Enforce least-privilege in multi-agent AI chains
🔒 This post describes a reference implementation using Cedar on AWS to prevent silent privilege escalation in multi-agent AI delegation chains. It outlines a three-layer policy model—agent-to-tool, agent-to-agent delegation, and originating user authorization—using verified token claims and HMAC-signed context. The architecture uses an MCP adapter Lambda and a Cedar evaluator Lambda to enforce policies sequentially and halt on the first deny. It includes schema, entity registrations, policy examples, deployment steps, and end-to-end test scenarios demonstrating how the model enforces least privilege.
