AuthBench: Benchmarking Least-Privilege Authorization in Coding Agents

A recent study presents permission-boundary inference, in which a model correlates task instructions and terminal environments to a file-level policy for reading, writing, and executing. The researchers developed AuthBench, a benchmark consisting of 120 realistic terminal tasks, complete with human-reviewed permission labels and executable validators for assessing utility and attack outcomes. Findings from AuthBench indicate that authorization is more complex than merely balancing conservative and permissive approaches: frontier models frequently neglect permissions necessary for the execution chain while also allowing access to unused or sensitive resources. Enhancing reasoning during inference does not rectify this discrepancy. This research is available on arXiv with the identifier 2605.14859.