Security and Safety

Least Privilege

The principle of least privilege dictates that agents receive only the minimum permissions needed to complete their assigned task, nothing more. This principle is foundational for agentic systems because agents are inherently unpredictable: a well-designed agent can still be manipulated through prompt injection, make reasoning errors, or hit unexpected edge cases that lead to unintended actions. In practice, least privilege means giving a code review agent read-only repository access rather than write access, limiting a database agent to SELECT queries rather than DELETE, and ensuring file system agents operate within scoped directories rather than at the root level.

subtopics

Minimal Permissions

Scoped Tool Access

connected to

MCP Client Roots OWASP Top 10 for LLMs Blast Radius Containment Ephemeral Execution Environments

resources

Claude Code: Permissionsdocs.anthropic.comHow Claude Code implements least privilege through tiered permission levels (docs.anthropic.com)OWASP: Excessive Agencygenai.owasp.orgOWASP's analysis of risks from over-permissioned LLM systems (genai.owasp.org)Principle of Least Privilegecsrc.nist.govNIST's formal definition of the least privilege principle (csrc.nist.gov)Building Effective Agentsanthropic.comAnthropic's safety recommendations including permission design (anthropic.com)

view in track