Episode 170 - GluuFederation/identerati-office-hours GitHub Wiki
Title: You're Thinking About Agent Authorization Wrong
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Jake Moshenko
Channels
Description
AI agents are becoming central to enterprise workflows, but the protocols underlying them offer little guidance on authorizing agent actions. As opposed to traditional software, which follows predefined, static rules, AI agents are autonomous. They make decisions, adapt to changing conditions, delegate work to other agents, and coordinate actions over time. Over the past year, several protocols have emerged that aim to standardize how agents interact with tools and with each other. However, while communication is being standardized, authorization remains largely undefined. Jake Moshenko, CEO of AuthZed will tell you what the status quo about Authorization for Agents is, and why we may need to rethink that.
Homework
- TheNewStack article: Why AI Agents Need Their Own Identity, Not Yours
- AuthZed Blog: Agentic AI is not Secure
- CloudCast: AuthZ in the age of Agents
Takeaways
-
β‘ Move enforcement as close to the data as possible!
-
β‘ Agents impersonating a human, even if that impersonation is "attenuated" (i.e. a subset of the human's access rights), open a Pandora's box of dangerous unforseen consequences.
-
β‘ Graph engines typically answer reachability questions like βIs there a path from subject to resource with a valid relation?β. Graphs are really good for answering questions like "Who can do what?". This is made even faster by a feature AuthZed calls "Materialize", which consumes the entire graph, computing all the endpoints.
-
β‘ Jake thinks graphs are more developer-friendly, and that the majority of security questions developers need to enforce are decided based on the relationship of the entities interacting. He questions why developers would want to learn another programing language or syntax for authorization (e.g. Rego or Cedar).