In an enterprise AI system, we use already established role-based access control as a reference to perform actions. In theory, and to an extent, that should be enough. The rule is simple: if an employee or a user has permission to a document, the system allows it; otherwise, the access is blocked.
The problem with this simple rule is with modern AI agents – they do not behave like a traditional application. An AI agent takes a simple request, interprets it, pulls information from multiple systems, and the agent is allowed to perform actions on the user’s behalf. During these access grants and actions, the original intent is abused and adds exploited privilege to the agent that leads to reveal of information that a user (agent) should never have received in that context.
Read the original article: