The Model
Every agent has data access scopes — what records it can read, what it can write, what it can delete. Scopes enforce at API layer; Trust Layer audits. Agents can’t exceed their declared scope.
Least Privilege
Default to minimum necessary. A prospecting agent reads leads; it doesn’t need case data. A support agent reads cases; it doesn’t need closed-won opportunities. Narrow scopes reduce blast radius.
Audit
Every data access logs. Review quarterly — is the agent actually using all its scope? Shrink unused access. An audited agent costs less and poses less risk.
User Consent
Users activating agents see declared scopes. ‘This agent will access: your contacts, open opportunities, recent activity.’ Transparency at activation reduces downstream surprise and complaint.