Redefining Access Control: Scaling Policy as Code for Humans and AI Agents - Raz Cohen, Permit.io
Raz Cohen, Permit.io
KubeCon + CloudNativeCon Europe 2025 · Session
In an era witnessing the rapid proliferation of AI-driven products and an increasing reliance on Large Language Models (LLMs), the discourse around security and control has intensified. This talk by Raz Cohen from Permit.io, delivered at KubeCon EU, addresses the critical and evolving challenge of **access control** for not just human users, but also for increasingly autonomous **AI agents**. Cohen highlights a significant shift observed at KubeCon, moving from mere AI-powered chatbots to fully AI-driven products where developers are increasingly writing prompts rather than traditional code or YAML configurations. This transformation, while promising immense innovation, introduces complex security vulnerabilities that traditional access control mechanisms are ill-equipped to handle.
AI review
Raz Cohen's talk effectively addresses the critical and immediate challenge of securing AI agents through a comprehensive 'Four Perimeter Framework.' It highlights the inadequacy of traditional access control for dynamic AI interactions and proposes a layered, fine-grained authorization approach from prompt filtering to response enforcement. While presented by a vendor, the framework provides actionable, technically grounded strategies for mitigating pervasive AI security risks like prompt injection and data leakage, making it highly relevant for anyone deploying or defending AI systems.