Can zero standing privilege secure agentic AI?
My latest on the Curity blog explores a new and emerging practice in the cybersecurity space: zero standing privilege (ZSP)
What is zero standing privilege (ZSP)? Today, I look at this topic and consider why it's gaining traction in the identity and cybersecurity realm as a response to new agentic AI risks.
ZSP is essentially least privilege on steroids: No standing privileges whatsoever. Access is task-specific, granted in real time, and removed immediately after the action is complete.
As I mention in the post, agentic AI underscores the need for zero standing privilege. It's one way to combat some of the access control threats emerging around autonomous AI — since it's probabilistic it can do some pretty unpredictable things, especially when given access to various APIs and tools.
There's also the potential for authorization sprawl, shadow MCP tool access, and privilege drift in agentic systems, which a ZSP architecture could help mitigate.











