What it changes
Who can pull it
What it looks like institutionally
Systems accrete connections: a cache wired to an agent, a transcript fed to a fine-tune, a case system syncing to a analytics store. Each new pathway is a new route for error and a new surface nobody governs. Connection authorization inverts the default: pathways between components are closed until an accountable actor opens them, with the grant recorded.
This is ordinary security practice applied to error propagation: least-privilege for information flow, where the risk is both contamination inbound and exfiltration outbound — a pathway that copies records out of the governed system to an external store nobody holds a data agreement with is the same unauthorized connection, closed the same way.
The audit twin: periodically enumerate live pathways and reconcile against grants. The connections nobody remembers approving are precisely the ones to worry about.
Addresses: Unauthorized data pathways · Shadow integrations · Records replicated out of the boundary. Test a version of this lever in the PAN Lab.