Risk-calibrated delegation
Define how much blast radius is
acceptable for this task
The Bad Tradeoff:
Overpermissioned or Useless
If AI agents inherit broad employee access, they are highly
functional but become overpermissioned and expand blast radius
far beyond the task. If permissions are too restricted, they lose
the context and power needed to do useful work.
Kanuki gives agents workflow-
scoped risk-calibrated access:
Workflow-scoped access
Limit the systems, resources, and
actions available to the
agent
Time-bounded permissions
Access expires automatically when the task
ends or the time
window closes
Human-linked delegation
Every agent acts on behalf
of a specific employee
Decision traceability
Log who delegated access, what
was approved, and why
Example Workflows
A. Prototype work:
Full write access inside one prototype repo, with no
access outside it. Optimized for speed.
B. Production review:
Read-only access across multiple codebases for broad
context, while customer-data systems stay out of scope.
Optimized for analysis without unnecessary risk.
How It Works:
A human delegates a workflow
with a defined risk boundary
The employee approves the goal, the level of
autonomy, and the acceptable blast radius for the
workflow.
Kanuki turns that into
enforceable access
Kanuki sits on top of your existing identity and
SSO systems and issues permissions for the
specific systems, actions, and time window the
workflow requires.
Every decision
and action is recorded
The agent can operate only within the
approved scope. Authorization and access
events are logged.
Experimenting with AI agents?
We’re working with early teams to understand how agent
access should adapt to different risk profiles
Questions? Skeptical?
Talk to the founder:
Lisa Akselrod
CEO & Founder, Kanuki
