The last time I delved into lattices, it was in connection with the NIST FIPS 204 Module-Lattice-Based Digital Signature Standard. To understand why the standard is lattice-based, I turned to NordVPN:
“A lattice is a hierarchical structure that consists of levels, each representing a set of access rights. The levels are ordered based on the level of access they grant, from more restrictive to more permissive.”
In essence, the lattice structure allows more elaborate access rights.
This article (“Lattice-Based Identity and Access Management for AI Agents”) discusses lattices more. Well, not explicitly; the word “lattice” only appears in the title. But here is the article’s main point:
“We are finally moving away from those clunky, “if-this-then-that” systems. The shift to deep learning means agents can actually reason through a mess instead of just crashing when a customer uses a slang word or a shipping invoice is slightly blurry.”
It then says
“Deep learning changes this because it uses neural networks to understand intent, not just keywords.”
Hmm…intent? Sounds a little somewhat you why…or maybe it’s just me.
But it appears that we sometimes don’t care about the intent of AI agents.
“If you gave a new employee the keys to your entire office and every filing cabinet on day one, you’d be sweating, right? Yet, that is exactly what many companies do with ai agents by just slapping an api key on them and hoping for the best.”
This is not recommended. See my prior post on attribute-based access control, which led me to focus more on non-person entities (non-human identities).
As should we all.
Bredemarket 