes further — it restricts what an agent can decide. An agent might have access to a payment tool but require human approval for each use, or be limited to transactions under a threshold.

Coined by OWASP's 2026 Agentic Top 10, least agency recognises that access control alone is insufficient for autonomous systems. The scope of autonomy itself must be governed.

HOW POLICYLAYER USES THIS

Intercept enforces least agency through policy-defined boundaries — rate limits, budget caps, category restrictions, and approval requirements that constrain how much freedom an agent has, not just what it can see.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.