Instacart has been on a journey to migrate employees from long-lived access to just-in-time (JIT) access to our most critical systems. However, we quickly discovered that if the request workflow is inefficient, JIT won’t be adopted widely enough to be useful. How could we satisfy two parties with completely different priorities: employees who want access and want it right now, and auditors who want assurance, control, and oversight? How could we avoid slipping back into old habits of long-lived access and quarterly access reviews?

In this demo-driven technical talk, we’ll show how Instacart’s developed an LLM-powered AI bot that satisfies these seemingly competing priorities and deliver true, fully-automated JIT access. This talk will be informative for anyone curious about how AI bots can be leveraged to automate workflows securely. We’ll step through how to best utilize LLMs for developing or enhancing internal security tooling by demonstrating what works, what doesn’t, and what pitfalls to watch for. Our goal is to share tactics that others can use to inform their own AI bot development, increase organizational efficiency, and inspire LLM-powered use cases for security teams beyond access controls.