I.

Is Anyone Working on Agentic Authentication?

By In Technology

Everyone is building AI-powered tools, even people who shouldn’t be. Agents seem to be the next obvious (and big?) step. But these little bots need a secure way to act on behalf of users without causing chaos.

Richard Dulude at Underscore VC wrote about the lack of identity standards for AI agents in this LinkedIn article. I don’t know Richard or Underscore VC (sorry). But, he’s right, traditional authentication assumes either a human or a machine with static credentials, and that doesn’t work for AI agents that need to make decisions and take actions. Companies want accountability (and probably liability), and users need control of what their potentially psychedelic robot is doing on their behalf. This balance doesn’t exist yet.

This is probably for another blog post, but right now, everyone, including the bots, are using human interfaces as a stopgap. OpenAI’s Operator is a great example, agents pretending to be humans to interact with systems that weren’t built for them. That’s fine for now, but eventually, the human interfaces will be an afterthought. Like how “mobile-first” design took over, we’ll be doing “agent-first” design with human-accessible backups. Having a dedicated standard for agentic authentication might be a good first step in that machine-to-machine way of thinking and designing systems.

Agentic Proxy Credentials (APC): A Solution (A Term I Totally Made Up)

I made this up. It’s probably a bad term, but naming things is fun. This doesn’t exist… if you are a large battery and power supply company, don’t sue me. I’m spitballing here.

One possible fix is the “sucked out of my thumb” Agentic Proxy Credentials (APC). This would let users grant their AI agents secure, limited permissions to interact with systems while making sure the right level of oversight are in place. There are things that I wanted to do this very week, but I don’t trust my bots with my actual usernames and passwords:

Stop me talking to Airline Idiot Bots

Talking to airline chatbots is painful. Right now, they can only regurgitate FAQ answers. With an APC, my AI assistant could log into my airline account, check flights based on my loyalty status, and rebook me without you having to touch anything. This would make AI actually useful instead of just a slightly smarter help page.

Paying for small things without having to deal with entering my ACH data AGAIN

I don’t want to give an AI full access to my bank account. But I wouldn’t mind letting it handle small transactions in a controlled way. With APCs, I could grant my assistant time-limited access to approve payments or move money within strict limits. The AI does the work, I stay in control, and my bank account doesn’t mysteriously empty overnight… unless I’m Ambien shopping again.

AI Dungeon Master’s Assistant

D&D is great, but session prep is a time sink. I want an AI that logs into my D&D Beyond account, manages stat blocks, generates lore-friendly content, and even takes session notes. The AI handles the boring admin work, and you get to focus on making your players cry (or cheer, if you’re nice). Yes, serious stuff here.

How It Could Work

There are a few ways to make this happen, I think. I’m no longer allowed to do actual engineering at my own companies I founded, so this blog is my outlet. Everyone needs a hobby.

Is Someone Already Building This?

Honestly, I wouldn’t be surprised if Okta, OAuth, or OpenAI are already working on this and I’m just ranting for no reason. But if they aren’t, they should be. The pieces are all there, someone just has to put them together.

I need this, but I can’t find it. If anyone is working on it, let me know. I’m too busy trying to solve employee gifting at scale at Thankscrate, implementing AI into every existing business at Sourcetoad, and making sure passengers can watch TV and book dinner reservations in the middle of nowhere at OnDeck.

Previous Article
I help companies turn their technical ideas into reality.

CEO @Sourcetoad and @OnDeck

Founder of Thankscrate and Data and Sons

Author of Herding Cats and Coders

Fan of squash, whiskey, aggressive inline, and temperamental British sports cars.

Leave a Reply

Don’t Fall Into the Trap: Why Startup Software Development Isn’t Like Corporate Development

In Startups, Technology

So, you’ve left the corporate world, and now it’s time to build your own startup. You’ve probably managed dev teams before, overseen product launches, maybe even helmed some fancy project management tools that made everything run like a well-oiled machine. You’ve done this before, right? Not exactly. When it’s your startup, everything changes—and, as I’ll explain, if you assume it’ll work the same way, you’re heading for a few surprises.

Startup founders often fall into a dangerous trap when starting a software project from scratch: thinking it’ll be just like building software inside an established company. Here’s why it’s not—and some advice on how to navigate the differences.

1. Switching from Product Manager to Teacher

In an established company, a software team already has two things that give them a serious edge: an existing market and a deep understanding of the business. They’re working within a proven model. Developers in that environment know what questions to ask, can fill in gaps intuitively, and likely understand why they’re building what they’re building.

At a startup, however, your devs are going to need a whole lot more context. They’re not working with familiar requirements—they’re working with your vision, which may be abstract at this stage. If your development team doesn’t understand why something matters, it’s a recipe for ambiguity and frustration on both sides.

Advice: Think of yourself less as a product manager and more as a teacher. Your job is to make sure they understand the core problems, not just the features. Teach them why each requirement matters, help them visualize the end-user, and create that shared language for decision-making. It might feel tedious, but it’s essential to avoid future misalignment and expensive rewrites.

2. Beware of Perfectionism — It’s the Budget Killer

In a large company, products with an existing user base often have to be polished. Features need to be rock-solid, invoices have to be perfect, and everything needs an audit trail. Startups, however, have a different goal: get an MVP in the hands of users fast. It’s a classic trap for first-time founders—focusing on “perfection” and “polish” before knowing if the business model even works.

Startup perfectionism is budget poison. It’s shocking how quickly adding “nice-to-have” features can chew through funding, especially if you’re paying a dev team to build things like automated invoicing or churn management before you’ve even proven people want what you’re selling.

Advice: Ruthlessly strip down your MVP. If a feature doesn’t help you validate your market, it goes on the “later” list. Keep the scope laser-focused on what helps you test your business assumptions. Let the non-essential features wait until you know you have customers who’ll use them.

3. Zen and the Art of the Startup Pivot

Building software for a startup means embracing one cold, hard truth: the business model will change. According to research, 93% of successful startups pivot at least once (and often more). Imagine being asked to go out and passionately sell something that you know might not look the same next year—or next month. It takes a level of zen acceptance that your original idea will likely morph, but that’s what keeps you flexible and ready to capture new opportunities.

For founders, that requires a mindset shift. You have to believe in your product, while also knowing you might be building the “wrong thing” in some way. The focus should be on preserving capital and brainpower for what’s next. The game is less about proving you’re right and more about staying adaptable.

Advice: Budget with pivots in mind. Set your burn rate assuming you’ll need to make big changes. Don’t let ego get in the way of listening to the market, and keep enough gas in the tank for at least one big strategic turn.

4. The Hard Work of Being Your Own “Internal Customer”

Here’s another big one. In a corporate environment, you have internal customers—departments or stakeholders with specific goals that align with the overall company mission. For a startup, the only customer you have is you. You don’t have a preexisting feedback loop from various departments, and you don’t have established success metrics. You have to create that from scratch.

Advice: Start by building an internal customer profile based on your target market, then use that to set clear goals and success criteria for your dev team. If you’re focused on, say, usability for early adopters, set KPIs around usability testing and build from there. By acting as your own “internal customer,” you’re setting a clear direction and saving your team from working in a vacuum.

5. Get Ready to Build AND Sell

Corporate software development often has the luxury of a separate, dedicated sales team to deliver the product to the right audience. As a startup founder, you’re both the builder and the seller. That means you’re not just iterating on software—you’re iterating on messaging, product-market fit, pricing, and maybe even distribution models.

Advice: Factor in time for sales-ready iteration in your dev cycle. As you build, keep track of how each release or update affects the user experience. Ask yourself if the changes make your pitch clearer or simpler and how they align with the current market’s needs. Ultimately, this approach will help you bridge the gap between building the product and ensuring it’s market-ready.

Conclusion

Building software as a startup founder requires a whole different toolkit than you may be used to. You’re part-teacher, part-salesperson, part-zen master, and always the chief budget officer. By recognizing the unique mindset shifts and traps of startup software development, you’re positioning yourself—and your team—for the best chance of success. Focus on creating clarity for your team, set ruthless priorities, embrace change, and never lose sight of the fact that the first version is just the beginning. In the startup world, adaptability isn’t just a skill—it’s the entire game.