Those of you running AI agents in prod — how are you actually managing their permissions?

Reddit r/AI_Agents News

Summary

The article asks how engineers manage permissions for AI agents in production, highlighting common problems with broad access and lack of audit trails.

This is basically every setup I've seen lately. Engineer gives an agent broad access "just for now," it ships, and later nobody can say what it's allowed to touch or what it actually did. Genuinely curious how others handle it: Does each agent get its own identity, or a shared key? Least privilege, or admin-because-it's-easier? Any approval step for risky actions? Any audit trail? Trying to figure out if I'm overthinking this or if everyone's quietly sitting on the same problem.
Original Article

Similar Articles