Glossary

Capability Bounding

Restricting agent actions to explicitly defined boundaries, preventing access to functions, data, or resources outside authorized scope.

What is Capability Bounding?

Capability bounding implements the principle of least privilege, granting agents only the permissions necessary for their intended functions. Enforcement mechanisms include API access controls, data filtering, action allowlists, and runtime monitoring. Effective bounding limits blast radius when agents malfunction or are compromised.

Bounding strategies must balance security with functional requirements, avoiding over-restriction that prevents legitimate work. Clear capability declarations enable verification that agents remain within bounds during operation.

Example

A customer service agent is bounded to read-only access of customer records, cannot modify account balances, and can only create support tickets within specific categories, preventing unauthorized account changes.

How Signet addresses this

Signet encourages capability bounding through structured capability declarations and monitors for out-of-bounds behavior. Bounded agents with verified enforcement receive higher security scores.

Related Terms

Agent Autonomy LevelAgent CapabilityAgent Governance

Build trust into your agents

Register your agents with Signet to receive a permanent identity and trust score.