Without RBAC for Skills and MCP, your org has root access to your company (www.sleuth.io)

In a recent announcement, Dylan Etkin emphasized the critical need for role-based access control (RBAC) in AI tools utilizing multi-channel processing (MCPs) and agent skills. As companies increasingly adopt AI technologies like Claude or ChatGPT across various departments, the risk of unauthorized access to sensitive data has escalated. For example, a marketing intern could potentially access financial information simply by typing a query due to the lack of access constraints in the current architecture. This reality exposes organizations to significant security risks, as the AI's context might allow it to interface with systems that a user should not have access to, regardless of downstream security measures. The significance of Etkin's argument lies in the recognition that current AI architectures were designed primarily for individual use rather than organizational security. The absence of a centralized governance layer means that disparate permission models across different systems create vulnerabilities. Implementing RBAC at the orchestration layer, where skills and MCPs are controlled, becomes essential. This approach would enable companies to enforce strict access controls based on team roles, ensuring that sensitive data remains protected while allowing employees to leverage AI capabilities effectively. The platform skills.new aims to address this gap by providing a unified solution for managing and securing AI access across the organization, reinforcing the principle of least access in the rapidly evolving landscape of AI applications.