Home Data & Security Permissions and access control

Permissions and access control

Last updated on May 30, 2026

AOS gives you fine-grained control over what the agent company can reach. Nothing connects to your real tools, data, or production systems unless you grant it. This article explains how access works and how to keep the blast radius small.

Default posture: deny, then grant

When your instance is provisioned, integrations are walled off. You connect tools deliberately, so the team can only touch what you have explicitly granted. This is the opposite of a tool that asks for broad access on day one and hopes you click yes.

A fresh instance can think, plan, draft, and review entirely inside its own boundary without touching anything real. You open doors one at a time, on purpose.

The boundary and the five approval points

The workspace boundary is the line your data does not cross without your say-so. The five approval points are the only crossings:

  • Money over your cap.
  • Public claims under your company name.
  • Customer data leaving the boundary, including integrations, exports, shares, and training opt-ins.
  • Production-touching changes, including deploys, infra, billing, and security policy.
  • Audit-trail edits.

Anything that would cross one of these lines stops and waits for you. Everything that stays inside the boundary runs on its own.

Connecting a tool

When a mission needs a real integration, you grant it explicitly and scope it as tightly as the tool allows. Prefer read-only where read-only is enough. Prefer a single workspace or project over account-wide access. The narrower the grant, the smaller the blast radius if anything ever goes wrong.

Keeping access tight

  • Grant the minimum. Connect only the tools a mission actually needs, and only at the scope it needs.
  • Use the Security and Infra department. Ask it to inventory every key, set a rotation schedule, and revoke stale or over-scoped credentials. A smaller, named blast radius is the goal.
  • Review access periodically. The PII flow map shows everywhere customer data lands so you can review who and what can reach it.
  • Tune your money caps. Lower caps mean more decisions route to you. Higher caps mean more autonomy. Set them where you are comfortable and adjust as trust builds.

Revoking access

You can disconnect any integration at any time. Because access was granted deliberately and tracked in the evidence trail, removing it is straightforward and the change is recorded. If a key is ever exposed, revoke first and rotate, then let Security and Infra confirm nothing stale remains.

A simple monthly habit

Once a month, ask Security and Infra for a one-page access review: what is connected, at what scope, last used when, and anything it recommends revoking. Five minutes of reading keeps your surface area honest as your usage grows.