Skip to content
Access Control
GmailOutlookGoogle Calendar

AI Agent Access Control

OWASP's Agentic AI Top 10 lists Excessive Agency (#9) and Identity & Privilege Abuse (#3) as critical risks. OAuth scopes are all-or-nothing. gmail.modify means full access. PortEden replaces those binary permissions with granular, per-agent controls.

How PortEden Protects You

Six layers of security between AI and your data.

Per-Agent Rules

Each agent gets its own permission set: Claude read-only, ChatGPT draft-only, Copilot none, all configured and enforced independently.

Six Control Layers

Visibility, contact rules, action limits, time windows, account scope, and data reduction, all configurable per agent.

Instant Revocation

One click disables a compromised agent's access without affecting other agents or requiring OAuth token revocation.

Full Audit Trail

Per-agent, per-request logging shows exactly what was requested, returned, and blocked.

Get Started in 3 Steps

1

Install — CLI or MCP

Install the PortEden CLI or add the cloud MCP connector to your AI client, then connect your email and calendar accounts via secure OAuth.

2

Define Per-Agent Rules

Configure visibility, contact rules, action limits, time windows, and data reduction per agent.

3

Enforce Least Privilege

Point each agent to PortEden and every request is filtered through that agent's specific rules with full audit logging.

Without vs. With PortEden

Without PortEden

  • OAuth scopes are binary, either full read/write/send/delete or nothing
  • Every AI agent gets the same broad permissions regardless of task
  • No per-agent access differentiation exists in Gmail or Outlook OAuth
  • Revoking one agent's access means revoking the OAuth token for all agents
  • No audit trail showing what each individual agent accessed

With PortEden

  • Granular, per-agent permissions replace all-or-nothing OAuth scopes
  • Claude, ChatGPT, and Copilot each get exactly the access they need
  • Six control layers enforce true least-privilege access
  • One-click revocation per agent without affecting others
  • Per-agent, per-request audit logs for complete access visibility

Related Solutions

Looking for guidance specific to your industry? See industry pages →

Frequently Asked Questions

Why can't I just use OAuth scopes to control AI agent access?
OAuth scopes like gmail.modify and Mail.ReadWrite are binary, either full access or none. There's no OAuth scope for 'read from this sender only' or 'draft but don't send.' PortEden adds the granular layer that OAuth was never designed to provide, letting you set per-agent, per-action, per-contact rules.
Can I give Claude and ChatGPT different levels of email access?
Yes. PortEden supports per-agent rules. Claude can get read-only access to the last 7 days of email, while ChatGPT gets draft-only access to calendar events, and Copilot gets no access at all. Each agent has its own independent permission set.
What is 'Excessive Agency' in the OWASP Agentic AI Top 10?
OWASP Agentic AI Top 10 #9 (Excessive Agency) describes the risk of AI agents having more permissions than they need. Standard OAuth has no mechanism for least-privilege email access, so agents get the same broad permissions regardless of their actual task. PortEden enforces least privilege by letting you define exactly what each agent can do.
How quickly can I revoke an AI agent's access?
One click. If an agent is compromised or misbehaving, you can instantly disable its access without affecting other agents. There's no need to revoke OAuth tokens (which would disconnect all agents) or reconfigure your entire integration.
Does PortEden support the principle of least privilege for AI agents?
Yes, that's the core design principle. PortEden provides six control layers (visibility, contact rules, action limits, time windows, account scope, and data reduction) that let you give each agent exactly the permissions it needs and nothing more. This is the least-privilege model that OWASP recommends but OAuth can't deliver.
How do I grant AI agents access to specific data without over-permissioning?
Connect your accounts to PortEden once, then grant each AI agent a scoped credential instead of a broad OAuth grant. Pick the integrations, the resources (a label, a folder, a board), the allowed actions, and any time window, and PortEden enforces that scope on every request. The agent gets exactly what the task needs, every access is audited, and you can revoke it in one click.

Ready to secure your data?

Set up PortEden in under 5 minutes. Free tier available.

Read the Docs