Microservices and AI agents are not the same thing. And just because you introduce an LLM doesn’t make a microservice an AI agent. Not realizing this will lead to catastrophic security and infrastr...

MCP’s Authorization Spec builds heavily around OAuth 2.1 authorization code grant, but the more dynamic AI agent and MCP systems get, the more we need something that is built to live in this new wo...

The best thing about being on the frontline of large enterprises adopting AI agents and MCP tools at scale is we get to see real, practical challenges. AWS Agentcore is a popular platform for deplo...

Enterprise adoption of MCP still has problems. How do you govern its usage? Especially when developers are willy-nilly installing stdio MCP servers on their machines. » BTW « we should be restricti...

OAuth has evolved a lot since 2012 with many “lessons learned”. AAuth (Agent Auth) is an attempt to bring those lessons together for AI agents. AAuth is an exploratory spec from Dick Hardt (Author/...

If you’re building AI agents that need strong identity, proper authorization, and the ability to act on behalf of users, Microsoft’s Entra Agent ID capability is worth your attention. I’ve put toge...

MCP servers are cropping up all over the enterprise like weeds in a nice lawn. And just like weeds, this can cause problems. MCP servers should be secured, but how? The official spec says use OAuth...

As I work with enterprise users adopting AI agents, questions around authorization, impersonation, and delegation come up again and again. OAuth is already a delegation protocol, so where does it f...

Enterprises see the power in connecting their data and functionality directly to AI models but most are still treading lightly. The Model Context Protocol (MCP) has quickly emerged as the de facto ...

Do you use API keys to protect your enterprise APIs? If you work in a large enterprise organization, you probably do. This is a very common pattern. A developer can get access to an API for the app...

Prompt injection remains one of the biggest open security challenges for AI and LLM-powered systems in the enterprise. If you’ve been following my writing, you know I’ve explored how indirect injec...

Organizations are working out how best to introduce implementations of the model context protocol (MCP) for their AI agents. One of the mistakes they want to avoid is letting MCP implementations sp...

The more we dig into enterprise usecases around Agent to Agent (A2A) and Agent to MCP scenarios (MCP), the more questions pop up that I’m interested in discussing and sharing. In this post we’ll ta...

The organizations I work with are rapidly adopting the Model Context Protocol (MCP) to connect their services and data to AI models through AI agents, but they’re running into familiar challenges: ...

The Model Context Protocol (MCP) is moving fast from experimental to enterprise-ready. I am working with a number of customers / prospects / community members who want to go beyond locally deployed...

In the previous blog, we dug into dynamically registering OAuth clients leveraging SPIFFE and SPIRE. We used SPIRE to issue software statements in the SPIFFE JWT SVID that Keycloak can trust as par...

The MCP Authorization spec recommends using OAuth Dynamic Client Registration (DCR) for registering MCP clients with MCP servers. More specifically, it suggests using anonymous DCR: meaning any cli...

In this blog post, we’ll walk through an OAuth 2.0 token exchange and delegation to an A2A Agent. We will focus on configuring the A2A Agent Card, implementing the agent in Python, and validating t...

We know building MCP servers are where everyone’s mind is when it comes to AI agents. That is, if you’re going to build useful AI agents, they will need access to enterprise data, tools, and contex...

This is a bonus post following on from my Understanding MCP Authorization three part series covering building (and understanding) an MCP HTTP based server and implementing the MCP Authorization spe...