Loading...
๐ค
Privilege Compromise Mitigation Pattern(PCM)
Prevents privilege escalation and unauthorized operations through strict access control
Complexity: highSecurity & Privacy Patterns
๐ฏ 30-Second Overview
Pattern: Prevents privilege escalation through RBAC, identity separation, and dynamic de-escalation
Why: Agent privilege inheritance enables lateral movement; strict boundaries prevent compromise
Key Insight: Separate identity + least privilege + time limits + zero trust = secure operations
โก Quick Implementation
1Separate Identity:Agent identity โ user identity
2Apply RBAC:Role-based permissions, not user-based
3Least Privilege:Minimal permissions for each operation
4Dynamic De-escalation:Reduce privileges based on context
5Zero Trust:Verify every action, trust nothing
Example: identity_separation โ role_assignment โ permission_check โ context_evaluation โ access_decision
๐ Do's & Don'ts
โ
Implement strict identity separation between agents and users
โ
Use time-based privilege expiration and renewal
โ
Apply context-aware permission boundaries
โ
Monitor privilege usage patterns for anomalies
โ
Require multi-factor approval for high-value operations
โLet agents inherit full user privileges automatically
โGrant permanent elevated permissions
โSkip privilege checks for "trusted" operations
โAllow privilege accumulation over time
โIgnore unusual privilege escalation patterns
๐ฆ When to Use
Use When
- โข Enterprise AI deployments
- โข Multi-user platforms
- โข Sensitive data access
- โข Compliance-regulated systems
Avoid When
- โข Single-user local systems
- โข Read-only applications
- โข Isolated environments
- โข Non-privileged operations only
๐ Key Metrics
Escalation Attempts
Unauthorized privilege requests/day
Privilege Lifetime
Average minutes before de-escalation
Approval Rate
% high-risk operations approved
Identity Violations
Agent impersonation attempts
Compliance Score
% operations within policy
Audit Trail
Complete privilege history coverage
๐ก Top Use Cases
Financial Systems: Prevent unauthorized trades, transfers, or account access
Healthcare AI: Ensure PHI access follows minimum necessary principle
Enterprise Automation: Control system administration without full admin rights
Government AI: Maintain clearance levels and need-to-know restrictions
Cloud Platforms: Prevent lateral movement and resource abuse in multi-tenant systems
References & Further Reading
Deepen your understanding with these curated resources
Contribute to this collection
Know a great resource? Submit a pull request to add it.
๐ค
Privilege Compromise Mitigation Pattern(PCM)
Prevents privilege escalation and unauthorized operations through strict access control
Complexity: highSecurity & Privacy Patterns
๐ฏ 30-Second Overview
Pattern: Prevents privilege escalation through RBAC, identity separation, and dynamic de-escalation
Why: Agent privilege inheritance enables lateral movement; strict boundaries prevent compromise
Key Insight: Separate identity + least privilege + time limits + zero trust = secure operations
โก Quick Implementation
1Separate Identity:Agent identity โ user identity
2Apply RBAC:Role-based permissions, not user-based
3Least Privilege:Minimal permissions for each operation
4Dynamic De-escalation:Reduce privileges based on context
5Zero Trust:Verify every action, trust nothing
Example: identity_separation โ role_assignment โ permission_check โ context_evaluation โ access_decision
๐ Do's & Don'ts
โ
Implement strict identity separation between agents and users
โ
Use time-based privilege expiration and renewal
โ
Apply context-aware permission boundaries
โ
Monitor privilege usage patterns for anomalies
โ
Require multi-factor approval for high-value operations
โLet agents inherit full user privileges automatically
โGrant permanent elevated permissions
โSkip privilege checks for "trusted" operations
โAllow privilege accumulation over time
โIgnore unusual privilege escalation patterns
๐ฆ When to Use
Use When
- โข Enterprise AI deployments
- โข Multi-user platforms
- โข Sensitive data access
- โข Compliance-regulated systems
Avoid When
- โข Single-user local systems
- โข Read-only applications
- โข Isolated environments
- โข Non-privileged operations only
๐ Key Metrics
Escalation Attempts
Unauthorized privilege requests/day
Privilege Lifetime
Average minutes before de-escalation
Approval Rate
% high-risk operations approved
Identity Violations
Agent impersonation attempts
Compliance Score
% operations within policy
Audit Trail
Complete privilege history coverage
๐ก Top Use Cases
Financial Systems: Prevent unauthorized trades, transfers, or account access
Healthcare AI: Ensure PHI access follows minimum necessary principle
Enterprise Automation: Control system administration without full admin rights
Government AI: Maintain clearance levels and need-to-know restrictions
Cloud Platforms: Prevent lateral movement and resource abuse in multi-tenant systems
References & Further Reading
Deepen your understanding with these curated resources
Contribute to this collection
Know a great resource? Submit a pull request to add it.