In brief: AI agents with stable, broad permissions become uncontrolled super-users; they should instead be treated like sensitive service accounts with minimal, function-specific, and time-limited access.
A retail operation discovers changes in its systems the morning after an AI agent made them overnight: new external access points, adjusted firewall rules, closed tickets — without a single human login. The question CISOs must ask: At what point does an automated AI agent become practically a super-user with uncontrolled permissions?
The EU AI Act creates a comprehensive legal framework for artificial intelligence. It distinguishes between low-risk and high-risk applications, prohibits certain practices, and formulates strict requirements for AI in sensitive areas — including documentation, human oversight, and appropriate cybersecurity measures. However, at the operational level, the regulatory framework has a gap: it does not detail which accounts, API keys, and tokens AI systems may operate through, which systems they can reach, and who is responsible for these privileges.
In practice, permission assignment to AI agents follows a gradual process of expansion. When integrated into business processes, these systems initially receive precisely defined tasks — reset passwords, audit configurations, trigger maintenance jobs. To enable this, they are granted access through non-human identities such as service accounts or API clients. In projects, these accounts are often assigned permissions generously because people want to “block nothing.” As functionality grows and new integrations are added, original permissions are not fundamentally reviewed. The result: a few technical identities concentrate into permanently broad, cross-system privileges — genuine power accounts from automated workflows whose total rights few can fully understand anymore.
The solution lies in the consistent application of identity-and-access-management principles to AI systems. They must be treated as highly privileged identities within the existing role and permission model, not as a special case. Concretely, this means: it must be clearly documented which account belongs to which AI system, which specific actions are possible through it, and who bears functional and technical responsibility. An agent that resets passwords should not simultaneously be able to modify production data or adjust cloud infrastructure permissions. Instead of blanket administrator roles, function-specific, minimalist roles should be defined.
Particularly critical is the question of access duration. Permanently privileged accounts are an attractive target for both errors and attackers. More efficient is the use of just-in-time access mechanisms: permissions are activated only for the specific task and its execution window, then technically revoked afterward. An AI agent tasked with running a maintenance routine on a production database receives these rights for a limited time with centrally managed credentials — and automatically loses them once the task is complete.
Source: www.it-daily.net · Published June 30, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.