← Back to Blog

The Agent Auth Gold Rush: Why Every Security Vendor Is Scrambling at Once

Jonah Schwartz·

Something interesting happened this past week. Okta shipped agent discovery features to catch shadow AI. Proofpoint acquired Acuvity to "secure the agentic workspace." ScaleKit published a breakdown of Auth0's new agent auth capabilities. Microsoft blogged about on-behalf-of flows for multi-agent systems. And MCP quietly made OAuth 2.1 mandatory for remote servers.

That's five major moves in agent auth — in a single week.

We're officially in the agent auth gold rush. And like every gold rush, most of the people scrambling are bringing the wrong tools.

The Retrofit Problem

Here's what's actually happening: enterprise security vendors built their entire stack around a simple assumption — humans use software, and software needs to verify humans. OAuth, SAML, OIDC, MFA — all of it was designed for a person sitting at a keyboard.

Now AI agents are acting autonomously. They're making API calls, accessing data, executing workflows — and they're doing it on behalf of humans but without humans in the loop. The authentication model that worked for 20 years just... doesn't fit.

So what do the incumbents do? They retrofit. Okta bolts agent discovery onto their existing Identity Security Posture Management. Auth0 extends their machine-to-machine flows with agent-flavored APIs. Microsoft layers OBO token chains through Entra ID. Proofpoint straight up acquires a startup (Acuvity) because they couldn't build it fast enough internally.

Each of these moves makes sense in isolation. But zoom out and you see the pattern: nobody designed for this. They're all scrambling to adapt systems that were built for a world where software didn't have agency.

Detection vs. Prevention

The most telling move is Okta's. Their new agent discovery feature monitors OAuth consent events through a browser plugin to find "unsanctioned" AI agents in your org. It's essentially a surveillance layer — find the agents that went rogue, then figure out what to do about them.

We wrote about this last week: shadow agents exist because auth is too hard, not because developers are malicious. Detecting rogue agents after they've already been granted OAuth tokens is like installing a security camera after the break-in. Useful for forensics, but it doesn't prevent the next one.

The actual fix is making proper auth so easy that developers never go shadow in the first place. One API call to create a grant. User approval as the gate. No API keys, no client secrets, no OAuth dance tutorials. Just: "Hey user, this agent wants read access to your GitHub repos. Yes or no?"

The On-Behalf-Of Trap

Microsoft's approach is instructive too. Their blog post walks through implementing Entra ID On-Behalf-Of flows in a LangGraph multi-agent system. The goal is solid — agents should act as the authenticated user, preserving all RBAC policies. But the implementation? It's a maze of token exchanges, middleware chains, and enterprise configuration that would make any startup developer close the tab.

This is the trap of building agent auth on top of enterprise identity infrastructure. You get correctness at the cost of accessibility. A 3,000-word blog post explaining how to wire up OBO flows for a two-agent system is a signal, not a solution. It means the abstraction is wrong.

Agent auth should be boring. The developer shouldn't need to understand token chains. They should call an API, get a token that works, and move on. The complexity should be invisible.

What MCP Got Right (and What's Still Missing)

MCP mandating OAuth 2.1 for remote servers matters. It means the ecosystem is converging on a standard — no more custom auth schemes per tool server. Every MCP client that talks to a remote server will speak OAuth.

But mandating a protocol isn't the same as solving the problem. OAuth 2.1 tells you how to exchange tokens. It doesn't tell you how to handle user consent, scope selection, token lifecycle, revocation, or audit trails. Those are product problems, not protocol problems.

Think of it this way: HTTPS is mandatory for the web. That doesn't mean every website is secure. The protocol is necessary infrastructure, but the trust layer — the thing that makes users actually confident in what's happening — sits above it.

Purpose-Built Beats Bolted-On

Every major security vendor is now racing to add agent auth capabilities. That's validation — the market is real. But there's a fundamental difference between adding agent support to an existing identity platform and building an agent-first auth layer from scratch.

When you retrofit, you inherit constraints. Your data model assumes human users. Your consent flows assume browsers. Your token lifecycle assumes session-based interactions. Every agent-specific feature is a special case bolted onto a system that wasn't designed for it.

When you build purpose-built, agents are the primary citizen. The entire UX is designed around the question: "Should this agent have this access?" The API is one call. The consent page is human-readable. The token has a clear scope, a clear expiry, and a clear audit trail. Revocation is instant — or as instant as the provider allows.

That's what we're building at TapAuth. Not another identity platform with an agent checkbox. The trust layer between humans and AI agents. One API call to connect any OAuth provider. User approval as the only gate. Full visibility into what every agent can access and when.

What Happens Next

The gold rush is just starting. Over the next six months, expect every identity vendor to ship an "agent auth" feature. Most will be incremental — new scopes, new token types, new dashboards bolted onto existing platforms.

But the teams that win won't be the ones that moved fastest from legacy infrastructure. They'll be the ones that understood, from day one, that agent auth is a different problem entirely. Not "machine-to-machine with extra steps." Not "OAuth but for bots." A new trust relationship between humans and autonomous software that requires a new kind of product.

The tools the gold miners brought to California were designed for farming. They worked, barely, until purpose-built mining equipment arrived. That's where agent auth is right now. The farmers are showing up with shovels. We're building the excavator.