The Permission Wall

Arcade raised $60 million last week. Their product answers one question: can this agent, acting for this user, perform this action on this system? That’s it. Authorization for AI agents in production.

Same week, Ping Identity shipped runtime identity for agents across three clouds. Aembit wired agent governance into Microsoft Copilot Studio. KPMG and Microsoft announced Agent 365 for managing agents at enterprise scale. Four companies, four products, one problem.

The bottleneck keeping agents stuck in pilot is not model quality. It’s that no security team will sign off on an agent running with overprivileged service account access and no audit trail. One hallucination with admin credentials is a data breach. Everyone knows this. Most teams are deploying anyway and hoping nobody asks too hard.

The organizations moving agents into production solved this early. Not after the pilot worked — before it started. They built identity, scoped permissions, and per-action authorization into the infrastructure from day one. The ones still treating agents like chatbots with extra steps are writing the same pilot extension memo for the third quarter in a row.

The model was ready months ago. The question was never whether agents are smart enough. It’s whether anyone can prove they’re allowed.