OAuth Works for AI Agents but Scaling is Another Question

Maya Kaczorowski noticed that AI identity and AI agent identity concerns were emerging from outside the security industry, rather than from CISOs and security leaders. She concluded that OAuth, the open standard for authentication, already serves the purpose of granting access without exposing passwords. 

Kaczorowski, a respected technologist and founder of Oblique, a startup focused on self-serve access controls, recently wrote about OAuth and AI agents and shared her insights on this episode of The New Stack Makers. She noted that developers see AI agents as extensions of themselves, granting them limited access to data and capabilities—precisely what OAuth is designed to handle. 

The challenges with AI agent identity are vast, involving different approaches to authentication, such as those explored by companies like AuthZed. While existing authorization models like RBAC or ABAC may still apply, the real challenge lies in scale. The exponential growth of AI-related entities—from users to LLMs—could mean even small organizations manage hundreds of thousands of agents. Future solutions must accommodate this massive scale efficiently. 

For the full discussion, check out The New Stack Makers interview with Kaczorowski. 

Learn more from The New Stack about OAuth requirements for AI Agents: 

OAuth 2.0: A Standard in Name Only? 

AI Agents Are Redefining the Future of Identity and Access Management

Join our community of newsletter subscribers to stay on top of the news and at the top of your game.