AAuth Night

​AI engineers are discovering that connecting agents to company tools means rebuilding the identity layer from scratch: short-lived credentials, per-user delegation, audit trails, scoped access, and secure multi-agent handoffs. Every team is solving the same problems independently, and many are still relying on bearer tokens and long-lived API keys that were never designed for autonomous systems.

​AAuth is a new auth protocol designed for agents, built by the author of OAuth, Dick Hardt. AAuth lets you run your agent without API Keys and bounds an agent's authority to its mission, re-checked at every step rather than approved once at the moment a scope is granted.

​We'll have lightning talks and live demos from Dick himself, Jared Hanson, Keycard CTO and author of Passport.js, and other engineers shipping against AAuth today. We'll close with a Panel Q&A moderated by Allie Howe, host of the Insecure Agents Podcast.

​What you'll learn:

• ​How an agent can call resources without an API key

• ​Why AAuth stops "losing a token" from being a security event

• ​How mission-bounded authority allows the agent's scope to be re-checked every step against what the user actually asked for

• ​How AAuth creates multi-agent delegation chains you can actually audit

• ​The emerging patterns for production agent auth, what's working, and what's still in flight

​If you're deploying agents and tired of rebuilding the auth layer from scratch every time, come hang out.