Scope
Least privilege for agents: the deliberate set of capabilities an agent is granted — and everything else is invisible.
Scope is the set of capabilities an agent is allowed to use at all. It’s least privilege applied to AI agents: rather than handing an agent a raw key with the full powers of an account, you grant a deliberate, minimal set of actions — mail_send, crm_read — defined once as a reusable role and applied across the fleet.
What makes scope different from a traditional permission list is invisibility. Capabilities you don’t grant aren’t merely denied; they’re filtered out of the agent’s tool manifest entirely. An agent that was never given vault_get doesn’t see it in its tool list, so a prompt-injected “reveal the API key” request has no tool to call. Denied becomes nonexistent.
Scope answers the question “what can this agent ever do?” — the broadest of the three control questions. It pairs with guard, which answers “should this specific action run right now?”, and log, which records what happened. Together they cover every action an agent takes.
In practice, scope is enforced through roles: define the capabilities for a job once, assign the role to one agent or a hundred, and change it in one place when the job changes.
Related terms
Guard
Your business rules, enforced before an agent's action runs — caps, allowlists, approval thresholds, freeze blocks.
Least privilege
Grant an agent the minimum capabilities its job requires, and nothing more — starting from zero.
RBAC (role-based access control)
Govern agents by job function — bundle capabilities into roles and assign them, instead of per-agent keys.
Agent control plane
The layer in the path of every agent action that decides, enforces, and records what each agent can do.
Put every agent your company runs under one policy.
Watch HiveKey scope, guard, and block a live action on your own agents — 30 minutes, no slides, no commitment.