AI Agent Identity and Permission Challenges: How Uber and Auth0 Are Rethinking Access Control

2026-06-17 · Source: InfoQ · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Advanced, short

Summary

Uber and Auth0 are addressing the complex challenge of access control for AI agents, which do not fit traditional human or backend service models. Uber recently detailed an internal architecture designed to propagate agent identity across multi-agent AI workflows, preserving originating user context, agent provenance, and scoped access. This system extends Uber's Zero Trust framework, incorporating an Agent Registry, AI Agent Mesh, Security Token Service, and MCP Gateway. A key design involves agents requesting short-lived, single-hop JSON Web Tokens (JWTs) for each step, conceptually based on OAuth 2.0 Token Exchange, to carry an "actor chain" of participants. This ensures downstream systems can evaluate both human and agent identities for authorization. Auth0 complements this by advocating for capability-scoped permissions, task-scoped credentials, and layered enforcement to limit the blast radius of agent actions. Uber's system, adopted by thousands of internal agents, maintains P99 latency below 40 milliseconds for token exchange, demonstrating scalability.

Key takeaway

For AI Architects or Security Engineers designing access control for agentic systems, you must move beyond traditional user or service account models. Implement a per-hop identity propagation mechanism, like Uber's actor chain and short-lived tokens, to ensure granular authorization and auditability. This limits the blast radius of agent errors. It also provides clear provenance for every action, crucial for security and compliance in complex multi-agent workflows.

Key insights

AI agents demand a unique access control model centered on delegated authority, scoped credentials, and explicit provenance, distinct from human or service accounts.

Principles

• Agents require permission models separate from human/service accounts.
• Propagate identity and provenance across multi-agent workflows.
• Utilize short-lived, capability-scoped credentials per hop.

Method

Uber's architecture employs an Agent Registry, Security Token Service for per-hop JWTs (minutes TTL), and an MCP Gateway for tool access and data redaction, conceptually based on OAuth 2.0 Token Exchange.

In practice

• Implement per-hop token exchange for agent actions.
• Track agent provenance using an "actor chain" in tokens.
• Automate identity propagation via a standardized client.

Topics

• AI Agent Identity
• Access Control
• Zero Trust Architecture
• JSON Web Tokens
• Multi-Agent Systems
• OAuth 2.0 Token Exchange

Code references

• a2aproject/A2A

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Architect, AI Security Engineer, MLOps Engineer

Related on AIssential

• Agentic Trust: Securing AI Interactions with Tokens & Delegation — Securing agentic AI systems requires robust identity, authentication, authorization, and secure propagation mechanisms.
• Identity for AI Agents - Patrick Riley & Carlos Galan, Auth0 — New Auth0 features enable secure identity and fine-grained authorization for AI agents, addressing emerging security challenges.
• Identity Is the New Perimeter: Managing AI Agents As Digital Actors — Identity-first security is crucial for managing autonomous AI agents in distributed digital infrastructures.
• AI Agents Have an Identity Complex With Jeff Malnick — AI agents' reasoning capabilities necessitate dynamic, just-in-time identity and authorization beyond traditional static permission models.
• Prevent agentic identity theft — Local AI agents pose significant security risks due to broad system access, necessitating robust identity verification and access controls.
• Agentic Runtime Security Explained: Securing Non‑Human Identities — Agentic AI security demands dynamic, non-human identity management to prevent widespread vulnerabilities.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by InfoQ.