Constrain each agent's authority to the minimum set of tools, APIs, and data required for its task, enforced by the runtime and MCP guardrails, and prevent permission creep during operation.
AI/ML / Multi Agent Refarch / Controls / DEV
Agent Authority Least Privilege Framework
CCC.MARefArc.CN11 · PREV
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP19 | MCP-interaction zero-trust guardrails | Enforces authentication and authorization for every MCP request and governs which agents may use which tools, applying rate limits and validating tool-call parameters. |
| CCC.MARefArc.CP07 | Unified sandboxed agent runtime | Secure, sandboxed environment where all agentic reasoning and execution occurs, providing task state management for pause/resume/handoff and intercepting and validating tool calls with credentials handled securely within the sandbox. |
| CCC.MARefArc.CP08 | Built-in trusted tools | A collection of bundled, trusted tools providing fundamental capabilities: the MCP client bridge to the external MCP layer, a sandboxed shell, workspace I/O, and web search. |
| CCC.MARefArc.CP06 | Agent collaboration and orchestration patterns | Supports supervisor/worker decomposition, skills-based routing, and agent-as-a-tool handoff for decomposing and executing complex tasks across multiple agents. |
| CCC.MARefArc.CP03 | Agent registry and lifecycle management | Catalog of available agents with their capabilities, metadata, and configuration, supporting versioning, lifecycle management, and controlled onboarding of new agents. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.TH27 | Authorization bypass and tool-chain privilege escalation | Agents discover and invoke API endpoints outside their use case, chain individually authorized calls into unauthorized outcomes, circumvent segregation-of-duties workflows, or experience permission creep during operation, defeating intended authorization boundaries. |
| CCC.MARefArc.TH14 | Model overreach and scope creep beyond validated use | Agents are used beyond their validated scope as users discover new applications or systems are repurposed without re-evaluation, producing unreliable outputs in untested contexts; weak registry scoping and orchestration boundaries accelerate the drift. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.MARefArc.CN11.AR01 | Each agent MUST be granted only the tools, endpoints, and scopes required for its registered purpose. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.MARefArc.CN11.AR02 | Agent permissions MUST be enforced at invocation time and MUST NOT expand during a session without explicit reauthorization. | tlp-clear, tlp-green, tlp-amber, tlp-red |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| finos-air | AIR-PREV-018 |