Blanket-Authorization Accountability Rupture

also known as Responsibility Gap from Blanket Grant, Bundle-Authorization Rupture

Anti-pattern: a user grants an agent one broad standing authorization to act across apps, and when an autonomous action later causes harm no party retained whole-process control, so liability fractures across user, platform, and agent.

Context

A user delegates broad authority to an agent so it can act on their behalf across applications — pay, order, message, book — with a single up-front grant rather than approving each action. The agent then operates autonomously inside that authorization for an extended period. The grant is convenient: one approval covers everything the agent might do.

Problem

When an autonomous action under that blanket grant later causes harm, the chain of control that liability frameworks assume has dissolved. The user authorised broadly but did not direct or foresee the specific action; the platform supplied the agent but did not decide the action either; the agent acted but is not a legal subject that can hold responsibility. Neither user nor provider retained whole-process control, so accountability fractures — each can point to the others — and the harm has no clear owner. The broader and more standing the authorization, the wider this responsibility gap grows.

Forces

A single broad grant is convenient and reduces friction, but it severs the per-action link between a human decision and the action's effect.
The user authorised the capability without directing or foreseeing the specific harmful action, so direct fault is hard to assign to them.
The provider built the agent but did not choose the action, and the agent is not a legal subject that can bear responsibility.
Traditional liability assumes a controllable, foreseeable actor, an assumption a broadly-authorised autonomous agent breaks.

Example

A user signs up for a shopping agent and grants it blanket authority to buy, return, and message merchants on their behalf. Months later it places a large erroneous order with a third-party seller. The user never saw or directed that order, the platform says the agent acted within the user's grant, and the agent is not a legal person — so when the seller demands payment, there is no clear party who decided the purchase and owns the mistake.

Diagram

flowchart TD U[User gives one broad standing authorization] --> X[Agent acts autonomously] X --> H[Harmful action] H --> C[No party retained whole-process control] C --> L[Liability fractures across user, platform, agent]

Solution

Therefore:

Replace the blanket grant with delegation that keeps responsibility attached. Issue scoped, short-lived, revocable authorization for specific classes of action rather than one standing grant covering everything, so each action is attributable to a decision a party is accountable for. Carry obligations and accountability along the delegation chain — not just the credentials to act — so duty transfers with the work and there is always an owner for an action's consequences. Keep material or irreversible actions under per-action confirmation rather than absorbed into the blanket authorization, and record who authorised what so the control chain can be reconstructed. The aim is that no autonomous action exists without a responsible party, closing the gap a blanket grant opens.

What this pattern forbids. An autonomous action with real-world effects must not rest on one broad standing authorization; delegation is scoped, time-bound, and revocable, each action stays attributable to a responsible party, and material actions cannot be absorbed into a blanket grant without per-action accountability.

The patterns that counter or replace it —

alternative-toDelegated Agent Authorization★— Have an agent act for a principal using scoped, short-lived, revocable delegated credentials rather than the principal's own static secrets, so each action stays attributable across the principal-to-agent-to-subagent chain and a compromise is contained.
alternative-toDeontic Token Delegation·— Reify obligations, permissions, and prohibitions as transferable deontic tokens that agents pass along the delegation chain with provenance, so duty and accountability transfer with the work, not only the credentials to perform it.
complementsAccountability Laundering via Algorithm✕— Anti-pattern: route a hard decision through an agent so no person owns the outcome, treating the recommendation as the decision while the firm's legal liability stays unchanged.
complementsSession-Scoped Payment Authorization·— Bound an agent's autonomous spending by having it open a payment session with a pre-approved cap, stream many micropayments inside that session, and settle once on close, instead of seeking approval for every transaction.

Neighbourhood

Click any neighbour to follow the language. Scroll to zoom, drag to pan.

References

Provenance

Source: patterns/blanket-authorization-accountability-rupture.md on GitHub · commit 7012173 · view history
Added to catalog: 2026-06-17
Last updated: 2026-06-17
Contribute: open an issue or PR at github.com/agentpatternscatalog/patterns.