Many (maybe even most bugs) the ais are finding are memory safety errors, which is pretty clearly not "the fault of running things with ambient authority". The data is treated as untrusted, but due to a mistake can still do something it shouldn't.

"Solve things" or actually do something useful, pick one.

If anything, maybe the security community can finally be arsed to consider ad-hoc delegation of authority as a core concept and a basic use case, because that's arguably the primary source of persistent user-level security issues in computing.

In real life, it's absolutely normal to ask random people on the fly to do something in your name, with your credentials - whether that's sending your kid with your credit card for a grocery run, asking spouse to do some bank transfers for you or set up a new computer for you, or asking a co-worker to operate some system. It's the other reason people write passwords on post-its: even without bullshit password strength rules (see xkcd://936), there's still a frequent need to share passwords with people.

Meanwhile, for the past decades, security community has been insisting on tying authority to individuals, and doing everything possible both technologically and socially to prevent authority delegation (except in top tier corporate systems, where this is technically supported, but in such convoluted, complex and broken ways that it may as well not exist - people will still resort to post-its in drawers).

Until this basic concept is recognized, I fear more broad security improvements will only result in more useful work being prevented from happening, and more people-years wasted as users figure out ways to defeat security measures so they can do their actual jobs.