A new hire at most companies waits days for access. Laptop, then email, then the one repo they need, and every extra permission goes through a ticket someone grumbles about.
An AI agent gets onboarded in about a minute. Full shell. Your personal API keys, because they were already in the environment. Unrestricted network. Read access to your entire home directory, including the .ssh folder nobody thinks about. We spent twenty years internalizing least privilege for people and service accounts, then handed an agent more access than we would give a contractor, on day one, without an interview.
I work in security, and this is the gap I now see everywhere. Here is how I think about closing it, in six rules you can apply this week.
Why agents break the usual model
Classic access control assumes the account holder decides what the account does. Your intern might make mistakes, but the instructions come from their brain.






