# Least Privilege Principle The Least Privilege Principle (POLP) is a security concept requiring that users, applications, and systems have access only to the resources strictly necessary for their legitimate purpose. Nothing more. By minimizing access rights, organizations reduce their attack surface, contain potential breaches, and limit the damage an attacker (or compromised account) can cause. This principle is foundational to [[Zero Trust Security]] and helps mitigate risks like the [[Lethal Trifecta for AI Agents]]. If an AI agent doesn't have access to private data or external communication capabilities it doesn't need, exploitation becomes harder. A common challenge is "privilege creep," where permissions accumulate over time without being revoked. ## References - Wikipedia: https://en.wikipedia.org/wiki/Principle_of_least_privilege - CrowdStrike: https://www.crowdstrike.com/en-us/cybersecurity-101/identity-protection/principle-of-least-privilege-polp/ ## Related - [[Lethal Trifecta for AI Agents]] - [[Zero Trust Security]]