What is Permission Creep (Agent)?
The gradual accumulation of MCP tool permissions over time as new capabilities are added to an agent's configuration but old, unnecessary ones are never revoked. A common problem in long-running agent deployments.
WHY IT MATTERS
Permission creep is a well-known problem in traditional IT — employees accumulate access rights as they change roles, and nobody revokes the old ones. The same dynamic plays out with AI agents, often faster.
A development team adds a new MCP server for a specific task. The agent's configuration is updated to include it. The task completes, but the server stays in the configuration. Months later, the agent has access to fifteen servers when it actively uses three. Each unused permission is latent risk — attack surface that serves no operational purpose.
With AI agents, permission creep is accelerated by the pace of tooling. New MCP servers are published weekly. Developers experiment by adding them to agent configurations. The configuration file grows monotonically — additions are common, removals are rare. Nobody audits agent permissions because it is not obviously broken.
The compounding effect is what makes permission creep dangerous. Each individual addition seems reasonable. The aggregate creates an agent with access to file systems, databases, APIs, cloud infrastructure, and communication tools — far beyond any single task's requirements.
HOW POLICYLAYER USES THIS
Intercept combats permission creep by decoupling tool access from MCP client configuration. Even if an agent's client config lists many servers, Intercept's YAML policies define what is actually permitted. Policies are version-controlled and reviewable in pull requests, making permission additions visible and auditable. Regular policy audits are straightforward — compare the policy allowlist against actual tool usage from Intercept's audit logs to identify permissions that should be revoked.