Friday, 17 Jul 2026
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
logo logo
  • World
  • Politics
  • Crime
  • Economy
  • Tech & Science
  • Sports
  • Entertainment
  • More
    • Education
    • Celebrities
    • Culture and Arts
    • Environment
    • Health and Wellness
    • Lifestyle
  • 🔥
  • Trump
  • House
  • White
  • ScienceAlert
  • VIDEO
  • man
  • Trumps
  • Season
  • star
  • Years
Font ResizerAa
American FocusAmerican Focus
Search
  • World
  • Politics
  • Crime
  • Economy
  • Tech & Science
  • Sports
  • Entertainment
  • More
    • Education
    • Celebrities
    • Culture and Arts
    • Environment
    • Health and Wellness
    • Lifestyle
Follow US
© 2024 americanfocus.online – All Rights Reserved.
American Focus > Blog > Tech and Science > The authorization problem that could break enterprise AI
Tech and Science

The authorization problem that could break enterprise AI

Last updated: March 17, 2026 11:56 am
Share
The authorization problem that could break enterprise AI
SHARE

Contents
How 1Password became central to the agent identity issueDevelopers facing significant security risksWhy coding agents differ from traditional security scannersAuthentication is straightforward, but authorization presents challengesAt a billion users, edge cases become significant

When an AI agent accesses your CRM, retrieves database records, and sends emails on your behalf, whose identity is being used? And what are the implications if no one knows the answer? Alex Stamos, chief product officer at Corridor, and Nancy Wang, CTO at 1Password, explored the new identity framework challenges associated with agentic AI during the VB AI Impact Salon Series.

“At a high level, it’s not just who this agent belongs to or which organization this agent belongs to, but what is the authority under which this agent is acting, which then translates into authorization and access,” Wang said.

How 1Password became central to the agent identity issue

Wang outlined how 1Password found itself at the forefront of the agent identity issue through its product evolution. Initially a consumer password manager, the company expanded its enterprise presence organically as employees introduced the trusted tool into their workplaces.

“Once those people got used to the interface, and really enjoyed the security and privacy standards that we provide as guarantees for our customers, then they brought it into the enterprise,” she said. The same trend is emerging with AI, she added. “Agents also have secrets, or passwords, just like humans do.”

Within 1Password, the company manages the same tension it helps its customers with: enabling engineers to move quickly without compromising security. Wang mentioned the company closely monitors the ratio of incidents to AI-generated code as engineers utilize tools like Claude Code and Cursor. “That’s a metric we track intently to make sure we’re generating quality code.”

See also  Can We Trust Our Eyes Anymore? The Dark Side of Apple's New AI Clean Up Tool : ScienceAlert

Developers facing significant security risks

Stamos highlighted a common behavior observed by Corridor: developers inserting credentials directly into prompts, which poses a major security threat. Corridor identifies such instances and redirects developers towards proper secrets management practices.

“The standard thing is you just go grab an API key or take your username and password and you just paste it into the prompt,” he said. “We find this all the time because we’re hooked in and grabbing the prompt.”

Wang explained 1Password’s strategy of focusing on the output by scanning code as it is written and securing any plain text credentials before they are saved. The ease of cut-and-paste access is a significant factor in 1Password’s design philosophy, which aims to minimize friction in security tools.

“If it’s too hard to use, to bootstrap, to get onboarded, it’s not going to be secure because frankly people will just bypass it and not use it,” she said.

Why coding agents differ from traditional security scanners

Another challenge in creating feedback between security agents and coding models is dealing with false positives, which large language models are prone to. These false positives from security scanners can disrupt an entire coding session.

“If you tell it this is a flaw, it’ll be like, yes sir, it’s a total flaw!” Stamos said. But, he added, “You cannot screw up and have a false positive, because if you tell it that and you’re wrong, you will completely ruin its ability to write correct code.”

This tradeoff between precision and recall is fundamentally different from what traditional static analysis tools aim for, requiring significant engineering to achieve the necessary latency, on the order of a few hundred milliseconds per scan.

See also  SpaceX gets FCC approval to launch 7,500 more Starlink satellites

Authentication is straightforward, but authorization presents challenges

“An agent typically has a lot more access than any other software in your environment,” noted Spiros Xanthos, founder and CEO at Resolve AI, during an earlier session at the event. “So, it is understandable why security teams are very concerned about that. Because if that attack vector gets utilized, then it can both result in a data breach, but even worse, maybe you have something in there that can take action on behalf of an attacker.”

How can autonomous agents be given scoped, auditable, time-limited identities? Wang mentioned SPIFFE and SPIRE, workload identity standards for containerized environments, as potential candidates being tested in agentic contexts, though she admitted the fit is not perfect.

“We’re kind of force-fitting a square peg into a round hole,” she said.

However, authentication is only part of the equation. Once an agent has a credential, what actions is it permitted to take? The principle of least privilege should be applied to tasks, not roles.

“You wouldn’t want to give a human a key card to an entire building that has access to every room in the building,” she explained. “You also don’t want to give an agent the keys to the kingdom, an API key to do whatever it needs to do forever. It needs to be time-bound and also bound to the task you want that agent to do.”

In enterprise environments, granting scoped access alone is insufficient; organizations must also track which agent acted, under what authority, and what credentials were used.

See also  Spotify responds to backlash over public podcast play counts

Stamos identified OIDC extensions as the leading contender in standards discussions, while dismissing the numerous proprietary solutions.

“There are 50 startups that believe their proprietary patented solution will be the winner,” he said. “None of those will win, by the way, so I would not recommend.”

At a billion users, edge cases become significant

On the consumer front, Stamos anticipated that the identity problem would consolidate around a few trusted providers, likely the platforms already central to consumer authentication. Reflecting on his tenure as CISO at Facebook, where the team managed approximately 700,000 account takeovers daily, he redefined the impact of scale on edge cases.

“When you’re the CISO of a company that has a billion users, corner case is something that means real human harm,” he explained. “And so identity, for normal people, for agents, going forward is going to be a humongous problem.”

Ultimately, the challenges CTOs face with agent identity arise from incomplete standards, makeshift tools, and enterprises deploying agents more rapidly than the frameworks designed to govern them. The solution requires constructing identity infrastructure tailored to agents, rather than modifying systems that were developed for their human creators.

TAGGED:authorizationBreakEnterpriseproblem
Share This Article
Twitter Email Copy Link Print
Previous Article Full entry list for Sport Clips Haircuts VFW Help a Hero 200 at Darlington Raceway Full entry list for Sport Clips Haircuts VFW Help a Hero 200 at Darlington Raceway
Next Article Brown Handbags Are Back for Another Season–Shop the Best Ones Here Brown Handbags Are Back for Another Season–Shop the Best Ones Here
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

Popular Posts

LGBTQ research, ACIP on vaccines: STAT Morning Rounds

New Recommendations on Covid Shots Last week, the Centers for Disease Control and Prevention’s vaccine…

September 22, 2025

Help! I’m Extremely Sunburned—Now What?

As a fair-skinned individual, I have always been diligent about protecting my skin from the…

June 30, 2025

Lunar Swirls Arise from Ancient Underground Force Fields on the Moon

The moon has always been a source of fascination for humanity, with its mysterious and…

September 6, 2024

Major US Cities on Alert After US Airstrikes on Iranian Nuclear Facilities

Originally published by The Epoch Times: Major US Cities on Alert Following US Airstrikes on…

June 30, 2025

Alfred Molina on ‘The Boroughs’ Spoilers, ‘Spider-Man: Brand New Day’

SPOILER ALERT: This story contains spoilers from “The Boroughs,” now streaming on Netflix. Alfred Molina…

May 23, 2026

You Might Also Like

U.S. cities have the worst air quality in the world right now—here’s how to stay safe
Tech and Science

U.S. cities have the worst air quality in the world right now—here’s how to stay safe

July 17, 2026
Key Reason to Buy Pixel 11 is Hidden in the Camera Flash – Tech Advisor
Tech and Science

Key Reason to Buy Pixel 11 is Hidden in the Camera Flash – Tech Advisor

July 17, 2026
San Francisco mayor pushes for tougher rules after the Waymo traffic fiasco
Tech and Science

San Francisco mayor pushes for tougher rules after the Waymo traffic fiasco

July 17, 2026
Your Longevity May Be Shaped Before You’re Even Born, Study Reveals : ScienceAlert
Tech and Science

Your Longevity May Be Shaped Before You’re Even Born, Study Reveals : ScienceAlert

July 16, 2026
logo logo
Facebook Twitter Youtube

About US


Explore global affairs, political insights, and linguistic origins. Stay informed with our comprehensive coverage of world news, politics, and Lifestyle.

Top Categories
  • Crime
  • Environment
  • Sports
  • Tech and Science
Usefull Links
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA

© 2024 americanfocus.online –  All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?