How Agents Ask for Permission: User Permissions for AI Agents, from Interfaces to Enforcement

πŸ“… 2026-07-15
πŸ“ˆ Citations: 0
✨ Influential: 0
πŸ“„ PDF
πŸ€– AI Summary
This study addresses the lack of support for users’ personalized permission preferences in current AI agents, as existing security mechanisms predominantly rely on uniform policies that fail to accommodate diverse authorization needs. The work presents the first comprehensive user-level permission management taxonomy, systematically derived from an analysis of 21 academic proposals and five leading commercial AI agents, spanning user interface configuration, policy generation, and runtime enforcement. Through a combination of literature review, taxonomic modeling, and empirical comparison, the paper identifies key commonalities, discrepancies, and critical research gaps between academic approaches and industrial practices in permission specification, inference, and enforcement. These insights establish a foundational framework for designing customizable, secure, and trustworthy permission systems for AI agents.
πŸ“ Abstract
As AI agents gain prevalance, users are increasingly exposed to the risks such systems entail. Prompt injection attacks, as well as hallucination, can cause agents to leak private information to third parties. As autonomous systems, agents also present the more active danger of performing sensitive tasks, such as bank transactions, without the user's intent or authorization. Recognizing this challenge, the agentic security community has developed numerous proposals for secure agentic systems. Much of this work has focused on product-level approaches, where agentic system developers determine and apply the same security policies and permissions to all users. Yet different users have different needs and preferences, necessitating support for user-level permissions policies in agentic AI systems. To understand how user-level permissions are handled in AI agent systems, we survey 21 proposals for agent permissions systems. From this review, we construct a taxonomy of how different systems specify user-level permissions policies, both at the user interface and internally; derive internal policies from user input; and enforce those policies at run-time. We then analyze five prominent commercial agents and compare their permissions handling to agentic permissions systems in the literature. We identify several high-level themes across the literature and commerical agents, as well as multiple gaps where future work is needed.
Problem

Research questions and friction points this paper is trying to address.

AI agents
user permissions
permission enforcement
autonomous systems
security policies
Innovation

Methods, ideas, or system contributions that make the work stand out.

user-level permissions
AI agents
permission enforcement
security taxonomy
autonomous systems