The Connector Is More Dangerous Than the Model

The model generates text. Connectors retrieve private records and perform actions. Their permissions define the real blast radius.

The answer

Debate focuses on which model is safest. The connector often deserves more attention. It can search inboxes, retrieve files, update records, send messages and create users. A modest model with broad connectors can create greater consequence than a powerful model with no tools.

Debate focuses on which model is safest. The connector often deserves more attention.

It can search inboxes, retrieve files, update records, send messages and create users. A modest model with broad connectors can create greater consequence than a powerful model with no tools.

Inventory connector authority

- Sources readable.

- Actions writable.

- User identity represented.

- Permission propagation.

- Logging and administrator access.

- Revocation.

Value object — The Connector Permission Card

- Business purpose.

- Minimum scopes.

- Data domains.

- Allowed actions.

- Approval and rate limits.

- Test and expiry.

Separate read from act

Use different credentials and services for retrieval and execution. Shorten token lifetimes and prevent cross-domain joins not required by the task.

The model proposes. The connector touches reality. Govern the second accordingly.

Where this breaks

Connectors often receive broad scopes because narrow configuration is inconvenient. Those scopes persist after the experiment and become invisible machine authority.

The operating move

Issue task-specific credentials with short lifetimes. Separate connectors by domain and make every write path independently approve and log consequence.

Inventory active tokens and scopes.

Separate read and write identities.

Restrict network destinations.

Revoke unused experiments.

The test

Compromise a test connector identity. The maximum accessible data and action should match one bounded workflow, not the institution.

Sources

  1. NIST: AI Risk Management Framework — Generative AI ProfileNIST: AI Risk Management Framework

    Primary authority

  2. Swiss FDPIC: AI and data protectionSwiss FDPIC: AI and data protection

    Primary authority

  3. NIST SP 800-207: Zero Trust ArchitectureNIST SP 800-207: Zero Trust Architecture

    Primary authority

Adam J. De CollibusFounding Partner, Svperior / Systems Engineering

Jonathan P. De Collibus

Jonathan co-founded Svperior in 2014 and leads its cyber practice. His work sits where adversarial pressure, technical architecture, and consequential decisions meet, with experience across clinical, financial, public-sector, and private-client systems where confidentiality, continuity, and technical correctness carry material consequences.

Cyber strategy / Adversarial assessment / Security architecture / Private systems

Need to apply this to a specific situation?

Send us the initial context. If the matter fits, we will respond directly.

Send private inquiry
The Connector Is More Dangerous Than the Model \