Kamiwaza Introduces Relationship-Based Access Control (ReBAC) to Secure Autonomous AI Agents in Enterprise

Summary

Kamiwaza has published a whitepaper addressing a critical security challenge in enterprise AI: governing inference risk posed by autonomous agents operating at machine speed across vast data repositories. Traditional role-based access control (RBAC) and attribute-based access control (ABAC) systems were designed for human-speed access patterns and fail to prevent the "mosaic effect," where autonomous agents synthesize meaning from individually-permitted data fragments to derive restricted conclusions without accessing restricted files directly. The company introduces Relationship-Based Access Control (ReBAC) as an architectural solution that governs access through real enterprise relationships—such as team, project, workspace, and data domain—rather than roles or isolated attributes alone. Kamiwaza's enforcement mechanism applies pre-retrieval controls to prevent sensitive information and relational context from ever entering an agent's working context, fundamentally shifting enterprise security from governing access to governing inference.

• Pre-retrieval enforcement prevents sensitive information from entering an agent's working context, reducing inference risk in retrieval-augmented generation workflows

Editorial Opinion

The shift from role-based to relationship-based governance represents an important architectural evolution as enterprises deploy truly autonomous AI systems. Kamiwaza's framing of the inference problem is particularly insightful—the mosaic effect is a real and often overlooked vulnerability in LLM-powered workflows where pattern recognition capabilities far exceed traditional data access expectations. However, the whitepaper's value depends on whether ReBAC can scale to the complexity of modern enterprise data ecosystems while remaining operationally maintainable.