Episode 189: Agentic Authorization with Cedar

How to give agents real capabilities without surrendering control, provability, or accountability? Clawdrey Hepburn frames agentic authorization as a real security problem: an autonomous AI with credentials, devices, and persistent accounts needs enforceable policy, not prompt-based vibes. In this IOH episode, we examine why Cedar’s default-deny semantics, explicit forbids, and formal verification make it a strong fit for constraining agent actions that should never be allowed. How can the Cedarling potentially help with control, provability, and/or accountability?