Home / Companies / Permit.io / Blog / Post Details
Content Deep Dive

Zero Standing Permissions for AI Agents: Lessons from Hermes Blank Slate and Toolset Pinning

Blog post from Permit.io

Post Details
Company
Date Published
Author
Or Weis
Word Count
1,629
Company Posts That Month
19
Language
English
Hacker News Points
-
Summary

Hermes Agent's "Blank Slate" approach exemplifies the zero standing permissions (ZSP) model for AI agents, emphasizing minimal initial access and granting permissions only as needed for specific tasks. This model enhances security by ensuring that AI agents do not have persistent access to sensitive tools or data, thereby reducing the risk of unauthorized actions. The framework involves multiple layers, such as baseline-deny configurations and runtime checks, to enforce context-aware authorization. The approach advocates for tools to start disabled by default, thereby minimizing potential exposure from prompt injections or model errors. The ZSP model is complemented by static pinning of essential tools and dynamic, just-in-time (JIT) grants for sensitive actions, which are subject to stringent audit trails and revocation policies. By transitioning from all-on-by-default to a more controlled runtime-authorized model, organizations can maintain productivity while enhancing security and auditability.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
MCP 16 6,026 689 188 -15%
AI Agents 7 4,874 1,103 240 -1%
Developer Experience 1 384 227 88 -19%