[2603.20933] AC4A: Access Control for Agents

Computer Science > Cryptography and Security arXiv:2603.20933 (cs) [Submitted on 21 Mar 2026] Title:AC4A: Access Control for Agents Authors:Reshabh K Sharma, Dan Grossman View a PDF of the paper titled AC4A: Access Control for Agents, by Reshabh K Sharma and Dan Grossman View PDF HTML (experimental) Abstract:Large Language Model (LLM) agents combine the chat interaction capabilities of LLMs with the power to interact with external tools and APIs. This enables them to perform complex tasks and act autonomously to achieve user goals. However, current agent systems operate on an all-or-nothing basis: an agent either has full access to an API's capabilities and a web page's content, or it has no access at all. This coarse-grained approach forces users to trust agents with more capabilities than they actually need for a given task. In this paper, we introduce AC4A, an access control framework for agents. As agents become more capable and autonomous, users need a way to limit what APIs or portions of web pages these agents can access, eliminating the need to trust them with everything an API or web page allows. Our goal with AC4A is to provide a framework for defining permissions that lets agents access only the resources they are authorized to access. AC4A works across both API-based and browser-based agents. It does not prescribe what permissions should be, but offers a flexible way to define and enforce them, making it practical for real-world systems. AC4A works by creating ...