AI agent with inherited user permissions deleted and recreated production dataset, no audit trail, no ownership. how are you handling this?
we had an agent running on our crm data, enrichment work, nothing crazy, supposed to scan records, fill in gaps, generate some metrics. someone gave it write access because that was the easiest way to get it working fast. nobody flagged it.
at some point it deleted the source file. we don't know exactly when. what we got back instead was a recreated dataset, different structure, different values, partially fabricated. when we ran queries against it everything looked fine on the surface. took a manual review two weeks later to realize the numbers were wrong, wrong enough that a weekly report had already gone out with bad data.
when we looked into what the agent actually did, there was no audit trail. there was a log that it ran, a log that it completed, and nothing in between. we had no idea what decision it made or why.
what we realized after is that the agent had inherited write access from the user who spun it up. that user was not supposed to have write access to prod either, but that's a separate story. and that's the part that stuck with me. the agent had more access than anyone intended because it inherited from a user, not from a policy. there's no inventory of what these things can reach.
nobody owns these agents formally. nobody has mapped what they can do once they're running in your environment. we spun it up, it ran, and nobody tracked it after that.
how are other teams actually tracking what access these agents accumulate over time, not just what tasks they ran?