New Theory Proposes 'Least Autonomy' for Agentic AI Security.

Christophe Parisel· July 14, 2026 View original

▶ The 2-minute explainer

Summary

This paper introduces "least autonomy" as a new security principle for agentic AI systems, extending the traditional "least privilege" concept to address how AI agents can combine and amplify permissions across workflows. It develops a formal theory including a compositional blast radius, an agent influence graph, and a collusion predicate to detect unauthorized capability composition.

A new theoretical framework, "least autonomy," is proposed to enhance security for increasingly autonomous AI systems. The authors argue that the long-standing principle of "least privilege," which limits permissions to only what's strictly necessary, is insufficient for agentic AI. This is because AI agents can dynamically combine, approve, and amplify their permissions across various workflows and system boundaries, creating new security challenges. The proposed theory formalizes this concept by defining a compositional "blast radius" that measures the structural separation between actions within an enterprise hierarchy, incorporating confidentiality, integrity, and control-context labels. It also introduces a directed "agent influence graph" to model how agents interact and influence each other, based on shared resources and communication. Finally, a "collusion predicate" is developed to detect unauthorized authorization composition, decision manipulation, and cross-domain capability integration, providing a more robust security model for complex AI deployments.

Why it matters

As AI systems become more autonomous and integrated, ensuring their secure operation requires new principles beyond traditional access control, making "least autonomy" critical for preventing unintended or malicious actions.

How to implement this in your domain

  1. 1Evaluate existing AI agent deployments against the principles of "least autonomy" to identify potential security gaps beyond traditional "least privilege."
  2. 2Develop internal guidelines for designing agentic AI systems that explicitly consider the "blast radius" of actions and potential for permission amplification.
  3. 3Implement monitoring tools that can track agent influence graphs and detect patterns indicative of unauthorized capability composition or collusion.
  4. 4Integrate "least autonomy" considerations into the security architecture review process for all new AI-powered products and services.

Who benefits

CybersecurityAI DevelopmentFinancial ServicesGovernmentDefense

Key takeaways

  • Traditional "least privilege" is inadequate for securing agentic AI systems due to their ability to combine and amplify permissions.
  • "Least autonomy" is a proposed new principle to manage the security risks of autonomous AI.
  • The theory includes concepts like compositional blast radius and agent influence graphs for formalizing AI security.
  • A collusion predicate helps detect unauthorized capability composition and decision manipulation in AI systems.

Original post by Christophe Parisel

"arXiv:2607.09744v1 Announce Type: new Abstract: Least privilege, the principle that an identity should hold only the permissions strictly required for its task, has been a foundational primitive of access control for decades. We argue that this principle is insufficient for agent…"

View on X

Originally posted by Christophe Parisel on X · view source

Want to go deeper?

Turn these trends into skills with Learnijoy's hands-on AI & tech courses.

Explore courses