Think Like a Manager
Here’s the thing: your AI workers have access to real tools and data, just like human employees. The same common-sense security practices that apply to managing a team apply here too. You wouldn’t give a new hire unrestricted access to everything on day one, right? Same principle.The Biggest Risk (And How to Avoid It)
External communications are your highest-risk area. When workers can send emails or WhatsApp messages to people outside your organization, mistakes become public. A confused response, an accidentally shared document, or a message sent to the wrong person—these things happen, and they’re much harder to undo when they leave your company. Think of it like this: you probably wouldn’t let a new employee start responding to customer emails on their first day without supervision. Same logic applies to your AI workers. The other biggest risk besides external communications is destructive actions. You should be careful with tools that have the permissions to delete files (you can check which in the tools section). While external communications can cause embarrassment or confusion, destructive actions can permanently remove important data, code, or files that may be difficult or impossible to recover. For example, be careful when connecting tools with important information. When first testing the tool, make sure you have a backup of that information. And be clear to the worker that you do not want destructive actions—explicitly tell them in their instructions that they should not delete files, remove data, or make irreversible changes without your approval.The Minimum Necessary Access Rule
Only give workers access to what they actually need to do their job. This isn’t about being paranoid—it’s just smart management.Understanding Access Levels
Different types of access carry different levels of risk:| Access Type | Risk Level | Why It Matters |
|---|---|---|
| Read | Lower | Worker can view information but can’t change or remove anything |
| Edit | Medium | Worker can modify existing content—mistakes can overwrite important data |
| Delete | Highest | Worker can permanently remove information—hardest to recover from |
Example Scenarios
Here are a few common examples of how to think about worker permissions: Sales Assistant — Needs LinkedIn and email access to reach prospects, but should start with your review before sending external messages. Executive Assistant — Handles your calendar and inbox, so requires full email and calendar access, but might not need access to financial tools. Finance Analyst — Works with sensitive financial data in spreadsheets and reports, so should have restricted access and perhaps blocked from external communications entirely.The Progressive Rollout Strategy
Don’t give workers all their permissions at once. Here’s a smarter approach:-
Start with Blocked Communications
- Block inbound emails and WhatsApp from unknown senders
- This is your main security control — workers can’t respond to external messages they don’t receive
- Train the worker on your processes with internal-only access
- Test thoroughly with your team
-
Add Limited Tool Access
- Connect to necessary tools one at a time
- Use read-only access where possible initially
- Monitor closely and give feedback on every interaction
- Make sure you’re comfortable with how they operate
-
Gradually Unblock Communications
- Only unblock external senders as needed
- Continue monitoring, just less frequently
- Expand tool permissions based on performance
Blocking inbound communications (email and WhatsApp) is your most powerful security tool. Workers can’t act on messages they never receive. Use this to control exactly who can interact with your workers.
What to Share (And What Never to Share)
✓ Share These Via Instructions and Knowledge
- Process documentation
- Response templates and scripts
- Company policies and guidelines
- FAQs and help articles
- Contact lists and organizational charts
- Project information and context
✗ Never Share These Directly
- Passwords or API keys — use Spinnable’s integration system instead
- System credentials — connect accounts properly through OAuth
- Sensitive customer data — give access to the systems, not raw data dumps
- Payment information — use proper payment integrations with permissions
Clear Instructions Prevent Security Issues
Most security problems with AI workers come from ambiguity, not malice. The clearer your instructions, the safer your worker operates. Vague instruction: “Help customers with their accounts” Clear instruction: “Help customers with account questions by checking their subscription status and usage. You can view account details but cannot make changes. If someone asks to cancel, update payment info, or change their plan, direct them to email [email protected] or offer to create a support ticket.” See the difference? The second version gives the worker clear boundaries.Monitoring and Red Flags
Just like with human employees, you should keep an eye on what your workers are doing, especially early on.What to Check Regularly
- Recent activity in connected tools — most apps let you see what actions were taken
- Sent messages — review emails and messages sent on behalf of your worker
- Data access patterns — are they accessing information that seems outside their role?
- Error messages or failed actions — often indicate the worker is trying to do something they shouldn’t
Red Flags to Watch For
🚩 Worker is accessing data unrelated to their tasks 🚩 High volume of unusual actions (lots of deletions, bulk changes, etc.) 🚩 Failed login attempts or permission errors 🚩 Messages sent to people not in their usual scope 🚩 Worker asking for passwords or credentials in chatVersion Control and Recovery
Things will occasionally go wrong. Plan for it.For Documents and Content
- Use tools with version history (Google Docs, Notion, etc.)
- Review changes before they go live when possible
- Know how to restore previous versions
For Communications
- Keep your worker’s email separate from your personal email (they get their own address)
- Review drafts before they send for high-stakes communications
- Remember: you can always tell your worker “don’t send that email yet, let me review it first”
For Data Changes
- Start with read-only and add edit permissions only when needed
- Use staging environments for testing when available
- Back up important data before giving a worker access to modify it
Treat Worker Email Like CEO Email
Your workers’ email addresses represent your company. If your worker is [email protected], recipients don’t know (and shouldn’t know) it’s an AI. This means:- Everything sent from that address reflects on your company
- Assume any email could be forwarded or shared publicly
- Consider regulatory requirements for your industry (some sectors have rules about automated communications)
- Never share sensitive information that you wouldn’t want forwarded
Privacy reminder: Worker emails are part of your business infrastructure. Just like you might read emails sent from [email protected], you should monitor worker-sent emails, especially early on. This isn’t surveillance—it’s quality control.
Start Conservative, Expand Carefully
The best security strategy is simple: start with less access than you think the worker needs, then add more as you see how they perform. It’s way easier to give a worker more permissions than to recover from a security incident because they had too much access too soon. Think of it like hiring: you give new employees more responsibility as they prove themselves. Your AI workers should follow the same progression.Quick Security Checklist
Before enabling a new tool or permission for your worker, ask:- Does this worker actually need this access to do their job?
- Am I starting with the minimum level of access (read before edit, edit before delete)?
- Have I written clear instructions about how to use this tool?
- Do I have a way to monitor what the worker does with this access?
- Can I recover if the worker makes a mistake?
- If this is external communication, have I tested the worker thoroughly internally first?