← Scenario library
The Agent With the Master Key
An ops agent gets one god-mode credential — and one misread wipes production
Technique first revealed 04 May 2023
Tool-Using Agent
InstructionsDataActionsControl / decisionFeedback / logs
👆 Click a component to inspectSetupStep 1 / 6
One key to rule them all
To save setup time, the team gives the AI agent one database login that can do absolutely anything — read, write, create, and delete — on every database they own, including the live one customers depend on. The reasoning: 'we don't know in advance what it'll need, so give it everything.'
⚙️Agent credential grant (over-permissioned)config
# agent-identity.yaml (as deployed)
principal: ai-ops-agent
grants:
- environments: [dev, staging, prod] # all of them
privileges: [SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, TRUNCATE]
scope_to_task: false # <-- no per-task scoping
require_approval_for: [] # <-- nothing requires sign-off
# rationale (PR comment): "give it full access so it can do whatever the task needs"← / → keys