← Back to glossary
Glossary

Principle of Least Authority (POLA)

Reviewed 9 April 2026 Canonical definition

The principle of least authority states that every component in a system — including every AI agent — should be granted only the minimum authority needed to perform its specific function, and no more. It is a stricter formulation of least privilege that focuses on capability grants rather than just read/write permissions. Applying POLA to agents means scoping credentials to individual tasks, using ephemeral tokens, and revoking access immediately when a task completes.

Related articles

MCP Best Practices for MCP Audit Compliance MCP How MCP Secures Agent Authentication MCP How MCP Secures Agent Authentication Compliance

Related terms

Policy-as-CodePost-Market MonitoringPre-TrainingPrivacy by Design (AI)Privilege EscalationPrivileged Access Management (PAM) for AI