Agentic Consent Explained: How AI Agents Act Safely and Responsibly

Added: 2026-05-10

[00:00:00]Howdy everyone. We've been talking a lot about how to use AI agents, but agents just don't generate output. They execute actions. And we need to take into consideration what actions should be allowed on our behalf. Agentic consent defines who delegated the authority, what actions are permitted, and the scope and lifetime of that delegation.

[00:00:24]In this video, we'll explain why agentic consent matters and why it's essential for scaling AI responsibly.

[00:00:33]To begin with, let's start with definitions.

[00:00:37]First, let's talk let's start with a definition of consent. Just general consent.

[00:00:45]This is basically consent occurs when one person voluntarily agrees to the proposal desire of someone else. And so you really are thinking that about you've got a couple of people that are talking about some action something they want to do. Now there can be express consent which is unmistakably stated what's going to happen. So, I could talk to somebody and say, "Can I borrow your car?" And they can say, "Yes, you can borrow my car, but only go to the store and you have to be back with an hour." And then I consent by saying, "Yes, I agree to those conditions." Implied consent is really more through action. So, if I am driving to the store and I park and there's a sign out front that says that this property is under video surveillance, if I walk in, I have not done an explicit action, but by walking in, I implicitly say I understand that video is happening and therefore I give my consent. So, that's what we think of when we really start talking about just the base definition of consent. Now let's talk about in terms of what this means with the definition of IT consent.

[00:02:05]Now this when we're talking about IT consent it is explicit informed voluntary action by a person for an organization to collect process or use information about them. So I have to tell that organization that I give the consent to do this and it requires a clear affirmative action. So let's kind of look at this a little bit. So let's say this is me. This is a user and I have some application that I'm interacting with and somewhere over here I've got data that is part of the organization and I may have some processes that are run. Now what happens is that I am going to say that I give this permission to collect and do some sort of action and I do this through there can be an accept button there can be a checkbox if I'm at an application for an organization they'll present me with what they need consent for what they're going to collect what they're going to do what actions they're going to take and I can say yes check that box or press the accept button now I and also be very specific about what I'm going to allow it to happen or what consent specifically I'm going to give. If you have cookies, you get cookies that pop up under privacy laws that say that they're going to collect information about me to give to marketing to reach out to me. So that's a very specific action that I am giving consent to and that all happens within an IT system. So let's think about then in an agentic system what does consent mean when we start looking at an agentic system. So let's talk about aentic consent.

[00:04:00]When we're talking about this there really is no there's no static permissions being given. There's no click wrap agreements where you've got a checkbox or an accept. You really have to start looking at what's happening within the agentic system. And this must take into consideration that the environment can change the decision makingaking can change that it is no longer a a static environment that as an agentic system is reasoning about what's happening. It needs to start looking at am I changing the scope of the work that I'm going to do. So let's let's actually add in our agentic system. So let's say we have an agent and we have some MCP server. And so these things are all going to talk. We have a user. It's going to talk to the system. It's going to talk to an agent. An agent is then going to figure out, you know, what do I need to do from the prompt to take some sort of action. And the fact that agents can operate autonomously and change their actions means that the original permission that I gave it may be different as it changes scope. So we have to take these things into account.

[00:05:12]So when we think about an agentic consent environment, what are the things that are really different from what we've traditionally looked at and what do we need to consider? Well, the first thing is that we need to make sure that it is context aware and dynamic.

[00:05:35]And this is really about what I was just saying. We have to know that there is a context that an agentic system is operating. It's what I want to have accomplished and how the intelligence system will look at that and try to execute on that action. And it's dynamic. It's it can possibly change.

[00:05:53]And this is really leading to the next point. We have to be able to handle changing scenarios.

[00:06:05]So what does this look like? public. So we have a user we've given some base permission in the system but now this application may actually call call this agent but it also may call another agent that gets involved in this and it goes off and handles some other action. Maybe it handles processes and so by the nature of agentic and its non-deterministic nature, it's always in a dynamic changing environment and consent needs to be able to keep up with that type of environment. Now when we think about this, one thing we need to make sure is that identity is a control.

[00:06:50]In other words, when we look at our agentic system, we have some sort of an identity governance administration going on here. We have IDPs and these can tell who the user is.

[00:07:03]It can authenticate agents. It can know what they're trying to do. We can predefine what they're allowed to do.

[00:07:10]And we govern we govern this through identity. And also if we know the identities and we define what actions are available, this actually allows us to be cryptographically verified.

[00:07:26]So we can trust when things are happening in a dynamic environment based on context that if we know identities, we know actions, we can actually verify that we can show and we can have observability around us to know that we actually are allowing certain actions to happen. The last kind of thing that we really want to think about when we're doing this is we want the agent to act with us and not instead of us.

[00:08:03]All right. So, how do we actually do this? How do we actually meet these goals in an agentic system and provide for consent? Well, as we talked about, we start with permissions. That's what we know how to do in a traditional agentic system. Now, what we want to do is start saying that we want more granular permissions.

[00:08:30]So yes, I give permission for an agent to work on my email, but I only want to let it read my email and it cannot send email and it cannot delete email. So I can get much more fine grained with how that works there. The other thing that I can do is make these timerestrained and transaction based access.

[00:09:01]In other words, when I'm giving permission and I'm looking at more granular ways to do this, I want it to only be for a very narrow amount of time. I ideally don't want my permissions to last for a long time and only for the transaction that's happening. If if I ask and do a prompt to get some sort of information or take some sort of action and it decides the agentic system decides how to how to work on that. I only want the permission to be for that transaction for that actual instance. The next thing that happens when we get back to changing scenarios and dynamic, the next time it tries to do something, I want to make sure that I have the permissions set up for that transaction. All right, so that seems pretty easy to do. Okay, we do this, but how do we really implement this in a system like this? Well, when we have identities and we have governance, we can actually put policies in here that start identifying what it is. What are the time constraints? What are how do I do it for transactions?

[00:10:02]what are the granular permissions that I want to derive from and so I can input in my my governance policies that will actually start implementing this. Now the next thing we really kind of want to start thinking about then is just in time prompting.

[00:10:25]So what does this mean? All right, so we have our system. it's working on things, but now our agents decide that it wants to get access to something. Maybe it's it's really um sensitive. It's financial information or it's very personal information. There's certain things that I want to make sure that it is asking for my consent. So, I want the agents to actually just in time prompt me if they are allowed. This this could also happen if it comes to trying to take some action and there are no policies yet for how to handle that. It needs to come back to me and ask me for consent. We don't want this all the time but there are scenarios where we want this happen.

[00:11:07]So this is where in our governance process we put the human in the loop. So agent finds something either policy based or no policies that needs to ask me the human loop. The governance system then can now through a variety of mechanisms come back to me as the user and say how do you want to handle this scenario and I can give my consent and then that consent can drive it can be recorded and it can also create new policies so in the future it knows how to handle that. So I give my consent. So as we think about this, this is how we really want to look at policies and consent within an agenting system to handle this more dynamic environment. So the other thing we have to take into consideration is we're starting to see compliance things come out around consent that we have to take into consideration. One of these is transparency.

[00:12:05]And this really says is does this user have visibility to the policies? Does it have visibility to what consent has been given? Does it have visibility to where its information is happening? So really it builds off privacy rules and laws, but it's really about consent. Does a user have visibility to consent and how that's being stored? The next thing is revoke ability.

[00:12:33]In other words, do I have the ability once pol you know once a consent has been established to define if it's a very long live consent or you know longer than just one time can I have visibility to that and can I revoke that consent at any point can I change the consent that I've given and then the final thing is personalization which is really about how much control do I have over what type of information I can control in this environment? In other words, there could be a thing where I I allow access to data and data that I own, but I do not ever want to give access to a very specific area or folder or drive of data. And that gets into personalization. This helps us apply consent and get it into a compliance posture.

[00:13:29]All right. So as a review, a gente consent is not a one-time or static approval or clicking a checkbox. It's a living contract between humans and machines grounded in identity, intent, and the context of what's happening. It ensures agents act with us and not instead of us, preserving trust, safety, and governance as autonomy scales. Thank you.