Can users revoke an AI agent?

Yes. Arc lets users revoke an agent grant so future action requests are blocked until the user reconnects the agent.

Is Arc browser automation?

No. Arc is an agent access control product for defined app actions, permissions, approvals, audit logs, and revocation.

Security

Safe AI agent access starts with action boundaries.

Arc is designed for teams that want agents to help users without granting broad sessions, raw API keys, or invisible permissions.

Start building Talk security

Principles

Arc keeps the agent on a shorter leash than the user.

A human account can do many things. An agent grant should only allow the actions a user selected, with extra approval for sensitive work.

Least privilege

Actions, not full sessions.

Agents request named app actions. Arc rejects anything outside the user grant.

Human approval

Ask before side effects.

Sending, creating, refunding, or changing state can require a user decision before execution.

Revocation

Access ends when the user says so.

Revoking a grant blocks future agent requests immediately.

Threat model

What Arc reduces.

Arc is not a replacement for your application security program. It reduces the specific risk of AI agents receiving too much authority.

Without Arc

Agents get broad API keys or user sessions.
Users cannot see which actions are available.
Sensitive actions happen without a pause.
Logs do not explain agent intent or permission decisions.
Revocation depends on each client or integration.

With Arc

Agents request named actions through a policy check.
Users choose allow, ask, or block.
Sensitive actions require approval.
Every request gets an audit event.
Users can revoke access from one control point.

Controls

The security controls users can understand.

Arc uses plain language around agent access so security does not live only in developer docs.

Control	What it does	Why it matters
Agent identity	Records which agent client requested the action.	Teams can separate Claude, ChatGPT, Cursor, and custom agents in logs.
Action policy	Maps each app action to allow, ask, or block.	Users grant the task, not the whole account.
Approval request	Pauses ask actions for user confirmation.	External side effects stay under human control.
Audit log	Stores request, decision, result, and timestamp.	Product and security teams can review agent behavior.
Revocation	Turns off future requests for a grant.	Users can stop access when trust changes.

FAQ

Does Arc store user credentials?

Arc is designed to avoid giving agents raw user credentials. The app keeps its own user and API security model while Arc stores the grant and policy information needed to enforce agent actions.

Can users revoke an agent?

Yes. Revocation is a core part of the product loop. After revocation, future agent requests for that grant are blocked.

Is Arc a browser automation tool?

No. Arc is for controlled app actions through defined APIs and adapters. It is not a browser automation product.

Security first

Give agents less authority than the human account.

Start with explicit actions and clear permission defaults.

Design permissions Contact founder