We’re entering the age of agentic AI — where software agents, not just users, are taking action on our behalf.
With standards like the Model Context Protocol (MCP) are making this more seamless by letting agents access tools and services in a structured, context-aware way. But here's the catch: most existing authorization models weren’t built for this kind of actor.
OAuth, role based access control (RBAC), and traditional session-based models assume a user is behind every request. With agentic systems, intent is often delegated, context can shift dynamically, and agents might act across boundaries we didn’t originally model. Who's responsible? What are they allowed to do? And how do we reason about trust when the actor isn't a person?
We need to start thinking beyond human-centric auth — and my co-worker Bobby’s post, "Agentic Access Is Here. Your Authorization Model Is Probably Broken.", makes a great case for why.
Give it a read and let me know what you think!
Agentic Access Is Here. Your Authorization Model Is Probably Broken. - The New Stack
The new MCP access control model fundamentally can’t measure up to the speed, scope and nondeterminism of AI agent-based access control.
thenewstack.io
Places you can connect with us:
Photo by Igor Omilaev on Unsplash
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.