Tag
A developer seeks advice on how to control and bound AI agents' actions in production environments, particularly when they interact with real systems like databases and customer data, asking about current practices and whether this is a known headache.
A developer describes encountering authentication and authorization gaps when one AI agent calls a third-party vendor's agent, highlighting failure modes like scope escalation, unverified chains, and confused deputy attacks. They ask the community how to handle cross-org agent call verification.
Discusses the security gap in AI agent workflows where agents assume human oversight at critical steps, and proposes a runtime control plane that enforces permissions and requires human approval for destructive actions, demonstrated with a Tandem demo.
Karpathy's point about keeping AI on a leash still holds even as models improve, because permissions and authorization are separate from correctness. The article demonstrates how AI-generated apps lack identity and audit, and how Retool's platform solves this by providing a governed runtime.
This article discusses how AI agent demos often succeed while production deployment reveals critical security and authorization issues, emphasizing that model quality does not solve problems like access control, data leaks, and auditability.
Explores the challenge of enforcing authorization when AI agents take real-world actions, questioning where security controls should be placed.
The Enterprise-Managed Authorization extension for MCP is now stable, allowing organizations to centrally manage authorization for MCP servers and enabling zero-touch OAuth for end-users. Adopted by Anthropic, Microsoft, and Okta.
AI coding agents like Claude Code can be dangerous because they generate code without considering authorization and operational safety, potentially leading to unauthorized writes like deleting production databases. The real risk is not the code quality but the lack of runtime access controls.
This paper proposes Risk-Aware Causal Gating (RACG), a training-free mechanism that applies the principle of least privilege to LLM agent tool exposure, reducing attack surface from prompt injection by only exposing high-risk tools when authorized and causally necessary.
Ory Talos is an open-source API key server written in Go for issuing, verifying, and managing API keys at scale, with low-latency verification and support for JWT and macaroon tokens.
A developer created an MCP server that acts as an authorization gate for AI agents, enforcing spending mandates such as per-transaction limits, daily/weekly caps, and allowed merchants to prevent overspending.
This paper proposes a compositional authorization framework for agentic AI systems, introducing primitives for delegation, scope attenuation, and recursive permission chains to govern autonomous AI agents.
A proposal for an 'Autonomy Kernel' layer that separates authority from agent reasoning, allowing scoped, revocable permissions and auditing, analogous to an operating system kernel.
Tutorial on how to use the deepseek-v4-flash:free model for free in the hermes-web-ui panel by re-authorizing login via CLI, provided you have subscribed to the nousresearch $0 plan.
IamAgent is an authorization layer for AI agents that pauses sensitive actions and sends push notifications to your phone for approval. It integrates with multiple agent frameworks and is free for personal use.
This paper introduces a Distributed Trust Framework (DTF) for verifiable, proof-derived authorization in autonomous AI agent systems, addressing the risks of identity-centric permissions by requiring justification proofs and consensus for execution.
The article asks about cross-server authorization challenges when multiple MCP servers (e.g., Gmail, Github, Slack) are used together in an AI agent session, and whether a dedicated authz layer is needed beyond per-server OAuth.
This paper introduces 'authorization propagation' as a distinct security challenge in multi-agent AI systems, arguing that identity governance must be treated as infrastructure to maintain authorization invariants across autonomous agent interactions.
Clawvisor is a new authorization layer for AI agents that enables secure access to apps like Gmail and Slack without exposing credentials or allowing rogue actions, solving key safety issues in agent deployment.
Keycloak is an open-source identity and access management tool that provides authentication, authorization, and user management for applications, with support for social login, single sign-on, and fine-grained access control.