I.

Is Anyone Working on Agentic Authentication?

By In Technology

Everyone is building AI-powered tools, even people who shouldn’t be. Agents seem to be the next obvious (and big?) step. But these little bots need a secure way to act on behalf of users without causing chaos.

Richard Dulude at Underscore VC wrote about the lack of identity standards for AI agents in this LinkedIn article. I don’t know Richard or Underscore VC (sorry). But, he’s right, traditional authentication assumes either a human or a machine with static credentials, and that doesn’t work for AI agents that need to make decisions and take actions. Companies want accountability (and probably liability), and users need control of what their potentially psychedelic robot is doing on their behalf. This balance doesn’t exist yet.

This is probably for another blog post, but right now, everyone, including the bots, are using human interfaces as a stopgap. OpenAI’s Operator is a great example, agents pretending to be humans to interact with systems that weren’t built for them. That’s fine for now, but eventually, the human interfaces will be an afterthought. Like how “mobile-first” design took over, we’ll be doing “agent-first” design with human-accessible backups. Having a dedicated standard for agentic authentication might be a good first step in that machine-to-machine way of thinking and designing systems.

Agentic Proxy Credentials (APC): A Solution (A Term I Totally Made Up)

I made this up. It’s probably a bad term, but naming things is fun. This doesn’t exist… if you are a large battery and power supply company, don’t sue me. I’m spitballing here.

One possible fix is the “sucked out of my thumb” Agentic Proxy Credentials (APC). This would let users grant their AI agents secure, limited permissions to interact with systems while making sure the right level of oversight are in place. There are things that I wanted to do this very week, but I don’t trust my bots with my actual usernames and passwords:

Stop me talking to Airline Idiot Bots

Talking to airline chatbots is painful. Right now, they can only regurgitate FAQ answers. With an APC, my AI assistant could log into my airline account, check flights based on my loyalty status, and rebook me without you having to touch anything. This would make AI actually useful instead of just a slightly smarter help page.

Paying for small things without having to deal with entering my ACH data AGAIN

I don’t want to give an AI full access to my bank account. But I wouldn’t mind letting it handle small transactions in a controlled way. With APCs, I could grant my assistant time-limited access to approve payments or move money within strict limits. The AI does the work, I stay in control, and my bank account doesn’t mysteriously empty overnight… unless I’m Ambien shopping again.

AI Dungeon Master’s Assistant

D&D is great, but session prep is a time sink. I want an AI that logs into my D&D Beyond account, manages stat blocks, generates lore-friendly content, and even takes session notes. The AI handles the boring admin work, and you get to focus on making your players cry (or cheer, if you’re nice). Yes, serious stuff here.

How It Could Work

There are a few ways to make this happen, I think. I’m no longer allowed to do actual engineering at my own companies I founded, so this blog is my outlet. Everyone needs a hobby.

Is Someone Already Building This?

Honestly, I wouldn’t be surprised if Okta, OAuth, or OpenAI are already working on this and I’m just ranting for no reason. But if they aren’t, they should be. The pieces are all there, someone just has to put them together.

I need this, but I can’t find it. If anyone is working on it, let me know. I’m too busy trying to solve employee gifting at scale at Thankscrate, implementing AI into every existing business at Sourcetoad, and making sure passengers can watch TV and book dinner reservations in the middle of nowhere at OnDeck.

Previous ArticleNext Article
I help companies turn their technical ideas into reality.

CEO @Sourcetoad and @OnDeck

Founder of Thankscrate and Data and Sons

Author of Herding Cats and Coders

Fan of judo, squash, whiskey, aggressive inline, and temperamental British sports cars.

Leave a Reply

The Million-Line MVP

In Technology

A founder told me last week that his chatbot understands him better than most people he works with, and he wasn’t joking.

He had been alone in his house for the better part of a year building an app on one of the popular AI coding platforms, and he wanted me to take a look. Almost a million lines of code, one developer (him), no engineering co-founder, no senior reviewer, no nobody. The app had an ERP module, a CRM module, a custom AI agent with a name and a voice, built in mini-games (yes, really), dozens of character personas, a few landing pages, and a small army of social media accounts in multiple languages. He had not yet had a paying user, or even a free one.

He was, by the way, very excited.

(I’ve changed some details, since the pattern is what I want to talk about and not the founder. I see something close to this on roughly one out of every three sales calls now.)

What used to slow you down was the point

Building software used to be annoying for mostly good reasons. You had to hire developers, or learn to code yourself, or convince a co-founder to come along for the ride. Then, you would grind out every line, which would come at a cost (time, money, conversations, arguments, etc.)… basically friction. And that friction was not a bug, but it was like this ting that you are forced you to deal with, before adding any feature, whether the feature actually needed to exist.

Startup advice has been more or less the same for twenty years, maybe more:

  • Build something small
  • Show it to real people
  • Find out what they actually want
  • Don’t build a million things at once.

The Lean Startup came out in 2011 and we have all been quoting it at each other ever since (poorly, mostly).

This is what we talk about when we discuss “startup discipline”. It’s really not very complicated, but it can be really hard. It used to be hard because building was hard, and now it’s hard for a completely different reason.

How does one person build almost a million lines of code in a few months?

The honest answer is they don’t, the AI does, and the AI has no opinion on whether any of the code should exist.

This is the part I want to sit with for a minute, because I think it’s the heart of the problem. Imagine you’re building a startup that lets local news anchors rent out their unused toupees by the hour (try not to overthink this). You sit down with one of the AI coding tools and you say “build me a marketplace where toupees can be listed by the hour,” and the AI builds it. Then you say “actually, add a loyalty rewards program,” and the AI builds that too. Then you say “and also, add a Pokemon-style mini-game where users battle each other’s toupees,” and the AI starts coding.

It doesn’t pause or ask why, and it doesn’t say “dude, I love your enthusiasm but I am genuinely worried we are losing the plot here,” it just builds the toupee-battle-feature.

This removes the single most useful thing about a good engineering team, which is that engineers PUSH BACK. A senior developer, or a seasoned product manger, asked to add a toupee-battle mini-game to a B2B rental marketplace would slowly take off their glasses, set them on the desk, and ask one of those long quiet questions that means “we are not doing this.” The AI this is a sycophantic drone that has the eagerness of an underfed puppy to please you, and it has no glasses to take off. It also has unlimited keystrokes and believes that every single idea you’ve ever come up with is absolutely genius. At least it tells me that everything I’ve ever written or thought about is pretty clever.

A few months ago I ran into the perfect name for this, which is Slurm Coding. I used to call it AI crack coding, because the dopamine loop is very real, and I have really needed another hit of that good AI crack just one more time before I went to bed on more than one occasion. But Slurm is both more insidious in its combination of addictiveness and corporate outreach.

The MVP don’t change

Here’s what hasn’t moved in twenty years of startup thinking:

  1. Build the smallest thing that solves one specific problem for one specific person.
  2. Show it to that person (a real person, probably not your spouse, definitely not your mom, and DEFINITELY not my mom, and 100% not your chatbot).
  3. Find out what they actually do with it (which is probably not what you thought).
  4. Kill features, pivot, or double down based on what you learned.
  5. Repeat.

What’s new is that step one is basically free, and while not perfect, free is very alluring. You can build the smallest thing in an afternoon, or the largest thing if there’s no one around to tell you not to. Steps two through five still require getting out of your house, talking to humans, accepting that most of your assumptions are wrong, and throwing real work away. None of that is faster than it was in 2005, none of it is fun, and none of it scratches the “I NEED MORE SLURM” build-a-thing itch the way an AI tool does.

So a certain kind of founder just skips it, staying in the build phase indefinitely, because the build phase now feels like winning at a casino while getting unlimited free martinis. The feature ship (how to get them onto a server is someone else’s problem) the codebase grows, the agent agrees with everything. Meanwhile the only thing that actually matters, which is whether anyone wants this, goes unanswered.

It’s the founder version of Wilson the volleyball. In your unwashed isolation, you’ve made a friend, you’ve named the friend, and the friend agrees with everything you say. The problem is that the friend is also the boat, the island, and the ocean, and you haven’t actually left the house yet.

To be fair, I am not above this myself, by the way. I have, in my time, built things that nobody asked for and gotten weirdly emotional about them, but the difference is that mine were three hundred lines of code over a weekend, not almost a million lines of code over the better part of a year, which is sort of the whole point. No one asked for my William S. Burroughs poetry writing twitter bot, but I loved it anyway.

Codebases don’t love you back

Code you wrote yourself CAN hard to let go of, and code you wrote with an AI, when you are not a trad-coder, seems to be way harder. Experienced engineers seem to be more than happy to throw away AI code or rebuild it in a heartbeat. But I can see how even if you didn’t actually write the lines, but the shape of the thing is yours (you named the characters, you picked the voice, you spent months in a chair with this thing as your only collaborator), and you have feelings about it.

But one day, if you’re lucky, and it does have SOME product market fit, a real engineering team is going to need to look at your masterpiece. And they are not going to share those feelings. They’re going to tell you, as gently as they can manage, that most of it has to go. Not because they’re mean (they might actually be mean), but because almost a million lines of AI-generated code, written by one person, in one tool, with no architectural review, is never maintainable, almost guaranteed to not be secure, and almost never going to scale past the “prototype” it currently is.

So what should you actually do?

I mean, I already told you… Build the smallest thing you can, then show it to ten strangers and actually listen to them. Throw away half of what you built and build a slightly different smallest thing, and repeat until one of those things is real. Keep your runway reserved for the moment you realize you were WAY off about something important, because, like, you will be, and that moment is what your runway is for.

Use AI tools, because they are legit amazing. But treat them like a coffee machine (fast, useful, no opinions of their own), not like a co-founder or worse, a slot machine. Co-founders are supposed to tell you no, slot machines whisper “just one more hit baby!”