How to Audit Your AI Agent's Permissions in 20 Minutes

A fast, do-it-yourself audit of what your AI agents can actually touch — the questions to ask, the red flags to find, and how to shrink your blast radius today.

You do not need a security team to find out whether your AI agents are over-privileged. You need twenty minutes and the right questions. Here is the DIY audit — run it today, before you add another agent.

Step 1: List every agent and what it touches

Open a note and write one line per agent: what it does, and which services it can reach. Coding agent → GitHub, OpenAI. Research agent → web, OpenAI. Home agent → smart-home API, calendar. If you cannot remember what an agent can touch, that is your first finding.

Step 2: For each credential, answer the blast-radius question

For every key an agent holds, ask: if this leaked right now, what could someone do with it? Be specific. "Read and write every repo in my account" is a very different answer from "read one public repo." The honest answer is your blast radius — and it is almost always bigger than you expected. (If this is new to you, is it safe to give AI agents your API keys sets up why this matters.)

Step 3: Hunt the four red flags

These are the issues that turn a small mistake into a big one. Find them and you have found 90% of your risk:

Shared keys. Is the same key sitting in more than one agent? If yes, you cannot revoke one agent without breaking the others. This is credential sprawl in action.
God-scope keys. Is any key scoped to "everything" when the agent only needs one capability? An over-scoped key is a loaded gun pointed at every service it can reach.
Raw keys in files or prompts. Grep your projects for live keys in .env files, configs, or pasted into prompts. Anything in version control or chat history should be treated as already leaked.
No kill switch. For each agent, ask: "can I cut this one off in seconds, without rotating everything?" If the answer is no, you do not have revocation — you have a fire drill.

Step 4: Score it

Give yourself one point for each, per agent:

The agent has its own credential (not shared).
The credential is scoped to just what the agent needs.
The real secret is not sitting in a file, prompt, or chat.
You can revoke this one agent in seconds.
You can see what the agent did (audit trail).

Five out of five per agent and you are in good shape. Anything less is a to-do list.

Step 5: Fix the highest-leverage thing first

You do not have to fix everything at once. In order of impact:

Stop sharing keys. Give each agent its own credential. This alone restores per-agent control.
Scope down. Replace god-keys with capability-scoped ones. See how to store API keys for AI agents safely.
Get the raw secret out of the agent entirely. The cleanest fix is a credential broker, so the agent never holds the real key at all.

Agent Master Key collapses most of this checklist into its default: each agent gets its own scoped, revocable Master Key from a broker on your own Mac, your real keys never leave the machine, and revocation is one click. It is the fastest way to turn a failing scorecard into a passing one.

Bottom line

An agent audit is not a big project — it is a twenty-minute habit. List your agents, ask the blast-radius question, hunt the four red flags, score it, and fix the worst thing first. Do it once and you will never look at "just paste the key in" the same way again.

If you would rather have an expert run this against your setup and hand you the prioritized fixes, that is exactly what the $99 AI Agent Security & Setup Audit delivers.