Risk
Over-Scoped Agent Tool Permissions and Connectors
Description
Agents are configured with access to tools, connectors, or scopes beyond what their business purpose requires, expanding the blast radius of any compromise.
Example
A meeting-summarization agent has full read/write access to the company CRM via a connector that grants org-wide scope when the agent only needs read for the user's own calendar.
Assets Affected
AI Agent
Tool
Skill
3rd-Party AI Integration
Agent Identity
Mitigation
- Apply least-privilege scoping at agent build
- map tool and connector permissions to business need
- review and prune scopes during posture analysis
- alert on scope expansion.
Standards Mapping
- ISO: A.9.4, A.10.2
- OWASP agentic: ASI03, ASI02
- OWASP LLM: LLM06:2025
- EU AI Act: Art. 14, Art. 15(5)
- DASF: Agents-MCP Server 13.22, Agents-Core 13.2
- AIUC-1: B006, A003