Capability Scoping
Capability scoping means limiting what an actor — especially an AI agent — is allowed to do to a specific, named set of tools and permissions, instead of granting broad or default access that gets restricted after the fact.
Broad-by-default access is the easiest thing to build and the hardest thing to secure: it's simple to give an agent a general-purpose API key and let it call whatever it needs, but it means the agent can also do things nobody explicitly authorized, and finding out what it's capable of requires reading its code rather than reading its permissions.
Capability scoping inverts that: an agent gets a named allow-list of tools and data it can touch, and nothing else exists for it to accidentally (or maliciously, if compromised) use. A useful mental model is a ladder of increasing risk — read-only access, then drafting content nobody sees until reviewed, then low-risk writes within a budget, then consequential writes that require a human to approve before they execute. An agent's scope determines which rungs it's allowed on.
This matters more for agents than for traditional software because agents are given goals, not fixed instructions — they choose their own path to an outcome, which means the blast radius of a mistake or a prompt-injection attack is exactly whatever scope they were granted. Narrow scope isn't a limitation on capability; it's the thing that makes broad deployment of agents survivable.
Capability Scoping, in the product
Every aanty agent gets a typed tool allow-list per agent per channel, drawn from a four-step capability ladder: read-only, draft, low-risk write, and consequential write — the last of which requires a mandatory human approval message before it executes. Scope is set at agent-build time, not discovered by watching what the agent does.
Related terms and pages
See Capability Scoping in a real workspace
Bring a channel from wherever your team works today. In fifteen minutes we'll show what capability scoping looks like on a real conversation, not a slide.