When you assign a credential to an AI agent, you are granting it the full power of that credential's API key.

If your assistant only needs to read customer subscription status, but you give it a standard Stripe API key, you have introduced a high-risk security hazard. If the agent's LLM is compromised via prompt injection, it can be manipulated into executing write operations like issuing refunds, deleting databases, or spinning up expensive GPU instances.

This vulnerability is known as Excessive Agency—one of the top security risks in LLM deployments (OWASP LLM02).

Here is why static API keys are a privilege trap for autonomous agents, and how we can enforce boundaries at the gateway level.

1. The Threat of Excessive Agency