 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
AI agents are becoming increasingly popular, handling everything from booking appointments and making personalized recommendations to managing critical processes like financial forecasting. But without the proper guardrails, they can quickly act beyond what’s intended. Identity and access management (IAM) tools must step up and adapt.
Early generative AI interactions were simpler to manage and contain, sticking to request-response models. Now, developers are building more complex, goal-driven systems where AI agents can take directives, reason through the tasks required to complete them and execute them independently on the user’s behalf. As evidence of this, tools like AutoGPT (an open source project using OpenAI’s GPT to perform goal-based tasks autonomously) are rapidly gaining popularity.
Open-source experiments like AutoGPT, which simplify creating and managing AI agents, have attracted significant developer interest, growing to over 100,000 stars on GitHub.
Traditional web applications rely heavily on users manually navigating complex frontend interfaces to perform tasks. However, AI agents and advanced APIs enable applications to communicate and interact programmatically, revolutionizing the user experience by finding information and performing tasks in a fraction of the time.
An AI agent in the wild: the Ramp Tour Guide demonstrates its app’s functionality based on users’ questions.
Because of this, the web is expected to become significantly more “API-ified” — moving from a world where only a small subset of apps expose programmatic functionality to one where users can connect their increasingly intelligent and capable AI agents to a huge variety of products and services.
User interfaces could provide a similar consent screen to OAuth with granular options targeting AI agents.
As AI agents continue to gain traction, their integration into personal and business workflows presents two primary scenarios:
The autonomous nature of these AI agents means they can perform actions independently. Most consumers and businesses are wary of granting unrestricted access to AI agents due to the potential for errors or misuse. These actions can harm the user and the application, leading to potential security breaches, financial losses, and reputational damage.
The autonomous decision-making capabilities of AI agents require a new approach to authentication and authorization models to mitigate these risks.
Traditional models that implement user accounts with standard authentication (passwords, 2FA, OTP codes, biometrics, etc.) and assign permissions using authorization like role-based access control (RBAC) are designed with human users in mind. This doesn’t work for AI agents: you don’t want to give your account credentials to each AI agent you use and grant it a blank check to perform any action that you would be able to take based on the access or roles you have been given.
The key challenges in securing AI agent interactions include ensuring that only authorized agents can access applications, preventing misuse or abuse of granted permissions, and maintaining the integrity and confidentiality of data exchanged.
For BYO agents, precise scopes and permissions that are separate from those of the user who owns the AI agent are required to function securely and grant the user peace of mind. Users should be able to manage these scopes and decide what the AI agent can read, write, or execute within an application.
Machine-to-machine (M2M) authentication with precise scoping and monitoring should be implemented to manage interactions between AI agents and APIs securely.
OAuth2’s client credentials grant is particularly suited for M2M authentication. It provides a secure and standardized way for applications to authenticate and authorize AI agents, granting them access tokens that specify the allowed actions and scopes.
JWT (JSON Web Tokens) also plays a crucial role in M2M authentication by providing a secure and compact means of representing claims between two parties so that the data exchanged is authenticated and tamper-proof.
A model for implementing existing M2M authentication technologies for AI agents effectively would look something like this:
Open-source experiments like AutoGPT, which simplify creating and managing AI agents, have attracted significant developer interest, growing to over 100,000 stars on GitHub.
By leveraging M2M authentication, applications can ensure that AI agents operate within their individually defined boundaries and maintain security and compliance, all while enabling powerful programmatic interactions. This approach enhances security and facilitates the seamless integration of AI agents with a broad spectrum of applications.
AI agents are being developed today and will continue to proliferate. Understanding these emerging AI workflows and their implications for authentication (AuthN) and authorization (AuthZ) is crucial if IAM and CIAM technologies are to ensure a secure and productive AI-driven ecosystem.
Existing M2M authentication provides a solid foundation for addressing the many challenges of custom AI agents by ensuring that interactions between applications and AI agents are secure, authenticated, and authorized, leveraging advanced frameworks and protocols. However, this is just the beginning.
To keep pace with the rapid evolution of AI agents, it’s crucial to update and expand authentication policies beyond today’s protocols. Authentication providers must be ready to build on their existing technologies with user-friendly interfaces that keep users in the loop and control the autonomous AI agents representing them in business, social, and other critical interactions in their digital lives.
