Delegated Authority — the foundation of AI security
In Trusted AI humans in control I talked about one thing that I think is utterly required is delegated authority, that is the ability of the human in control to delegate some of their rights explicitly to an AI. Delegated authority isn’t something that is well managed in most Identity and Access Management (IDAM) systems. So what would it require to have a proper approach to Delegated Authority?
The first piece we need to have is the concept of a delegated role. This is a role created by a user to enable a person or AI to take on some of their accountability for specific tasks. Creating a delegated role is an organizational construct and managing them should be considered in the same way as managing any organizational hierarchy.
These roles are created for specific business purposes, multiple AIs could be assigned to an individual role, but always within the context of that single business purpose. The individual has the ability to delete the roles at any stage, thus removing permissions
The next element is for the individual to assign a subset of their permissions to that role. Those permissions need to include:
- The systems it can access as the individual
- The data restrictions that must be applied by systems
- Any time based limitations
Then the individual has to be able to assign these to an AI (or a person), this means that for an AI it is created against a unique permissionless account, that is an account that can do literally nothing. The individual delegating the authority assigns the created role to the AI, and only then can the AI function as at every point it needs to be authenticated against that role. Thus if the user revokes the role, or they themselves lose access for some reason, for instance leaving the firm, then the AI will cease to function. We could have an AI which is given permissions by the marketing department, and in addition is granted permissions by the various data privacy controllers in various countries.
So while the overall purpose is driven by the manager, the rules on privacy are controlled by the privacy managers, this enables them to change the rules in reaction to regulations or as business demands. This means that there is the accountable human, the manager, who controls commissioning and decommissioning and the business purpose, but that core data access elements around privacy can be controlled consistently across multiple different AIs.
To be clear today this is not how IDAMs work and is not how systems work when associated with an IDAM. On data for instance most data security models are custom in each system, and often actually implemented via system accounts to the database, which is not acceptable for AI. This means that delegated authority needs us to start building solutions that assume AIs will access the data where most data systems today are built entirely, or mainly, with security purely at the human level.
