Built a permission control layer for AI agents after getting frustrated with how much access they ship with by default — looking for feedback from people who've thought about this
ve been spending weekends building something after running into the same problem repeatedly: AI agents get deployed with owner-level access to databases, APIs, and file systems because nobody has a good answer for how to scope them down.
The problem feels similar to the early days of cloud IAM — before anyone took least-privilege seriously for service accounts — except agents are faster-moving, harder to audit, and often act on behalf of specific users in ways that blur accountability.
What I built (Kynara) tries to address a few things:
Scoped roles per agent — what tools it can call, under what conditions, on whose behalf
ABAC alongside RBAC so you can write policies like "this agent can only read records belonging to the requesting user"
A full audit trail of every permission decision, not just the final action
Guardrails that connect to monitoring platforms (Grafana, Datadog, PagerDuty) and can disable an agent automatically if something looks wrong
It's live at kynaraai.com and very much a work in progress.
What I'm genuinely unsure about and would love input on:
Is the threat model I'm solving for — agents exceeding their intended scope — actually the top concern for people working in this space, or is something else higher priority right now?
The audit trail approach assumes the agent runtime is trustworthy. Is that a reasonable assumption or a hole people would immediately poke at?
Anyone who's tried to actually enforce least-privilege on an agent deployment — what broke first?
Not looking for compliments, looking for the sharp edges I haven't found yet.