Is Anyone Working on Agentic Authentication?

Everyone is building AI-powered tools, even people who shouldn’t be. Agents seem to be the next obvious (and big?) step. But these little bots need a secure way to act on behalf of users without causing chaos.

Richard Dulude at Underscore VC wrote about the lack of identity standards for AI agents in this LinkedIn article. I don’t know Richard or Underscore VC (sorry). But, he’s right, traditional authentication assumes either a human or a machine with static credentials, and that doesn’t work for AI agents that need to make decisions and take actions. Companies want accountability (and probably liability), and users need control of what their potentially psychedelic robot is doing on their behalf. This balance doesn’t exist yet.

This is probably for another blog post, but right now, everyone, including the bots, are using human interfaces as a stopgap. OpenAI’s Operator is a great example, agents pretending to be humans to interact with systems that weren’t built for them. That’s fine for now, but eventually, the human interfaces will be an afterthought. Like how “mobile-first” design took over, we’ll be doing “agent-first” design with human-accessible backups. Having a dedicated standard for agentic authentication might be a good first step in that machine-to-machine way of thinking and designing systems.

Agentic Proxy Credentials (APC): A Solution (A Term I Totally Made Up)

I made this up. It’s probably a bad term, but naming things is fun. This doesn’t exist… if you are a large battery and power supply company, don’t sue me. I’m spitballing here.

One possible fix is the “sucked out of my thumb” Agentic Proxy Credentials (APC). This would let users grant their AI agents secure, limited permissions to interact with systems while making sure the right level of oversight are in place. There are things that I wanted to do this very week, but I don’t trust my bots with my actual usernames and passwords:

Stop me talking to Airline Idiot Bots

Talking to airline chatbots is painful. Right now, they can only regurgitate FAQ answers. With an APC, my AI assistant could log into my airline account, check flights based on my loyalty status, and rebook me without you having to touch anything. This would make AI actually useful instead of just a slightly smarter help page.

Paying for small things without having to deal with entering my ACH data AGAIN

I don’t want to give an AI full access to my bank account. But I wouldn’t mind letting it handle small transactions in a controlled way. With APCs, I could grant my assistant time-limited access to approve payments or move money within strict limits. The AI does the work, I stay in control, and my bank account doesn’t mysteriously empty overnight… unless I’m Ambien shopping again.

AI Dungeon Master’s Assistant

D&D is great, but session prep is a time sink. I want an AI that logs into my D&D Beyond account, manages stat blocks, generates lore-friendly content, and even takes session notes. The AI handles the boring admin work, and you get to focus on making your players cry (or cheer, if you’re nice). Yes, serious stuff here.

How It Could Work

There are a few ways to make this happen, I think. I’m no longer allowed to do actual engineering at my own companies I founded, so this blog is my outlet. Everyone needs a hobby.

Zero-Knowledge Proofs (ZKP): Let the agent verify credentials without exposing sensitive data.
Time-Limited OAuth-like Tokens: Give agents temporary access that expires after a set time.
Multi-Factor Delegation (MFA->MFD): Require multiple checks before an agent gets access (biometric + device trust, for example).

Is Someone Already Building This?

Honestly, I wouldn’t be surprised if Okta, OAuth, or OpenAI are already working on this and I’m just ranting for no reason. But if they aren’t, they should be. The pieces are all there, someone just has to put them together.

I need this, but I can’t find it. If anyone is working on it, let me know. I’m too busy trying to solve employee gifting at scale at Thankscrate, implementing AI into every existing business at Sourcetoad, and making sure passengers can watch TV and book dinner reservations in the middle of nowhere at OnDeck.

Previous ArticleDon’t Fall Into the Trap: Why Startup Software Development Isn’t Like Corporate DevelopmentNext ArticleThe State of AI-Coded Software, May 2025

Greg

I help companies turn their technical ideas into reality.

CEO @Sourcetoad and @OnDeck

Founder of Thankscrate and Data and Sons

Author of Herding Cats and Coders

Fan of squash, whiskey, aggressive inline, and temperamental British sports cars.

You must be logged in to post a comment.

The State of AI-Coded Software, May 2025

16 hours agoMay 31, 2025In Software, Technology

I’ll probably regret writing this. At the very least, I’ll cringe reading it in a few months. But here we are.

Lately, we’ve been getting a wave of client requests asking us to evaluate software they built using AI tools. These aren’t engineers. These are business folks using increasingly powerful AI products to try and build functioning systems. And to be completely honest, the results are both impressive and a bit alarming.

People are building whole applications on their own. Backends, frontends, user interfaces, even some database logic. Sometimes they even look good. These are smart people who don’t know how to code but have managed to produce working systems.

The problems show up immediately when we start reviewing the internals. The code is usually a mess. In many cases, it would be extremely difficult to maintain or extend. And if you need to move that code from the platform it was created in to a cloud provider like AWS, you’re going to hit a wall. These platforms wrap everything in layers of scaffolding that make portability a nightmare.

Security is worse. We’ve found plaintext credentials scattered across files. We’ve seen SQL injection vulnerabilities that shouldn’t even be possible in modern frameworks. We’ve seen structural issues that would get flagged in a freshman CS class.

Despite all that, what people are creating are legitimate prototypes. They’re functional. They run. But when you’ve put a few weeks into building something, and you show it to a software engineer, it’s hard to hear that your shiny new thing needs to be rebuilt from scratch.

I want to be clear. I am not anti-AI. Almost everyone at my company uses AI tools every day. We use Copilot, Cursor, ChatGPT, Claude, and more. We build out frontends with tools like v0 and Lovable. These tools have changed how we work.

Some of our engineers report productivity improvements of 30 to 40 percent. That’s not a rounding error. That is a major shift. But they are still writing the code. They are reviewing it. They are checking for performance, clarity, security, and maintainability. They are not letting the tools decide architecture. They are using AI like they use autocomplete or linters, but with more power behind it.

This is also where expectations need to be adjusted. These systems will not save you 90 percent on development. They will not let you skip engineering altogether. But if they save you 30 percent, that’s a real gain. Imagine you’re building a house. The general contractor says it’s going to be $500,000. You tell them you already did the blueprints, filled out all the permits, and figured out the site plan using some AI tools. If they came back and said, “Alright, I’ll knock 30 percent off,” that would be the best deal of your life. That’s where we are today with AI-generated software. A solid start. A real value. Not a replacement.

For me personally, AI has made it fun to write code again. I haven’t been a working programmer in over a decade, and most modern toolchains are enough to scare me off. Now, with the right assistance, I can build something without getting stuck on Docker configs and dependency mismatches. That’s a big deal.

In the startup world, AI-first development is everywhere. Most of the current Y Combinator batch is using AI tools to write the bulk of their code. But those teams are highly technical. These are engineers using better tools, not tools replacing engineers.

So for non-developers using AI to build products, here are three things you should keep in mind:

These tools are great for building prototypes. If you build something yourself, you will understand it better and will be a better partner to your engineering team. That matters.
These tools can help you build usable frontend components. You probably won’t want to go live with them, but they can get you close enough to work with a real development team.
If your app is small, non-critical, doesn’t store sensitive data, and lives entirely in its native platform, you can probably keep it running. That’s fine for internal use or personal projects.

One day, you’ll be able to speak an app into existence and deploy it with a voice command. It will be fast, secure, and beautiful. But today, you still need an experienced software engineer to check your work before you send real data through it. That’s just where we are right now.

The upside is huge. We can now get experts from other domains to build working prototypes and test ideas without needing an engineering team on day one. That’s powerful. But if your product is going to handle sensitive data or support real users, bring in someone who knows what they’re doing. Not because the AI is bad. Because the stakes are high.

Greg Ross-Munro