How do you give AI agents access without over-permissioning?

Question

To make AI agents more efficient, we need to build feedback loops with real systems: deployments, logs, configs, environments, dashboards.But this is where things break down.Most modern apps don&rsquo;t have fine-grained permissions.Concrete example: Vercel. If I want an agent to read logs or inspect env vars, I have to give it a token that also allows it to modify or delete things. There&rsquo;s no clean read-only or capability-scoped access.And this isn&rsquo;t just Vercel. I see the same pattern across cloud dashboards, CI/CD systems, and SaaS APIs that were designed around trusted humans, not autonomous agents.So the real question:How are people actually restricting AI agents in production today?Are you building proxy layers that enforce policy? Wrapping APIs with allowlists? Or just accepting the risk?It feels like we&rsquo;re trying to connect autonomous systems to infrastructure that was never designed for them.Curious how others are handling this in real setups, not theory.

vitramir · Accepted Answer

There&rsquo;s also a related issue: many services use per-project API tokens. When agents need access to multiple projects, you have to pass several tokens at once. Which often leads to confusion and erratic behavior, including severe hallucinations.

verdverm · Answer

If you use a cloud like AWS, GCP, or Azure... you give it an SA and you give access with very fine grained permission controls
It's more about specific apps than modern apps and how your org puts their infra together.
I don't have your problem, I can give my agents all sorts of environments with a spectrum of access vs restrictions

imidov · Answer

There&rsquo;s no clean read-only or capability-scoped access.-> always found that to be a no brainer backend feature, somehow most platforms misses that

fsflover · Answer

Qubes OS allows to isolate any workflow with hardware-assisted virtualization.

ninan980805 · Answer

I am surprised vercel doesn't have fine-grained control. Supabase for example allows developer to config IAM roles and which role has read-only or read-write access to which tables. And each IAM role comes with its own token. This way people can easily configure a set of permissions agent should have access to and give that token to agent.

How do you give AI agents access without over-permissioning?

There’s also a related issue: many services use per-project API tokens. When agents need access to multiple projects, you have to pass several tokens at once. Which often leads to confusion and erratic behavior, including severe hallucinations.

There’s no clean read-only or capability-scoped access.-> always found that to be a no brainer backend feature, somehow most platforms misses that

Qubes OS allows to isolate any workflow with hardware-assisted virtualization.