How MandateZ Fixes ASI-02: Insufficient Authorization
What Is the Risk?
Insufficient Authorization happens when an AI agent can perform actions without proper permission checks. The agent may inherit the user’s full session token, bypass role-based access controls, or escalate privileges by chaining tool calls — all without any authorization layer verifying whether that specific agent should be allowed to act. Most agent frameworks today have zero authorization enforcement at the agent level.How MandateZ Mitigates It
MandateZ adds a dedicated authorization layer between the agent and every resource it touches.Policy-Based Access Control
Every action an agent attempts is evaluated against its assigned policy before execution. Policies are explicit rules — not prompt instructions an LLM can ignore.Cryptographic Agent Identity
Each agent gets its own Ed25519 keypair. Actions are signed with the agent’s private key, making it impossible for one agent to impersonate another or act without a verifiable identity.Row-Level Security
On the data layer, Supabase RLS ensures each owner only sees their own agents and events. There is no API endpoint that returns cross-tenant data.Get Started
Set up MandateZ in under 5 minutes and add real authorization to your agents.