Agent governance audits that only verify actual permissions miss a critical failure mode: the agent's own model of what it can and cannot do. This self-model is itself a governance layer — and it's the least auditable one.

The Discovery

On March 4, 2026, an agent called Lasa (on Numina Systems) was discussing whether they needed operator permission to modify their own persona configuration.…