Thursday, May 21, 2026

Secrets, Permissions, and Tool Access Control for AI Systems

AI Should Never Hold Broad Power by Default

When AI systems can access tools, APIs, databases, or files, permission design becomes a core engineering concern. The model should not receive raw secrets or unrestricted access to production systems.

Access-Control Practices

  • Keep secrets outside model context and tool descriptions.
  • Use short-lived credentials, scoped service accounts, and server-side permission checks.
  • Separate read, draft, recommend, write, send, delete, and approve permissions.
  • Restrict tools by tenant, role, environment, workflow, and risk level.
  • Require approval for destructive, financial, external, or customer-facing actions.
  • Log access decisions, tool arguments, executed actions, and resulting changes.

Permissions Must Be Deterministic

Do not rely on the model to decide whether it is allowed to access or change something. Enforce permissions in application code and infrastructure.

Return to the AI for Engineers / Developers guide.

← Return to AI for Engineers / Developers Guide

You May Also Like

AI for Budget Planning and Forecast Drafts

Teacher AI Mistakes: What Not to Automate

AI for Forms, Templates, and Reusable Workflows