Feels like everyone’s hyping persistent identity for agents (RBAC, audit logs, provenance, etc.) as the main way to stop them going rogue or drifting.But once it’s running a long autonomous task, does a clean identity really prevent scope creep, risky shortcuts, or subtle constraint-bending? You get perfect logs after shit hits the fan, but no real “fear” or runtime friction to make it self-correct like humans do.I’ve seen drift even with tight perms. What are you all layering on top in practice? Runtime budget throttling? Deviation penalties? Or is identity + observability actually holding up fine for most stuff right now?Devs/deployers—what’s your real-world take? submitted by /u/rohynal
Originally posted by u/rohynal on r/ArtificialInteligence