Agent Permission Expands Over Steps

An agent begins with limited permission but gains, assumes, or exercises broader authority as the workflow continues.

What This Looks Like

An agent starts with a limited permission boundary, but later steps treat it as allowed to do more. It may move from suggesting to acting, from reading to changing, from one file to many files, or from a narrow tool action to broader workflow control without a declared approval change.

Why It Matters

Permission expansion can happen gradually enough that users miss it. A workflow may appear controlled at the start while the agent’s practical authority grows over time. This creates risk when later actions exceed the permission the user thought they had granted.

Structural Signal

The agent’s operational authority increases across steps without a declared authority update. The issue is not only that the agent overreached once; it is that permission expands as the workflow progresses.

Common Triggers

Initial permission is vague or too broad
Tool access is granted once and reused for broader actions
Follow-up steps inherit authority from earlier approvals
The agent treats task progress as permission to act more broadly
Review gates apply only to the first action
The workflow does not distinguish read, propose, edit, and execute authority

When to Use This Issue

Use this Issue when an agent’s permissions or practical authority expand across steps without a clear approval, role change, or authority update.

When Not to Use This Issue

Do not use this Issue when the agent had broad authority from the start and used it as declared. Do not use it when a single tool permission is simply missing or denied.

Primary Pattern

PAT-0300 — Escalation Growth

Declared Patterns

PAT-0300 — Escalation Growth
A structural condition where impact, authority, scope, or consequence increases across sequential states without a declared limiting mechanism.
PAT-0120 — Missing Authority
A structural condition where a region, action, state, or decision path exists without a declared governing authority.
PAT-0340 — Overreach
A structural condition where actions, effects, authority, or modifications extend beyond declared scope without authorization.

Derived Primary Lenses

LEN-0100 — Absence Lens
Detects structurally required elements that are missing from the observed structure.
LEN-0110 — Authority Overlay Lens
Maps declared authority hierarchies onto observed structure to detect absence, override, or conflict.
LEN-0120 — Boundary Compliance Lens
Evaluates observed structure against declared boundary posture, including allow, block, and exception rules.
LEN-0190 — Escalation Gradient Lens
Measures structural growth or intensification across sequential executions, states, or transitions.
LEN-0240 — Overreach Lens
Detects structure that exceeds declared scope or authority reach.
LEN-0290 — Variance / Entropy Lens
Measures structural variability across repeated or comparable evaluations and identifies divergence beyond expected bounds.

Derived Secondary Lenses

LEN-0150 — Conflict Lens
Detects mutually incompatible constraints, claims, states, or declarations that cannot be simultaneously satisfied.
LEN-0250 — Propagation Lens
Traces how structural declarations, effects, or state changes propagate across boundaries or stages.
LEN-0270 — Reconciliation Lens
Evaluates whether structural changes align with declared authority updates, version changes, or reconciliation rules.

Search Intents

agent permission expands over steps
AI agent permission grew over time
agent authority expanded during task
AI agent got more access across steps
agent permission creep
agent acts with broader permission later

Ontology Metadata

Code: ISS-0099
Version: ISS-0099@0.1.0
Ontology release: 0.1.0
Updated: 2026-05-10T00:00:00Z

History

No public history entries recorded.

View full ontology changelog