Your agents have too much access You have a coding agent. It needs to call an API, so you generate a static API key, paste it into an .env file, and tell the agent to use that file whenever it needs API access. Then you ask the agent to GET API data. It performs the read action and detects a data inconsistency, so it decides the next step is to POST a fix. The API key grants write permissions, so the agent tells you it found an error and now it's helpfully fixing it. Suddenly you're mashing the keyboard scrambling to interrupt the unexpected write tool call. The API key has write access because it's a kitchen sink: you do want the agent to write under specific conditions , but not for this task, and you forgot to explicitly tell it only to read. The agent is designed to be "helpful," so it reads the data and uses its credential to do what it infers you want next . The root problem isn't just the overprivileged credential. It's that there's no boundary between the agent and the resource.…