A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. An event auditor passively monitors network traffic and provides network activity data indicative of network flows to a network privilege manager. The network privilege manager determines a current network context based on the network activity data. In response to the current network context, the network privilege manager selects a security policy and generates one or more flow policy directives in accordance with the selected policy.