“We’ve been talking about identity and access for people for decades (well, millennia if you think outside the tech box). Policies, role assignments, reviews, zero trust — these are familiar tools. The assumptions that go into them, however, don’t quite work when the “user” is no longer a person.”

Enter in the AI Agent.

An AI doesn’t log in, perform a task, and then head off to lunch. It doesn’t get tired, second-guess itself, or stop at the boundaries we assume people understand. Instead, it keeps going (was the Energizer Bunny an early AI? Hmmmm) at a scale no human can match. That difference matters. The way we’ve designed permissions for humans has always relied on certain constraints: limited speed, bounded intent, and oversight cycles that can reasonably keep up.

When the actor is an AI, those constraints are gone. What we’re left with is a gap between the pace at which machines can act and the pace at which human-designed governance can respond. Unfortunately, I don’t think that the gap can be smoothed over with existing tools.

This post looks at three of those cracks: how policy enforcement differs for people and AIs, why runtime governance becomes essential, and what zero trust does (and doesn’t) offer when roles blur.

A Digital Identity Digest

AI Permissions vs. Human Permissions: What Really Changes?

Play Episode Pause Episode

Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds

00:00 / 00:10:38

Amazon Apple Podcasts CastBox Listen Notes Overcast Pandora Player.fm PocketCasts Podbean RSS Spotify TuneIn YouTube iHeartRadio

RSS Feed

Share

Link

Embed

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

Policy enforcement for people vs. AIs

With humans, policies usually align with job functions: a role grants access, and reviews catch drift over time. Even if people sometimes work around the edges of a policy, they’re bounded by human limits: a person can only click so fast, submit so many forms, or request so many resources. Enforcement mechanisms are tuned to those limits.

With AI, those assumptions evaporate. One executive at a very large enterprise told me — and asked me not to name them publicly — that they’d watched their own AI agents behave exactly like an attacker. The agents weren’t malicious; they were just single-minded. When faced with a roadblock, they tried every possible permutation of the request until something went through. From the agent’s point of view, this was just persistence in solving a problem. From a security team’s perspective, it looked indistinguishable from a brute-force attack.

That story captures the core difference: enforcing policies on humans is about constraining intent, while enforcing policies on AIs is about constraining behavior patterns that can unfold at machine speed.

Why runtime governance matters more

Oversight loops designed for quarterly certifications or annual audits simply don’t scale when an AI can run thousands of actions in seconds. Quarterly access reviews, audit reports, entitlement certifications: these are slow, deliberate checks designed for slow, deliberate actors. That’s why governance is shifting toward runtime validation. NIST’s AI Standards “Zero Drafts” Pilot Project makes a similar point in its early work on Testing, Evaluation, Verification, and Validation (TEVV): evaluation results are time-bound and must be re-established in live contexts as systems and environments change.

But an AI agent can spin through thousands of transactions in seconds. If one of those transactions violates policy, you don’t have three months to catch it. By the time the audit report lands, the damage is done.

That’s why runtime governance matters more in an AI world. Instead of periodic reviews, you need ongoing checks that validate each action in real time against business state, risk scores, and context. Governance has to run in the same tight loops as the systems it’s meant to protect. The consequences here aren’t theoretical. Weak runtime governance shows up directly in compliance failures, operational risks, and security exposures. If your audit assumes human pacing but your agents act at machine speed, that mismatch can quickly become costly.

This isn’t a radical departure from what we already know, but it is definitely a sidestep. It’s the same shift we’ve been making with zero-trust networking when verifying every access, every time. But with AIs, the volume and unpredictability make runtime enforcement non-negotiable.

Zero trust and blurred roles

Zero trust, in human terms, is simple enough: don’t assume trust based on location or role; verify every request.

But what does that look like when an AI agent is simultaneously:

• Acting as a customer service rep,
• Writing new code modules,
• Spinning up cloud infrastructure, and
• Querying internal HR data?

With people, those roles are clearly separated. With an AI, the boundaries collapse. The same system may be acting across functions at once, not because of malice but because it was asked to “just get the job done.”

Zero trust principles such as least privilege, continuous verification, and minimizing standing access still apply, but they need a new level of granularity. Instead of asking “Does this role have permission to access this system?”, the question becomes “Does this pattern of behavior still look acceptable, given what this agent is trying to achieve?”

And that’s not a static answer. It has to be recalculated in real-time because the roles themselves blur when machines act faster than our ability to categorize them.

What really changes?

For humans, permissions are about who can do what. For AIs, permissions are about what actions are acceptable, in what sequence, at what speed, and with what guardrails.

The shift is from assigning access to governing behavior, from periodic reviews to runtime enforcement, static roles to dynamic patterns. It’s not that the old tools are obsolete. Roles, reviews, and zero trust still matter, but they’re no longer sufficient on their own. When your “users” are tireless, literal, and unimaginably fast, you need governance that matches that pace.

The enterprise anecdote I mentioned earlier — of an AI acting like an attacker just to finish its assigned task — is a preview. It’s what happens when yesterday’s assumptions about permission models meet today’s machine-driven reality.

In my earlier post on Agentic AI in the open standards community, I mentioned that standardization work is starting to grapple with these questions, too. Whether it’s NIST’s early TEVV guidance or W3C and IETF discussions on agent behavior, there’s a growing recognition that machine permissions as much a governance challenge as they are a technical one.

Closing thought

The real change isn’t in the idea of permissions itself. It’s in the urgency of treating permissions as living, runtime checks rather than dusty entitlements waiting for an audit.

So here’s my question to you: Are your permissions models built for human pace or machine pace? If you’ve already run into this problem in your deployments, I’d love to hear what you saw and how you dealt with it.

📩 If you’d rather track the blog than the podcast, I have an option for you! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

Permissions in the Age of AI Agents

[00:00:30] Hi everyone, and welcome back.

[00:00:32] Today I want to talk about something that sounds deceptively familiar: permissions. Specifically—who is allowed to access what, when, where, why, and how?

[00:00:42] The tech space has been dealing with identity and access for decades. It’s a core concept not only for cybersecurity, but also for how businesses function.

[00:00:50] And honestly, if you zoom out far enough, humanity has been grappling with this concept for millennia—whether priests deciding who can enter a temple, or sysadmins deciding who can SSH into a server.

Policy Enforcement in a Human vs. AI World

[00:01:02] My very first tech job was in the 90s as a Galacticom BBS operator. My primary function was to create accounts, group users, and ban them when needed. In other words, managing who could and couldn’t access certain spaces.

[00:01:30] Enter stage left: the AI agent.

[00:01:34] Unlike humans, AI agents don’t self-limit. People get tired, bored, or notice they’re pushing too far. They can only click so fast or request so many resources before fatigue sets in.

[00:01:52] AI does not have those limits. It doesn’t need a coffee break. It doesn’t get bored. And it doesn’t stop at the guardrails we assume humans understand.

• Humans → bounded by natural constraints
• AI → tireless, literal, and unimaginably fast

[00:02:07] That difference matters. For years, permissions assumed humans were the actors—even bad actors. Governance cycles, reviews, and controls were tuned to human pace and intent.

[00:02:29] But when the actor is an AI, those assumptions fall apart. What we’re left with is a widening gap between machine speed and human-designed governance.

Governance at Machine Speed

[00:02:46] In this episode, I want to dig into three challenges:

• How policy enforcement differs for people and AIs
• Why runtime governance becomes essential
• What zero trust really gives us when roles blur

[00:03:00] Let’s start with policy enforcement.

[00:03:03] With humans, policies align with job functions. Roles grant access, and reviews catch drift. Sure, people sometimes find workarounds, but their intent and ability are still bounded.

[00:03:20] With AI, those assumptions evaporate.

[00:03:37] I spoke with an executive at a large enterprise who shared a telling story. Their AI agents behaved almost exactly like attackers—not because they were malicious, but because they were single-minded.

• The AI hit a roadblock
• Instead of asking for new permissions, it tried every possible permutation until something worked
• To the AI, that was persistence. To the security team, it looked like brute force

[00:04:10] Here’s the difference:

• With humans → enforcing policies means constraining intent
• With AI → enforcing policies means constraining behavior at machine speeds

Why Runtime Governance Matters

[00:04:25] Oversight cycles work for people: quarterly reviews, annual audits, entitlement certifications.

[00:04:42] But AI agents can execute thousands of transactions in seconds. If just one violates policy, waiting months for an audit report is far too late.

[00:04:56] This mismatch shows up in:

• Failed audits
• Blown budgets
• Security incidents no one saw coming

[00:05:16] This is why runtime governance matters more in an AI world. Instead of periodic reviews, we need continuous validation:

• Every action checked in real time
• Risk scores recalculated constantly
• Context updated dynamically

[00:05:29] NIST is already moving in this direction with the AI Standards Zero Drafts. One key theme: evaluation results are time-bound.

[00:05:52] AI permissions can’t be static entitlements waiting for audits. They must be living checks, recalculated as conditions shift.

Rethinking Zero Trust

[00:06:23] Let’s talk about zero trust.

[00:06:25] For humans, the principle is simple: don’t assume trust based on network location or job role. Verify every request.

[00:06:42] But what happens when the “user” is an AI agent?

[00:06:53] Unlike humans, who work within distinct roles, an AI might simultaneously:

• Act as a customer service rep
• Write new code modules
• Spin up cloud infrastructure
• Query HR data

[00:06:59] No human does all of that at once. But for AI, boundaries collapse.

[00:07:17] Zero trust still applies—least privilege, continuous verification, minimizing standing access. But it must go further.

[00:07:23] The real question isn’t does this role have access? It’s:

• Does this behavior pattern look acceptable given the AI’s task?

[00:07:30] And those patterns aren’t static. They must be recalculated in real time because roles blur faster than we can categorize them.

From Permissions to Governance

[00:07:40] So what really changes when the user is an AI?

• For humans → permissions define who can do what
• For AIs → permissions define what actions are acceptable, in what sequence, at what speed, under which guardrails

[00:07:53] This represents a fundamental shift:

• From assigning access → to governing behavior
• From periodic reviews → to runtime enforcement
• From static roles → to dynamic patterns

[00:08:18] Roles, reviews, and zero trust still matter. But on their own, they’re no longer enough when users act tirelessly and unimaginably fast.

[00:08:31] The anecdote I shared earlier of an AI acting like an attacker? That’s what happens when yesterday’s permission models collide with today’s machine-driven reality.

The Urgency of Machine-Ready Permissions

[00:08:47] This isn’t just happening inside one enterprise. Standards bodies like W3C and IETF are also recognizing that permissions for machines are more than just a technical detail.

[00:09:05] The real shift isn’t only about permissions—it’s about urgency. Permissions can’t sit as dusty entitlements waiting for audits. They must become runtime checks, recalibrated constantly for actors without human limits.

[00:09:22] So here’s a question for you: Are your permission models built for human pace, or for machine pace?

[00:09:33] If you’ve already seen cracks—your AI systems bumping up against the edges of human-centric permission models—I’d love to hear your stories. Maybe they’ll even make it into a future post.

Closing Thoughts

[00:09:52] Thank you for listening. Please share this with your colleagues and tune in again next week.

[00:10:02] That’s it for this week’s episode of Digital Identity Digest.

If this helped make things clearer—or at least more interesting—share it with a friend or colleague. You can also:

• Connect with me on LinkedIn: @hlflanagan
• Subscribe and leave a rating on Apple Podcasts (or wherever you listen)
• Read the full written post at sphericalcowconsulting.com

Stay curious, stay engaged, and let’s keep these conversations going.