TL;DR: Bearer tokens passed between autonomous agents can be logged, replayed, and reused at machine speed, turning one compromised handoff into thousands of API calls, according to Strata Identity. The governance break is that possession-based access assumes a stable bearer, while agent chains make the token the only thing that stays alive.
NHIMG editorial — based on content published by Strata Identity: Everyone’s grabbing and nobody’s checking IDs
Questions worth separating out
Q: How should security teams prevent bearer token replay in agent workflows?
A: They should stop forwarding the same token across agents and services.
Q: Why do bearer tokens become more dangerous in autonomous agent systems?
A: Because agents move credentials faster and more often than humans do, and the token can outlive the actor that used it.
Q: What do organisations get wrong about proof-of-possession for tokens?
A: They often treat it as a narrow technical enhancement instead of a governance boundary.
Practitioner guidance
- Replace bearer forwarding with token exchange Issue a new downstream token at each hop and reduce scope at every exchange so no agent forwards the original credential unchanged.
- Bind tokens to a proof-of-possession key Require DPoP or an equivalent binding mechanism so a copied token cannot be replayed without the corresponding private key.
- Remove credentials from debug paths and memory dumps Treat logging, tracing, and crash capture as hostile to secrets by default.
What's in the full article
Strata Identity's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step comparison of bearer token handling versus proof-of-possession binding in agent workflows
- Token exchange patterns that reduce scope at each hop and limit downstream privilege
- Practical sandbox tests for replay attempts, stale token reuse, and agent impersonation
- Implementation examples for blocking token leakage through logs, memory dumps, and debug tooling
👉 Read Strata Identity's analysis of bearer token risk in autonomous agent systems →
Bearer tokens at agent scale: what changes for IAM teams?
Explore further
Bearer token reuse is an identity governance failure, not just a transport flaw. In autonomous agent systems, the credential is moved more often than the actor can be reviewed, which makes possession-based access structurally unsafe. The important point is not that tokens leak, but that the model assumes the bearer remains trustworthy after every hop. That assumption fails when the token itself becomes the most reusable object in the chain, so practitioners must treat bearer design as a governance decision, not an implementation detail.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Should teams use bearer tokens at all for autonomous agents?
A: Only as a temporary exception, and only when the token is tightly scoped, bound to a key, and exchanged at every hop. For most autonomous workflows, reusable bearer credentials create too much replay and delegation risk. The safer pattern is constrained downstream access, not portable authority.
👉 Read our full editorial: Bearer tokens fail at agent scale without proof of possession