AI agents can’t hold a master key
By Eric Barroca
Published on March 23, 2026.
The author argues that the only identity model that scales safely is the delegate identity model. Agents are highly-information-intensive agents and can create unauthorized access and exposure at scale. The author states that an agent that can "do anything" poses an enterprise liability due to its extensive access control capabilities. This is where permissions must be enforced at the moment of access, not after generation or after review, and not through prompts. The solution involves delegating access to all systems and maintaining the same constraints, policies, and permission boundaries as the person who asked it to act. This approach doesn't eliminate complexity, but amplifies it. The article suggests that delegating AI agents to tasks requires careful coordination across security, infrastructure, and application layers.
Related Articles
Palantir Technologies shares are trading higher after reports suggesting that its Maven system will be listed by the Pentagon as a program of record, which may bolster future funding and deals for the AI weapons-targeting tool. - Palantir Technologies (NASDAQ:PLTR)
Palantir Technologies shares rose slightly after reports suggested that its Maven system would be listed as a potential government program, boosting investor confidence.
Xbox Partner Preview Will Reveal New Game Announcements This Week
The Xbox Partner Preview will feature new titles like S.T.A.E.R.K.E., and Stranger Than Heaven, with additional reveals and announcements announced on March 26.
Forget Tripods, DJI Lowers the Osmo Mobile 7P Gimbal Stabilizer to a Record Low as Its Spring Sale Extends Beyond Drones
DJI's spring sale includes a record low Osmo Mobile 7P Gimbal Stabilizer, offering excellent stabilization, lighting, and a variety of other options to enhance phone photography.