What AI models does the agent use?

The agent has access to Claude, DeepSeek, Gemini, and other top models. It automatically routes to the best model for each task — you never have to think about API keys or token limits.

Yes. Each agent runs in an isolated environment. We don't train on your data, and you can export or delete everything at any time. The underlying engine (GoGogot) is open-source, so you can audit exactly how it works.

What can the agent actually do?

Browse the web, process files (CSV, PDF, images), run scheduled tasks, remember context across sessions, and communicate via Telegram or Slack. Think of it as a capable junior employee, not a chatbot.

How does memory work?

The agent maintains persistent memory across sessions. It remembers your preferences, past conversations, and task context. You can also explicitly tell it to remember or forget things.

Can I self-host the agent?

Absolutely. GoGogot is 100% open-source. Run it on your own hardware for free. cowork.ink is the managed version — we handle servers, model costs, updates, and uptime so you don't have to.

Is there a free trial?

We offer a 7-day money-back guarantee. Spin up an agent, give it real tasks, and if it doesn't save you time, we'll refund you — no questions asked.

What are AI agent permissions?

AI agent permissions are the set of capabilities — read, write, execute, API calls, data access — that an agent is allowed to perform. They are enforced at the tool, resource, and API level to limit what an agent can do, even if instructed otherwise by a user or another agent. Proper permission scoping is essential for safe [multi-agent systems](/blog/multi-agent-systems/).

How do you apply the principle of least privilege to an AI agent?

Start by listing every tool and resource your agent actually needs for its task. Grant access only to those — nothing more. Use short-lived credentials with narrow OAuth 2.0 scopes, revoke access immediately after a task completes, and review permissions quarterly. If a task requires elevated access, use a just-in-time approval workflow rather than permanent grants.

What is the difference between RBAC and delegated access for AI agents?

RBAC (Role-Based Access Control) assigns a fixed permission set to a role that an agent assumes — useful when the agent's scope is predictable and static. Delegated access lets the agent act on behalf of a specific human user, inheriting only that user's permissions for a specific task and timeframe. RBAC is simpler to manage; delegated access is safer for actions that touch personal or sensitive data.

How do you prevent an AI agent from escalating its own privileges?

Never let an agent call permission-management APIs, modify its own system prompt, or provision new credentials. Enforce this at the infrastructure layer — not just in the prompt. Use a separate privileged service to handle any legitimate permission changes, and log all attempts. [Prompt injection](/blog/ai-agent-prompt-injection/) is a common escalation vector, so input validation is equally critical.

When should a human approve an AI agent's action?

Require human-in-the-loop approval for any action that is irreversible (deleting data, sending external messages, making financial transactions), that touches production systems, or that exceeds a confidence threshold you define. Low-risk, idempotent reads can be fully autonomous. The key question is: "Can this action be undone in under 5 minutes?" If not, require approval.

AI Agent Permissions: Least-Privilege Access & Role-Based Controls

COMPLETE guide to AI agent permissions — least privilege, RBAC, delegated access, JIT controls, and audit logging. Secure your agents BEFORE they go to production.

Frequently Asked Questions

What are AI agent permissions?: AI agent permissions are the set of capabilities — read, write, execute, API calls, data access — that an agent is allowed to perform. They are enforced at the tool, resource, and API level to limit what an agent can do, even if instructed otherwise by a user or another agent. Proper permission scoping is essential for safe [multi-agent systems](/blog/multi-agent-systems/).
How do you apply the principle of least privilege to an AI agent?: Start by listing every tool and resource your agent actually needs for its task. Grant access only to those — nothing more. Use short-lived credentials with narrow OAuth 2.0 scopes, revoke access immediately after a task completes, and review permissions quarterly. If a task requires elevated access, use a just-in-time approval workflow rather than permanent grants.
What is the difference between RBAC and delegated access for AI agents?: RBAC (Role-Based Access Control) assigns a fixed permission set to a role that an agent assumes — useful when the agent's scope is predictable and static. Delegated access lets the agent act on behalf of a specific human user, inheriting only that user's permissions for a specific task and timeframe. RBAC is simpler to manage; delegated access is safer for actions that touch personal or sensitive data.
How do you prevent an AI agent from escalating its own privileges?: Never let an agent call permission-management APIs, modify its own system prompt, or provision new credentials. Enforce this at the infrastructure layer — not just in the prompt. Use a separate privileged service to handle any legitimate permission changes, and log all attempts. [Prompt injection](/blog/ai-agent-prompt-injection/) is a common escalation vector, so input validation is equally critical.
When should a human approve an AI agent's action?: Require human-in-the-loop approval for any action that is irreversible (deleting data, sending external messages, making financial transactions), that touches production systems, or that exceeds a confidence threshold you define. Low-risk, idempotent reads can be fully autonomous. The key question is: "Can this action be undone in under 5 minutes?" If not, require approval.