As more organizations rush to incorporate generative AI into their applications and customer interfaces, the higher the security and privacy risks grow.
That's because legacy identity and authentication controls weren't designed to handle AI agents. As a result, generative AI agents may access and subsequently compromise information they weren't supposed to touch; may improperly interface with other applications; may not wait for human approval before making critical decisions; and may grant access to human users who aren't properly authorized.
Yet even when developers and security practitioners are aware of these risks, the software incorporating GenAI is often produced anyway. No organization wants to fall behind in the AI arms race, and the security risks associated with forging blindly ahead are perceived as worth taking.
"This explosion of AI-powered assistants that can answer complex questions, automate workflows, and take actions on behalf of users is undoubtedly exciting," says Shiven Ramji, President of Auth0, previously known as Okta Customer Identity Cloud. "However, it can be challenging to add security effectively once deployed."
To mitigate this problem, identity-security firms are adding new features to their developer tools that allow application builders to smoothly incorporate authentication, authorization, management and governance features designed to work with AI agents.
For their part, Okta and Auth0 are releasing Auth for GenAI, a set of enhancements for the Auth0 Platform.
"With Auth for GenAI," says Ramji, "developers can help ensure that AI agents are built with secure authentication and authorization from their inception, granting access only to what's necessary and preventing misuse."
How Auth for GenAI manages AI agents
In a blog post, Ramji laid out four ways that Auth for GenAI manages AI agents.
The first is user authentication, which lets developers create customized login interfaces for humans accessing AI agents. After all, you don't want unauthorized users running AI models.
Second is the Token Vault, which holds API tokens that let AI agents interact with Slack, Gmail and other SaaS and web applications. First-party tokens are handled using standard OAuth 2.0; third-party ones are handled using federated identity.
Third, asynchronous authorization lets AI agents perform non-sensitive tasks while they wait for human approval for more sensitive operations.
Finally, fine-grained authorization for retrieval-augmented generation (RAG) makes sure that an AI agent has permission to retrieve data only from specific outside sources, and not from those it is not authorized to access.
Auth for GenAI also has integration plug-ins for the Langchain, Llamaindex, Google GenKit, and Vercel.ai frameworks, a boon for developers aiming to create secure applications using GenAI.
Other new features added to the Auth0 Platform
Apart from Auth for GenAI, the Auth0 Platform is gaining more new features and enhancements.
Enterprise Ready Customer Identity, a toolbox of IAM capabilities for developers of SaaS applications, has several new functions:
There's also Tenant Access Control, which determines who can access an application before users even reach the login screen, and Advanced Customization for Universal Login, which lets organizations customize login screens to reflect their brands and plans for the user experience.
Post-login, Native to Web SSO (single sign-on) lets users switch from mobile to web apps without having to sign in again, and Client-Initiated Back Channel Authentication (CIBA) lets customer-service agents, kiosks or AI agents initiate the customer login process.
Screenshot credit: Auth0
