Risk
Missing Per-Action Authorization Policy at Build
Description
No policy framework is defined at posture-set time for action-level authorization, leaving the runtime layer with only session-level controls.
Example
An agent is approved at session start, then chains 50 tool calls β including ones that access HR data β none of which is individually authorized against policy.
Assets Affected
AI Policy
AI Agent
Tool
Agent Communication Protocol (ACP)
Mitigation
- Define per-action authorization requirements at build time
- classify tools and actions by sensitivity
- specify which actions require secondary auth, human approval, or are auto-denied
- align build-time policy with runtime enforcement.
Standards Mapping
- ISO: A.9.4, A.6.2.5
- OWASP agentic: ASI02, ASI03
- OWASP LLM: LLM06:2025
- EU AI Act: Art. 14, Art. 15(5)
- DASF: Agents-Core 13.2, Model Serving 9.13
- AIUC-1: B006, D003