Most AI risk is just access you forgot to scope
The scary failures aren’t clever. They’re an agent doing an ordinary thing with permissions nobody meant to grant.
When people picture AI going wrong, they imagine something dramatic — a model scheming, an emergent goal. The failures I actually worry about are duller and far more common: an agent given broad access because narrowing it was a hassle, doing exactly what it was asked, somewhere it should never have been able to reach.
Least privilege is decades old and unglamorous, and it’s still most of the answer. An agent should be able to touch the minimum it needs to do its job, and nothing wider — not because we expect it to misbehave, but because the cost of being wrong about that should be small.
Capability gets the headlines. Scope is what keeps capability from becoming an incident.
Written by Davor Cukeric — an AI builder, systems integrator, and problem solver in Ottawa, Canada, working on AI that earns its trust. More about me.