What is Least Agency?

1 min read Updated

The principle that AI agents should be granted only the minimum autonomy required for their task — not just what they can access (least privilege), but how much freedom they have to act without human approval.

WHY IT MATTERS

Least privilege restricts what an agent can access. Least agency goes further — it restricts what an agent can decide. An agent might have access to a payment tool but require human approval for each use, or be limited to transactions under a threshold.

Coined by OWASP's 2026 Agentic Top 10, least agency recognises that access control alone is insufficient for autonomous systems. The scope of autonomy itself must be governed.

Running agents against MCP servers? Route them through PolicyLayer and every tool call is checked against policy first.

PUT POLICY ON YOUR TOOL CALLS →

Enforced before the call runs. Nothing to install.

HOW POLICYLAYER USES THIS

PolicyLayer enforces least agency through policy-defined boundaries — rate limits, budget caps, category restrictions, and approval requirements that constrain how much freedom an agent has, not just what it can see.

FURTHER READING

// THE REGISTRY

Every MCP server your agents touch has a registry record.

Type a name, get the breakdown: verified identity, auth posture, risk grade, every tool classified, recommended policy. Re-checked continuously.

Teams ship this data inside their own products. See what a licence covers →

Take your agents live. Without losing control.

Route your MCP traffic through PolicyLayer. Every tool call is checked against your policy before it runs: allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

Instant setup, no code required.

46,500+ MCP servers and 515,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.