Notifications
Clear all
Topic starter
08/06/2026 5:05 pm
TL;DR: AI agents are already making API calls and transactions across clouds, and Strata Identity argues that OAuth 2.0, with delegation chains, token exchange, DPoP, PKCE, CAEP, and attribute-based authorization, is the most practical base for agentic identity today. The governance problem is not protocol absence but whether identity controls can operate at machine speed without losing traceability, revocation, or policy context.
NHIMG editorial — based on content published by Strata Identity: OAuth 2.0 as the foundation for agentic identity at machine speed
By the numbers:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
Questions worth separating out
Q: How should security teams govern AI agent access that moves across clouds and APIs?
A: Treat each agent as a delegated non-human identity, not as an application shortcut.
Q: Why do AI agents complicate traditional OAuth and IAM controls?
A: Because the actor can decide, delegate, and act faster than human review cycles can respond.
Q: What breaks when agent tokens are not proof-of-possession bound?
A: A stolen token becomes reusable anywhere the protocol accepts it, which turns interception into immediate downstream access.
Practitioner guidance
- Map every agent delegation chain Document the upstream identity, downstream API, and policy decision for every AI agent that can act on behalf of another actor, including cross-cloud hops and sub-agent handoffs.
- Bind tokens to proof of possession Prefer DPoP or equivalent cryptographic binding so captured access tokens cannot be replayed from a different device, runtime, or automation context.
- Enforce runtime revocation signals Wire location, behaviour, task boundary, and risk changes into continuous evaluation so access can be narrowed or removed before the delegation chain completes.
What's in the full article
Strata Identity's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step explanations of how OBO, token exchange, DPoP, PKCE, CAEP, and attribute-based authorization fit together in an agentic flow
- The specific way Maverics maps OAuth controls to multi-cloud agent behaviour and trust propagation
- The article's own framing of how OAuth should evolve for fully agentic AI, including inspectable delegation and intent-aware tokens
- Hands-on guidance for getting started with identity controls for AI agents in a lab environment
👉 Read Strata Identity's analysis of OAuth for AI agent identity and Zero Trust →
OAuth for AI agents: can existing controls keep up with machine speed?
Explore further
08/06/2026 7:05 pm
OAuth survives the move to agentic identity because delegation is already native to the protocol, but only if governance is updated around it. AI agents do not need a brand-new identity model to begin operating, but they do expose the limits of static trust and loose token handling. The field should stop asking whether OAuth is sufficient in the abstract and start asking whether existing controls can survive machine-speed delegation across trust domains.
A few things that frame the scale:
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, which shows the control gap is already established.
A question worth separating out:
Q: How do organisations know whether their agent identity controls are actually working?
A: Look for three signals: every delegation chain is traceable, runtime risk can change access mid-session, and revoked tokens stop working immediately across downstream APIs. If audits show gaps in any of those areas, the programme still relies on static trust assumptions rather than Zero Trust identity for agents.
👉 Read our full editorial: OAuth 2.0 as the foundation for agentic identity at machine speed
