Abstract
As AI agents become increasingly autonomous and capable of executing complex tasks across distributed systems, traditional role-based access control (RBAC) models have proven insufficient in managing their dynamic permission requirements. We propose a novel Just-In-Time (JIT) permission framework that grants AI agents temporary task-specific credentials with automatic expiration, analogous to human employee permission models but adapted for the unique challenges of autonomous agent operations. Our framework integrates with data pipeline architectures to provide fine-grained access control while maintaining operational efficiency. Through experiments in simulated enterprise environments with 1,247 data resources using task patterns derived from three public datasets, we reduced average permission exposure from 8,640 to 12.5 minutes and blocked 994 of 1,000 simulated attacks, while adding only 1.4% (12 ms average) performance overhead. We validate our approach using the MITRE ATT&CK framework and provide an open-source implementation for reproducibility.