Least Privilege
A security principle where AI components and users are granted only the minimal access rights necessary to perform their functions, reducing risk of misuse.
Definition
A foundational access-control policy: data-stores, model-registry, and compute environments assign roles with granular permissions (read/write/execute) scoped narrowly. Governance enforces least privilege through IAM (identity and access management) reviews, automated role audits, and just-in-time privilege elevation for emergency tasks—minimizing attack surface and insider-threat risks.
Real-World Example
An enterprise MLOps platform restricts data-scientist accounts to only training-dataset access; they must request elevated access via a ticket and manager approval to view full production logs. Automated quarterly reviews revoke unused privileges, ensuring no backdoors remain.
.svg)
