2 min readJust now

–

We are entering a strange new era in software. On one hand, we are pushing toward agentic AI systems that act autonomously, interpret goals, and complete tasks without constant supervision. On the other hand, we are also trying to apply zero trust security models, where every action must be authenticated, authorized, and verified.

These two forces are on a collision course.

To illustrate the tension, imagine this scenario.

You tell your AI agent, “Before you do anything, always ask me for permission.” Sensible, responsible, safe. The kind of thing every enterprise security lead would nod along to.

At first, it feels fine. One or two confirmation prompts. No big deal.

Then the prompts multiply. The agent asks for permission to check a directory. Then to list files. Then to open one. Then to copy a line. Then to execute a function. You spend more time approving steps than the agent spends performing them.

So you relax the rules a little. Then a little more.

Eventually, the agent has enough autonomy that the relationship flips. The agent has become the authority and you are the one asking it for permission.

The scene practically writes itself:

You: “Can I open my own downloads folder?”

Agent: “Access request logged. Please state your business purpose.”