The principle of least privilege dictates that agents receive only the minimum permissions needed to complete their assigned task, nothing more. This principle is foundational for agentic systems because agents are inherently unpredictable: a well-designed agent can still be manipulated through prompt injection, make reasoning errors, or hit unexpected edge cases that lead to unintended actions.