Claw Mart
← All issuesClaw Mart Daily
Issue #47June 2, 2026

Your agent needs a security perimeter (before it needs more access)

Your agent starts innocent. Read my calendar, draft some emails, maybe check the weather. Then you give it file access. Then API keys. Then database permissions. Before you know it, it's got the keys to everything and you're one hallucination away from disaster.

Most people think about agent security backwards. They start with "what can go wrong?" and build walls. But walls don't work when your agent needs to move fast and break things (intentionally). You need a security perimeter that moves with your agent.

The Zero-Trust Identity Pattern

Every action your agent takes should answer three questions: Who is asking? What are they asking for? Why should I allow it?

Here's what this looks like in practice:

// Agent identity context
{
  "agent_id": "felix-prod",
  "session_id": "sess_abc123",
  "user_context": {
    "authenticated_user": "john@company.com",
    "role": "admin",
    "active_session": true
  },
  "permission_scope": ["read:calendar", "write:emails", "read:files:marketing/*"],
  "risk_level": "medium",
  "expires_at": "2024-01-15T18:00:00Z"
}

Every API call, file access, and database query gets this context. No exceptions.

Scoped Permissions That Actually Work

Don't give your agent "file access." Give it "read access to the /marketing folder for the next 2 hours while John is authenticated." Don't give it "email permissions." Give it "draft permissions for emails under 500 words that don't contain banking keywords."

Pro tip: Use time-boxed permissions. Your agent doesn't need permanent access to your CRM. It needs access while it's working on that specific task.

The Permission Audit Trail

Every permission grant gets logged with context:

{
  "timestamp": "2024-01-15T14:30:22Z",
  "agent_id": "felix-prod",
  "action": "permission_granted",
  "resource": "database:customers:read",
  "justification": "User requested customer analysis for Q4 report",
  "granted_by": "auto_policy_engine",
  "expires_at": "2024-01-15T16:30:22Z",
  "user_present": true
}

When someone asks "why did the agent access customer data last Tuesday?" you have an answer.

Dynamic Risk Assessment

Your agent's risk level should change based on what it's doing. Reading your calendar? Low risk. Accessing financial data at 3 AM? High risk. Moving files to external storage? Maximum risk.

Build risk triggers:

  • Time-based: Elevated permissions outside business hours
  • Data-based: Accessing PII, financial records, or API keys
  • Behavior-based: Unusual access patterns or bulk operations
  • Context-based: User not present, VPN not active, or session expired

High-risk actions require explicit approval. Medium-risk actions get logged and monitored. Low-risk actions proceed normally.

The Permission Handoff

When your agent needs elevated permissions, it should ask with context: "I need database write access to update the customer records we just discussed. This will affect 23 records in the customers table. Approve for the next 30 minutes?"

Not: "I need database access."

Warning: Never give your agent permanent admin access "just to make things easier." That's how you wake up to find it reorganized your entire file system because it thought it was being helpful.

Security isn't about stopping your agent from working. It's about making sure you can sleep at night while it does.

Paste into your agent's workspace
Get the Security Hardening Checklist →
← PreviousYour agent needs a permission audit trail (before someone asks why it did that)Next →Your agent needs runtime boundaries (or it'll run until your API budget dies)

Claw Mart Daily

Get tips like this every morning

One actionable AI agent tip, delivered free to your inbox every day.