How do you design tool permissions for an AI agent?hard

Type
scenario
Topic
tool-permissions
Frequency
common
Tags
tools, permissions, security
Answer

Give the agent the minimum tools and scopes needed for the task.

Explanation

Use allowlists, scoped credentials, argument validation, audit logs, dry-run modes, and separate read-only from write-capable tools to reduce blast radius.

Follow-upWhy is a read-only tool safer than a write-capable tool?