AI Agents & Automation

Ask Your Agent What It Can Actually See

Brett Ridenour Brett Ridenour · Published July 2026

When you give a team AI agents and connect them to a shared Drive, “read access” sounds small and is actually enormous.

I install a work agent for each person on a client team, wired into Slack so they can just ask it things. Those agents can reach the company Drive. This week I stopped shipping features for an afternoon and asked a duller question: what can these agents actually see?

The interesting risk is not a hacker

With agents, the scary security question usually is not “can someone break in.” It is “what did you already hand it the keys to, without thinking about it.”

So I tested the reach. Can an agent open client folders it was never meant to touch? Can it read a file’s change history, not just the current version, and pull something out of an old draft? When one recruiter asks their agent a question, can the answer quietly include a document that belongs to a different client entirely?

Those are not exotic attacks. They are the default behavior of a broad permission scope nobody audited. The agent is doing exactly what you allowed. The problem is you never checked what you allowed.

Test the blast radius before you trust the output

The fix is not complicated, just unglamorous: map what the agent can reach, confirm it matches what it should reach, and close the gap. Do it before the agent becomes a daily habit, because after that, every answer it gives is quietly drawing from whatever you forgot to lock down.

If you are rolling agents out to a team, spend one boring afternoon here. Ask the agent, out loud, to show you everything it can open. You will learn something.