The security principle of granting only the minimum permissions necessary for an actor (user, service, or agent) to perform its task. In agentic and tool-enabled systems, least-privilege permissioning and scoped tool access are common controls to reduce the impact of errors, abuse, or prompt injection.