{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T04:44:37Z","timestamp":1776055477687,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,13]]},"DOI":"10.1145\/3772363.3798851","type":"proceedings-article","created":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T01:55:28Z","timestamp":1776045328000},"page":"1-10","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Towards Human-Centered Agent Authorization: A Landscape Analysis of Commercial AI Agents"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-6788-0696","authenticated-orcid":false,"given":"Yi","family":"Evie Zhang","sequence":"first","affiliation":[{"name":"Siebel School of Computing and Data Science, University of Illinois Urbana Champaign, Champaign, Illinois, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4656-2175","authenticated-orcid":false,"given":"Ge","family":"Wang","sequence":"additional","affiliation":[{"name":"Siebel School of Computing and Data Science, University of Illinois at Urbana-Champaign, Champaign, Illinois, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,4,13]]},"reference":[{"key":"e_1_3_3_2_2_2","unstructured":"Meysam Alizadeh Zeynab Samei Daria Stetsenko and Fabrizio Gilardi. 2025. Simple Prompt Injection Attacks Can Leak Personal Data Observed by LLM Agents During Task Execution. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2506.01055 (2025)."},{"key":"e_1_3_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300233"},{"key":"e_1_3_3_2_4_2","volume-title":"100 Gen AI Apps, Edition 5","author":"Horowitz Andreessen","year":"2025","unstructured":"Andreessen Horowitz. 2025. 100 Gen AI Apps, Edition 5. https:\/\/a16z.com\/100-gen-ai-apps-5\/ Accessed: 2025-01-22."},{"key":"e_1_3_3_2_5_2","volume-title":"Model Context Protocol: Introduction","year":"2024","unstructured":"Anthropic. 2024. Model Context Protocol: Introduction. https:\/\/modelcontextprotocol.io\/docs\/getting-started\/intro Accessed: 2025-01-22."},{"key":"e_1_3_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3544548.3580959"},{"key":"e_1_3_3_2_7_2","first-page":"97","volume-title":"21st USENIX Security Symposium (USENIX Security 12)","author":"Carlini Nicholas","year":"2012","unstructured":"Nicholas Carlini, Adrienne\u00a0Porter Felt, and David Wagner. 2012. An evaluation of the google chrome extension security architecture. In 21st USENIX Security Symposium (USENIX Security 12). 97\u2013111."},{"key":"e_1_3_3_2_8_2","unstructured":"Stephen Casper Luke Bailey Rosco Hunter Carson Ezell Emma Cabal\u00e9 Michael Gerovitch Stewart Slocum Kevin Wei Nikola Jurkovic Ariba Khan et\u00a0al. 2025. The ai agent index. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2502.01635 (2025)."},{"key":"e_1_3_3_2_9_2","volume-title":"Constructing grounded theory: A practical guide through qualitative analysis","author":"Charmaz Kathy","year":"2006","unstructured":"Kathy Charmaz. 2006. Constructing grounded theory: A practical guide through qualitative analysis. Sage."},{"key":"e_1_3_3_2_10_2","doi-asserted-by":"crossref","unstructured":"Hanbyul Choi Jonghwa Park and Yoonhyuk Jung. 2018. The role of privacy fatigue in online privacy behavior. Computers in Human Behavior 81 (2018) 42\u201351.","DOI":"10.1016\/j.chb.2017.12.001"},{"key":"e_1_3_3_2_11_2","doi-asserted-by":"crossref","unstructured":"Badhan\u00a0Chandra Das M\u00a0Hadi Amini and Yanzhao Wu. 2025. Security and privacy challenges of large language models: A survey. Comput. Surveys 57 6 (2025) 1\u201339.","DOI":"10.1145\/3712001"},{"key":"e_1_3_3_2_12_2","doi-asserted-by":"crossref","unstructured":"Lena Enqvist. 2023. \u2018Human oversight\u2019in the EU artificial intelligence act: what when and by whom? Law Innovation and Technology 15 2 (2023) 508\u2013535.","DOI":"10.1080\/17579961.2023.2245683"},{"key":"e_1_3_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/2335356.2335360"},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"crossref","unstructured":"Heike Felzmann Eduard Fosch-Villaronga Christoph Lutz and Aurelia Tam\u00f2-Larrieux. 2020. Towards transparency by design for artificial intelligence. Science and engineering ethics 26 6 (2020) 3333\u20133361.","DOI":"10.1007\/s11948-020-00276-4"},{"key":"e_1_3_3_2_16_2","unstructured":"KJ Feng Tae\u00a0Soo Kim Rock\u00a0Yuren Pang Faria Huq Tal August and Amy\u00a0X Zhang. 2025. On the Regulatory Potential of User Interfaces for AI Agent Governance. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2512.00742 (2025)."},{"key":"e_1_3_3_2_17_2","unstructured":"K.\u00a0J.\u00a0Kevin Feng David\u00a0W. McDonald and Amy\u00a0X. Zhang. 2025. Levels of Autonomy for AI Agents. arxiv:https:\/\/arXiv.org\/abs\/2506.12469\u00a0[cs.HC] https:\/\/arxiv.org\/abs\/2506.12469"},{"key":"e_1_3_3_2_18_2","doi-asserted-by":"crossref","unstructured":"Jessica Fjeld Nele Achten Hannah Hilligoss Adam Nagy and Madhulika Srikumar. 2020. Principled artificial intelligence: Mapping consensus in ethical and rights-based approaches to principles for AI. Berkman Klein Center Research Publication2020-1 (2020).","DOI":"10.2139\/ssrn.3518482"},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2196"},{"key":"e_1_3_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1145\/3605764.3623985"},{"key":"e_1_3_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6749"},{"key":"e_1_3_3_2_22_2","doi-asserted-by":"crossref","unstructured":"Norm Hardy. 1988. The Confused Deputy: (or why capabilities might have been invented). ACM SIGOPS Operating Systems Review 22 4 (1988) 36\u201338.","DOI":"10.1145\/54289.871709"},{"key":"e_1_3_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2025.acl-long.369"},{"key":"e_1_3_3_2_24_2","first-page":"14","volume-title":"International Conference on Information Systems (ICIS 2014), Auckland, New Zealand, December","author":"Keith Mark\u00a0J","year":"2014","unstructured":"Mark\u00a0J Keith, Courtenay Maynes, Paul\u00a0Benjamin Lowry, and Jeffry Babb. 2014. Privacy fatigue: The effect of privacy control complexity on consumer electronic information disclosure. In International Conference on Information Systems (ICIS 2014), Auckland, New Zealand, December. 14\u201317."},{"key":"e_1_3_3_2_25_2","doi-asserted-by":"crossref","unstructured":"Hokeun Kim and Edward\u00a0A Lee. 2017. Authentication and Authorization for the Internet of Things. IT Professional 19 5 (2017) 27\u201333.","DOI":"10.1109\/MITP.2017.3680960"},{"key":"e_1_3_3_2_26_2","unstructured":"Hao Li Xiaogeng Liu Hung-Chun Chiu Dianqi Li Ning Zhang and Chaowei Xiao. 2025. DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2506.12104 (2025)."},{"key":"e_1_3_3_2_27_2","doi-asserted-by":"crossref","unstructured":"Miles\u00a0Q Li and Benjamin\u00a0CM Fung. 2025. Security concerns for large language models: A survey. Journal of Information Security and Applications 95 (2025) 104284.","DOI":"10.1016\/j.jisa.2025.104284"},{"key":"e_1_3_3_2_28_2","doi-asserted-by":"crossref","unstructured":"Ben Light Jean Burgess and Stefanie Duguay. 2018. The walkthrough method: An approach to the study of apps. New media & society 20 3 (2018) 881\u2013900.","DOI":"10.1177\/1461444816675438"},{"key":"e_1_3_3_2_29_2","unstructured":"Tula Masterman Sandi Besen Mason Sawtell and Alex Chao. 2024. The Landscape of Emerging AI Agent Architectures for Reasoning Planning and Tool Calling: A Survey. arxiv:https:\/\/arXiv.org\/abs\/2404.11584\u00a0[cs.AI] https:\/\/arxiv.org\/abs\/2404.11584"},{"key":"e_1_3_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445610"},{"key":"e_1_3_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/3711896.3736555"},{"key":"e_1_3_3_2_32_2","doi-asserted-by":"crossref","unstructured":"Claudio Novelli Mariarosaria Taddeo and Luciano Floridi. 2024. Accountability in artificial intelligence: What it is and how it works. Ai & Society 39 4 (2024) 1871\u20131882.","DOI":"10.1007\/s00146-023-01635-y"},{"key":"e_1_3_3_2_33_2","doi-asserted-by":"crossref","unstructured":"Jerome\u00a0H Saltzer and Michael\u00a0D Schroeder. 1975. The protection of information in computer systems. Proc. IEEE 63 9 (1975) 1278\u20131308.","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_3_2_34_2","unstructured":"Tianneng Shi Jingxuan He Zhun Wang Hongwei Li Linyu Wu Wenbo Guo and Dawn Song. 2025. Progent: Programmable privilege control for llm agents. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2504.11703 (2025)."},{"key":"e_1_3_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1093\/oso\/9780192845290.001.0001"},{"key":"e_1_3_3_2_36_2","volume-title":"Forty-second International Conference on Machine Learning Position Paper Track","author":"South Tobin","unstructured":"Tobin South, Samuele Marro, Thomas Hardjono, Robert Mahari, Cedric\u00a0Deslandes Whitney, Alan Chan, and Alex Pentland. [n. d.]. Position: AI Agents Need Authenticated Delegation. In Forty-second International Conference on Machine Learning Position Paper Track."},{"key":"e_1_3_3_2_37_2","unstructured":"Tobin South Subramanya Nagabhushanaradhya Ayesha Dissanayaka Sarah Cecchetti George Fletcher Victor Lu Aldo Pietropaolo Dean\u00a0H Saxe Jeff Lombardo Abhishek\u00a0Maligehalli Shivalingaiah et\u00a0al. 2025. Identity Management for Agentic AI: The new frontier of authorization authentication and security for an AI agent world. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2510.25819 (2025)."},{"key":"e_1_3_3_2_38_2","doi-asserted-by":"crossref","unstructured":"Jamie Thompson. 2022. A guide to abductive thematic analysis. The qualitative report 27 5 (2022) 1410\u20131421.","DOI":"10.46743\/2160-3715\/2022.5340"},{"key":"e_1_3_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/3706598.3714138"},{"key":"e_1_3_3_2_40_2","first-page":"407","volume-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019)","author":"Vance Anthony","year":"2019","unstructured":"Anthony Vance, David Eargle, Jeffrey\u00a0L Jenkins, C\u00a0Brock Kirwan, and Bonnie\u00a0Brinton Anderson. 2019. The fog of warnings: how non-essential notifications blur with security warnings. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). 407\u2013420."},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025896"},{"key":"e_1_3_3_2_42_2","unstructured":"Yuhao Wu Ke Yang Franziska Roesner Tadayoshi Kohno Ning Zhang and Umar Iqbal. 2025. Towards automating data access permissions in ai agents. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2511.17959 (2025)."},{"key":"e_1_3_3_2_43_2","doi-asserted-by":"crossref","unstructured":"Zhiheng Xi Wenxiang Chen Xin Guo Wei He Yiwen Ding Boyang Hong Ming Zhang Junzhe Wang Senjie Jin Enyu Zhou et\u00a0al. 2025. The rise and potential of large language model based agents: A survey. Science China Information Sciences 68 2 (2025) 121101.","DOI":"10.1007\/s11432-024-4222-0"},{"key":"e_1_3_3_2_44_2","unstructured":"Yingxuan Yang Huacan Chai Yuanyi Song Siyuan Qi Muning Wen Ning Li Junwei Liao Haoyi Hu Jianghao Lin Gaowei Chang Weiwen Liu Ying Wen Yong Yu and Weinan Zhang. 2025. A Survey of AI Agent Protocols. arxiv:https:\/\/arXiv.org\/abs\/2504.16736\u00a0[cs.AI] https:\/\/arxiv.org\/abs\/2504.16736"},{"key":"e_1_3_3_2_45_2","doi-asserted-by":"crossref","unstructured":"Qiusi Zhan Zhixiang Liang Zifan Ying and Daniel Kang. 2024. Injecagent: Benchmarking indirect prompt injections in tool-integrated large language model agents. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2403.02691 (2024).","DOI":"10.18653\/v1\/2024.findings-acl.624"},{"key":"e_1_3_3_2_46_2","unstructured":"Jinhao Zhu Kevin Tseng Gil Vernik Xiao Huang Shishir\u00a0G Patil Vivian Fang and Raluca\u00a0Ada Popa. 2025. MiniScope: A Least Privilege Framework for Authorizing Tool Calling Agents. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2512.11147 (2025)."}],"event":{"name":"CHI EA '26: Extended Abstracts of the 2026 CHI Conference on Human Factors in Computing Systems","location":"Barcelona , Spain","acronym":"CHI EA '26","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"]},"container-title":["Proceedings of the Extended Abstracts of the 2026 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3772363.3798851","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T03:56:07Z","timestamp":1776052567000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3772363.3798851"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,13]]},"references-count":45,"alternative-id":["10.1145\/3772363.3798851","10.1145\/3772363"],"URL":"https:\/\/doi.org\/10.1145\/3772363.3798851","relation":{},"subject":[],"published":{"date-parts":[[2026,4,13]]},"assertion":[{"value":"2026-04-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}