Google, Anthropic, and NVIDIA Just Made AI Permissions the Real Risk

The Bosch Brothers at Keryx Solutions

SubscribeSign in

Google, Anthropic, and NVIDIA Just Made AI Permissions the Real Risk

@krishnabosch<br>Jun 01, 2026

Share

Google is putting agents deeper into Workspace. Anthropic is raising at near-trillion-dollar scale while publishing the permission machinery around Claude Code. NVIDIA is pushing Cosmos 3 toward physical AI, with reasoning and action generation aimed at robots, vehicles, warehouses, and edge environments.<br>For a founder, the week’s common denominator is access: who gets it, what they can do with it, and how fast damage shows up.<br>Each announcement points to a surface where AI is being allowed to operate: inboxes, calendars, files, codebases, desktops, cloud PCs, enterprise apps, local machines, robots, and physical workflows. The NVIDIA thread matters because permissions are starting to reach beyond screens, into machines that can affect warehouses, vehicles, workers, and the edge systems around them.<br>Once an agent has access, the failure mode changes. A wrong answer can be corrected. A bad authorized action can send the email, change the repo, touch the customer record, execute the command, move the machine, or create a mess that only becomes visible after the fact.

Anyone who has run a company knows where this gets dangerous: a real permission, pointed at a real system, with no one watching closely.<br>The platform companies are building controls. Anthropic’s Claude Code permissions use allow, ask, and deny rules. Its auto mode exists because permission prompts create fatigue, and Anthropic still reports a 17% false-negative rate on real “overeager” actions in the full pipeline.<br>Microsoft is emphasizing agent identity, audit trails, isolated workspaces, secure environments, and human-in-the-loop safeguards. Google says Gemini Spark can act on a user’s behalf, with confirmation before high-stakes actions such as sending emails or adding calendar events.<br>Vendor controls can decide whether an agent may perform an action in general. They cannot know what that action means inside your business.<br>They do not know which shared inbox can authorize a refund. Which spreadsheet feeds payroll. Which GitHub repo deploys production. Which vendor portal can spend money. Which operations workflow assigns work to people on the floor. Which harmless-looking permission becomes dangerous when paired with another tool.<br>That context belongs to you.<br>This week, list the permissions that matter: action type, scope, owner, log, approval threshold, rollback path.

Where have we already given AI permission to touch money, customers, code, workers, or physical operations before a human would notice?

Sources: Anthropic Series H: https://www.anthropic.com/news/series-h; Anthropic Claude Code permissions: https://code.claude.com/docs/en/permissions; Anthropic Claude Code auto mode: https://www.anthropic.com/engineering/claude-code-auto-mode; Google Workspace updates: https://blog.google/products-and-platforms/products/workspace/workspace-updates/; NVIDIA Cosmos 3: https://investor.nvidia.com/news/press-release-details/2026/NVIDIA-Launches-Cosmos-3-the-Open-Frontier-Foundation-Model-for-Physical-AI/default.aspx; Microsoft Windows agentic platform: https://developer.microsoft.com/en-us/windows/agentic; Microsoft Windows 365 for Agents: https://blogs.windows.com/windowsexperience/2026/01/22/windows-365-for-agents-the-cloud-pcs-next-chapter/; Meta SEC filing: https://www.sec.gov/Archives/edgar/data/1326801/000162828026028526/meta-20260331.htm; Figure production scale: https://www.figure.ai/news/ramping-figure-03-production

Subscribe

Share

The Bosch Brothers is written by Bala and Krishna Bosch at Keryx Solutions, where they work on AI integration, software architecture, and product delivery. More at keryxsolutions.com

Share

Previous

Discussion about this post<br>CommentsRestacks

TopLatest

No posts

Ready for more?

Subscribe

© 2026 The Bosch Brothers · Privacy ∙ Terms ∙ Collection notice<br>Start your SubstackGet the app

Substack is the home for great culture

This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts