Comment by DesoPK

You're right. Players are in a sandbox and they only have access to what they have been given rights to. The game analogy isn’t about confidential material, it’s about adversarial incentives under fixed mechanics. In games you don’t rely on “good behavior” because players will explore every edge the rules allow.

In agentic systems, the agent often has privileged material by design (API keys, local files, browser cookies, tokens, credentials, docs) plus high-leverage actions (shell, package manager, cloud control planes). That combination is exactly why ambient authority without hard boundaries is dangerous.

The point is threat modeling: "don’t rely on intent, rely on boundaries." The paper argues for reduce-only, fast-revocable authority at a real enforcement boundary, not userland wrappers.