Skip to content
Access Control
GmailOutlookGoogle Calendar

AI Agent Access Control

OWASP's Agentic AI Top 10 lists Excessive Agency (#9) and Identity & Privilege Abuse (#3) as critical risks. OAuth scopes are all-or-nothing. gmail.modify means full access. PortEden replaces those binary permissions with granular, per-agent controls.

The Problem

Giving AI agents direct access to your data is risky. Here's what can go wrong.

All-or-Nothing OAuth Scopes

Gmail's gmail.modify and Microsoft's Mail.ReadWrite are binary: full access or none, with no per-sender or per-action granularity.

Every Agent Gets the Same Access

Claude summarizing newsletters and ChatGPT managing your calendar both get identical broad permissions with no per-agent differentiation.

No Principle of Least Privilege

Standard OAuth has no mechanism for least-privilege email or calendar access, so every agent gets maximum permissions by default.

How PortEden Protects You

Six layers of security between AI agents and your data.

Per-Agent Rules

Each agent gets its own permission set: Claude read-only, ChatGPT draft-only, Copilot none, all configured and enforced independently.

Six Control Layers

Visibility, contact rules, action limits, time windows, account scope, and data reduction, all configurable per agent.

Instant Revocation

One click disables a compromised agent's access without affecting other agents or requiring OAuth token revocation.

Full Audit Trail

Per-agent, per-request logging shows exactly what was requested, returned, and blocked.

Get Started in 3 Steps

1

Install the CLI

Install PortEden CLI and connect your email and calendar accounts via secure OAuth.

2

Define Per-Agent Rules

Configure visibility, contact rules, action limits, time windows, and data reduction per agent.

3

Enforce Least Privilege

Point each agent to PortEden and every request is filtered through that agent's specific rules with full audit logging.

Without vs. With PortEden

Without PortEden

  • OAuth scopes are binary, either full read/write/send/delete or nothing
  • Every AI agent gets the same broad permissions regardless of task
  • No per-agent access differentiation exists in Gmail or Outlook OAuth
  • Revoking one agent's access means revoking the OAuth token for all agents
  • No audit trail showing what each individual agent accessed

With PortEden

  • Granular, per-agent permissions replace all-or-nothing OAuth scopes
  • Claude, ChatGPT, and Copilot each get exactly the access they need
  • Six control layers enforce true least-privilege access
  • One-click revocation per agent without affecting others
  • Per-agent, per-request audit logs for complete access visibility

Related Solutions

Frequently Asked Questions

Why can't I just use OAuth scopes to control AI agent access?
OAuth scopes like gmail.modify and Mail.ReadWrite are binary, either full access or none. There's no OAuth scope for 'read from this sender only' or 'draft but don't send.' PortEden adds the granular layer that OAuth was never designed to provide, letting you set per-agent, per-action, per-contact rules.
Can I give Claude and ChatGPT different levels of email access?
Yes. PortEden supports per-agent rules. Claude can get read-only access to the last 7 days of email, while ChatGPT gets draft-only access to calendar events, and Copilot gets no access at all. Each agent has its own independent permission set.
What is 'Excessive Agency' in the OWASP Agentic AI Top 10?
OWASP Agentic AI Top 10 #9 (Excessive Agency) describes the risk of AI agents having more permissions than they need. Standard OAuth has no mechanism for least-privilege email access, so agents get the same broad permissions regardless of their actual task. PortEden enforces least privilege by letting you define exactly what each agent can do.
How quickly can I revoke an AI agent's access?
One click. If an agent is compromised or misbehaving, you can instantly disable its access without affecting other agents. There's no need to revoke OAuth tokens (which would disconnect all agents) or reconfigure your entire integration.
Does PortEden support the principle of least privilege for AI agents?
Yes, that's the core design principle. PortEden provides six control layers (visibility, contact rules, action limits, time windows, account scope, and data reduction) that let you give each agent exactly the permissions it needs and nothing more. This is the least-privilege model that OWASP recommends but OAuth can't deliver.

Ready to secure your data?

Set up PortEden in under 5 minutes. Free tier available.

Read the Docs