Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

Large language models (LLMs, AI systems trained on massive amounts of text) can quickly generate complex access control code in languages like Rego and Cedar, but even small errors, such as a missing condition or a made-up attribute (hallucination, when an AI invents false information), can accidentally weaken an organization's least-privilege security model (a system where users get only the minimum permissions they need).