Dust and the Permissioning Problem — Why Enterprise AI Agents Will Live or Die by Access Control

Dust is one of the few agent platforms where the pitch actually survives a skeptical read. The core idea — agents that know your company's data because they're connected to your Notion, Slack, Google Drive, GitHub, and the CRM — has been tried by roughly every vendor in the space. Most ship a version that works in a demo and falls over in production. Dust's $6M ARR in 2026, SOC 2 Type II certification, and enterprise customer list suggest they've done the hard work to make the pattern real.

The hard work is actually the same thing the competition keeps underrating: the permissioning layer.

What Dust is, in one paragraph

Dust is an enterprise AI agent platform that connects to existing company knowledge (Notion, Slack, Drive, GitHub, HubSpot, more) and lets agents search, reason, and act on real internal context. Agents can create GitHub issues, schedule meetings, update CRM records, and push code reviews — all governed by a native permissioning layer that separates data-access rights from agent-usage rights. Model-agnostic, supporting OpenAI, Anthropic, Google, and Mistral. SOC 2 Type II, GDPR-compliant, HIPAA-ready. SSO/SCIM. €29 per user per month after a 14-day trial.

The thing everyone gets wrong

Every "agent with your company data" product eventually runs into the same wall. The agent works. It answers questions well. Then someone asks it about a sensitive Notion page, the agent dutifully pulls the content, and summarises it in a shared channel — including information only three people were supposed to see.

The naïve fix is "only let the agent see what the user can see." That breaks a large number of legitimate use cases: any agent that needs to reason across documents some of which are restricted to specific people, any workflow where the agent needs elevated permissions to act, any cross-team visibility that depends on aggregation without disclosure.

Dust's answer is to separate three concerns most products collapse: what the underlying user can read, what the agent is authorised to read, and what the agent is authorised to return. The platform enforces these at the data layer rather than trusting the model to self-police — which is the posture you actually want, because models do not reliably self-police.

Why this matters now

Enterprise appetite for AI agents with access to real company data is high. Enterprise risk tolerance for getting the permissioning wrong is low. The first wave of incidents has already surfaced — enterprise Slack bots disclosing HR-sensitive content, Copilot setups surfacing M&A documents to the wrong audiences — and large customers now ask detailed questions about data access before they sign.

A year ago the conversation was "can your agent read Notion?" Today it's "can your agent read Notion in a way that respects our existing Notion permissioning, with audit trails for every read, and a separate policy layer for what it can surface to whom?" That's a meaningful shift, and most agent platforms aren't architected for it. Dust is.

What you get beyond the permissioning

• Multi-tool agents with native support for search, browse, code execution, and calendar actions.
• Model-agnostic routing — pick OpenAI, Anthropic, Google, or Mistral per agent or per task.
• Evaluation, testing, and metrics dashboards so you can tell whether an agent is actually working.
• Enterprise audit logs for every agent action, tied to user, data source, and result.
• SSO and SCIM — table stakes for enterprise, but genuinely well-done here.

The evaluation piece deserves particular attention. A lot of agent platforms ship without any way to answer "is this agent getting better or worse over time?" Dust's dashboards are an honest attempt at that problem.

How Dust compares

Against Glean. Glean is still the strongest on pure enterprise search. Dust is stronger on the agent-takes-action layer above the search. Many customers end up with both, with Glean as the knowledge index and Dust as the agent platform that reads from it.

Against Microsoft Copilot for Business. Copilot wins on ubiquity if you're a Microsoft shop. Dust wins on model choice, non-Microsoft tool integrations, and permissioning granularity.

Against building it yourself on LangChain or CrewAI. Dust saves months of plumbing and gets you the compliance certifications for free. The trade-off is less control over the underlying stack.

Against Workato ONE. Dust is agent-platform-first; Workato is integration-first. Different starting points; often complementary rather than competitive.

Caveats worth knowing

European-centric pricing in euros. €29/user/month translates to roughly £25–26 depending on FX. Reasonable for what you get, but noticeably more than per-seat ChatGPT Enterprise.

SaaS-only. No self-hosted option. For customers whose compliance regime requires on-prem, Dust isn't the answer.

Integration depth varies. The flagship integrations (Notion, Slack, Drive, GitHub, HubSpot) are deep; the long-tail integrations are shallower. Check before you commit.

Who should actually use Dust

Mid-market and upper-mid-market companies with mixed SaaS estates (Notion + Slack + Drive, not Microsoft-all-the-way-down) and a genuine need for agents that act on internal data.

Teams that care about compliance as a feature. SOC 2 Type II, GDPR, HIPAA-ready, with real audit trails. If "show me the audit log" is a question your security team asks, Dust has answers.

European companies specifically. Dust is French, GDPR-native, and European customers consistently report an easier sales and deployment experience than with US-headquartered competitors.

Not ideal for: Microsoft-all-the-way shops (Copilot is cheaper and more integrated); teams that need on-prem; sub-50-person companies where the complexity is overkill.

The signal

The agent-platform category is splitting into "permissioning-native, enterprise-first" (Dust, Glean, a quieter handful) and "everything else" (Copilot clones, framework-based builds, single-integration products). The first category is the one enterprise will actually deploy at scale. The second will stay in pilot purgatory.

For anyone building or buying in this space, the question to ask vendors is not "does your agent work?" It's "how does your permissioning model handle a user with read access to one Notion space and an agent operating on their behalf but with access to three spaces?" If the answer is vague, the product is not ready for your compliance team, regardless of how good the demo looked.

If you're evaluating enterprise agent platforms: Dust on our marketplace has the deployment and pricing specifics, and the Operations & Automation category groups the adjacent products — Workato, Glean, and the frameworks like CrewAI — if you want to run a serious comparison.