[2601.23157] No More, No Less: Least-Privilege Language Models

Computer Science > Cryptography and Security arXiv:2601.23157 (cs) [Submitted on 30 Jan 2026 (v1), last revised 4 Mar 2026 (this version, v2)] Title:No More, No Less: Least-Privilege Language Models Authors:Paulius Rauba, Dominykas Seputis, Patrikas Vanagas, Mihaela van der Schaar View a PDF of the paper titled No More, No Less: Least-Privilege Language Models, by Paulius Rauba and 3 other authors View PDF HTML (experimental) Abstract:Least privilege is a core security principle: grant each request only the minimum access needed to achieve its goal. Deployed language models almost never follow it, instead being exposed through a single API endpoint that serves all users and requests. This gap exists not because least privilege would be unhelpful; deployments would benefit greatly from reducing unnecessary capability exposure. The real obstacle is definitional and mechanistic: what does "access" mean inside a language model, and how can we enforce it without retraining or deploying multiple models? We take inspiration from least privilege in computer systems and define a class of models called least-privilege language models, where privilege is reachable internal computation during the forward pass. In this view, lowering privilege literally shrinks the model's accessible function class, as opposed to denying access via learned policies. We formalize deployment-time control as a monitor-allocator-enforcer stack, separating (i) request-time signals, (ii) a decision rule that...