← Back to Insights
Air traffic controller, trusting bad data
AI & Data Engineering

Zero Permissions Won't Matter If the Data Underneath Is Wrong

Why automated agentic security depends on data foundations nobody puts on a slide
AI & Data Engineering 4 min read July 7, 2026 Duczer East Insights

Every AI agent an enterprise deploys is a non-human identity that can take real action — and most organizations are about to have far more of them than they have ever had human employees. That one fact breaks the security model most companies still run on.

Periodic access reviews assume permissions change at human speed. But the sharper problem isn't the grants — it's what happens inside them. A model update can change what an agent actually does with the access it already holds, in an afternoon, with no ticket and no reviewer — and no permission review would ever catch it, because nothing in the entitlement changed. Add tool integrations and delegated scopes that extend an agent's reach without touching a review cycle, and static asset inventories don't survive contact either. The question auditors and boards are moving toward isn't whether agents exist — it's whether the security function can show, at any given moment, which non-human identities are live, what each can reach, what each is exercising, and why.

Zero Permissions and the Platform Bet

ServiceNow put down a marker on this at Knowledge 2026 with Autonomous Security & Risk, built on its Armis and Veza acquisitions: agentless asset intelligence tracking more than 6.5 billion connected assets, and an access graph mapping permissions across human, machine, and AI identities in one place. John Aisien, ServiceNow's security and risk lead, offered a phrase for where this goes — that zero permissions may become to the agentic world what zero trust became for the cloud. The idea has roots in zero standing privileges, a concept the PAM world has carried for years; what's new is a population that finally makes it urgent. And the instinct is right. Detection, response, identity, and asset visibility have always lived in separate stacks, and the seams between them are where attackers work. Collapsing them into a single picture is the correct ambition.

Where Automation Meets Data Quality

But here's the part the platform story tends to skip. The whole model leans on automated response — when permissions drift, a re-scoping workflow fires on its own. Automation like that doesn't just inherit the quality of the data beneath it; it amplifies it. A remediation firing on a current, accurate picture closes a gap before anyone notices. The same remediation firing on a stale one takes confident, authoritative action on a world that no longer exists — at machine speed, across thousands of identities, while the dashboard reports green. Automated control on bad data isn't neutral. It manufactures false confidence, and false confidence is worse than a gap you know you have.

The Hidden Lag in the Access Graph

And staleness doesn't live where the platform pitch suggests. The collectors are continuous — that's the whole point of agentless monitoring. The graph, though, is only as current as the source systems it ingests from: the HR system that hasn't processed the offboarding, the entitlement store nobody reconciled, the CMDB record that drifted from the estate it describes. The permission map inherits every one of those lags and presents them as ground truth. So the real dividing line in agentic security isn't which platform maps the most permissions. It's whether the enterprise data estate feeding that map stays current enough that acting on it is safe — and whether, when an auditor asks how an agent came to hold the access it had six weeks ago, the history exists to answer. That's a data-foundation problem: freshness, lineage, and the ability to reconcile a constantly moving estate against a governed record. The permission map is the visible artifact. What keeps it honest is the plumbing nobody puts on a slide.

“Automated control on bad data isn't neutral — it manufactures false confidence, and false confidence is worse than a gap you know you have.”

The agent population is growing, and the permissions attached to it accumulate whether or not anyone is watching the seams. The organizations that treat this as an architecture decision — before an incident or an examiner forces the question — are the ones that will be able to answer it when it's finally asked.

Would you like to discuss zero permissions and agentic identity?

Duczer East maintains deep expertise in ServiceNow, Zero Permissions and Data — the architecture decisions that keep automated security honest when the estate underneath is constantly moving.

Prefer email? info@duceast.com
Duczer East — Where Data Engineering Meets Agentic AI

The Practitioner's Briefing

Senior-level insights on agentic AI, data engineering, and enterprise integration — delivered to your inbox.