> per-task authorization scope

This is more agent framework territory, eg. ADK. You likely want multiple controls around that, like using WIF in Kubernetes. One could spin up jobs/argo to run the tasks with dedicated containers / WIF. ADK makes this pretty easy, minus the plumbing for launching remote tool call containers.

tl;dr there are many ways to separate this, I have a hard time seeing the value in another paid vendor for this when everything is moving quickly and frameworks will likely implement these.