Access Control Built for Humans

For decades, enterprise security has been built around a simple model: humans are assigned roles, roles determine permissions, and systems enforce those permissions. RBAC — Role-Based Access Control — is so deeply embedded in enterprise infrastructure that most organizations don’t even think of it as a design choice. It’s just how security works.

Then AI agents arrived. And they don’t fit the model at all.

The Problem with Agents and RBAC

RBAC assumes that the entity requesting access has a predictable, stable intent. A database administrator queries the schema. A finance manager runs payroll reports. These are known roles with known behaviors. Permissions can be granted in advance because we know roughly what each role needs.

AI agents are fundamentally different. Their intent is dynamic. The same agent might, in a single session, query customer data to answer a support question, then pull inventory data to check availability, then access financial records to flag an anomaly. Its access needs shift with every step of its reasoning.

Traditional RBAC responds to this in one of two ways, both bad: grant the agent broad permissions so it can always access what it needs (too permissive), or restrict permissions so tightly that the agent constantly fails (too restrictive). Neither is acceptable in a production environment.

What Intent-Based Governance Means

Intent-based governance is a fundamentally different approach. Instead of asking what role does this agent have?, it asks what is this agent trying to do right now? Access decisions are made at the level of individual tool calls, in context, based on the agent’s declared intent and the task it’s executing.

This requires infrastructure that can: capture and log every action an agent takes with full context, evaluate tool calls against policies at runtime, enforce the principle of least privilege dynamically (granting only what’s needed for the current step), and maintain a complete audit trail that compliance teams can actually use.

Auditability Is Not Optional

One of the most underappreciated requirements for enterprise AI is auditability. When an AI agent makes a decision that affects a customer, triggers a financial transaction, or accesses sensitive records, you need to be able to answer: what data did it access, why did it access it, and what did it do with it?

Without intent-based governance infrastructure, these questions are unanswerable. The agent took an action — but which tool call triggered it? What data was in the context at that moment? What was the LLM’s reasoning?

For regulated industries — finance, healthcare, insurance — this isn’t a nice-to-have. It’s a compliance requirement. And it’s one that traditional RBAC was never designed to meet.

Building Governance Into the Runtime

The most practical path to intent-based governance is to build it into the execution layer rather than bolting it on afterward. When every agent action flows through a centralized runtime, governance becomes a first-class concern — enforced consistently, logged automatically, and auditable on demand. That’s the architecture enterprises need to deploy agentic AI safely at scale.