Authentication protocols just turned AI agents into digital refugees
Every AI agent needs credentials to do anything useful, but we're still treating them like humans filling out forms.
AI agents can write code, analyse spreadsheets, and book your holidays. But they can’t log into your CRM without you typing a password. We’ve built sophisticated reasoning systems that fail at the most basic task: proving who they are.
The authentication gap is getting embarrassing
Most web apps still have no structured way for an agent to register. They expect a human to click through OAuth flows, fill out forms, and solve CAPTCHAs. Meanwhile, agents sit there waiting for credentials like digital Oliver Twist asking for more gruel.
WorkOS’s auth.md proposal is a step in the right direction. A simple Markdown file that tells agents which flows they can use and how to get proper credentials. But it highlights how backwards our current setup is.
We’re solving the wrong problem
The real issue isn’t technical standards. OAuth already works fine. The problem is conceptual. We’re still thinking about agents as fancy browser automation tools instead of first-class digital citizens.
Every major platform talks about AI integration while maintaining authentication systems designed for humans. It’s like building wheelchair ramps that only work if you can walk up them first.
Until we fix this, AI agents will remain expensive assistants that need constant hand-holding. The future of autonomous software is being held hostage by login forms.