---
title: "AI agent permissioning — niche opportunity inside Cybersecurity"
url: https://signals.gitdealflow.com/niche-down/cybersecurity/ai-agent-permissioning
description: "Who can run which agent? What can the agent see? The IAM layer for the agent era."
source: VC Deal Flow Signal
---
# AI agent permissioning

> Who can run which agent? What can the agent see? The IAM layer for the agent era.

**Sector**: [Cybersecurity](https://signals.gitdealflow.com/niche-down/cybersecurity)  
**Build cost**: One-quarter build  
**Deal velocity**: Hot — multiple deals per month

## Why now

Agents inherit user permissions implicitly. Audit teams are starting to ask for explicit policy boundaries.

## What the signal looks like

Repos with policy DSLs, OAuth / OIDC adapters for agents, and MCP-aware permission frameworks.

## Public examples

*Public projects + categories only — we never name founders tracked inside the paid product.*

- Cerbos / OPA-style policy engines
- MCP-aware permission frameworks
- Open-source agent IAM

## What this displaces

A wide-open API key with no policy boundary.

## Our build-vs-invest call

New category. Real demand at AI-mature enterprises. Build only with prior IAM or policy-engine background.

## Frequently asked

### Is this a feature of identity providers?

Eventually. The wedge is 18-24 months.

### Buyer?

CISO + AI platform team.

### Defensibility?

Policy DSL + agent integration ecosystem.

## Canonical

https://signals.gitdealflow.com/niche-down/cybersecurity/ai-agent-permissioning