AI agents are changing the way we use and build software, unlocking incredible productivity gains by performing complex tasks on our behalf. But as organizations rush to deploy them, a critical question arises: Who is controlling them?
In a recent conversation with tech influencer Alex Banks, Shiv Ramji, President of Auth0, discussed the unique security challenges posed by this new era of non-deterministic software.
“We are at that moment where everybody's been experimenting with agents and realized that agents are really powerful,” Ramji explained. “But the moment you want to deploy them in your enterprise, you start thinking ... what about identity security? What level of data or access should an agent have?”
Unlike traditional applications, which follow strict, pre-defined rules, AI agents operate with intelligence and autonomy. This shift requires developers to approach security as a foundational element, rather than a bolt-on feature. Ramji outlined four key requirements for developers building AI agents today:
Verification: Just as we verify human users, we must authenticate agents to help ensure they are authorized to perform actions on a user's behalf.
Human-in-the-loop: For sensitive transactions — like purchasing airline tickets — systems should allow for human approval before completion.
Fine-grained permissions: Access must be precise and ephemeral. Agents should only access the data they need, exactly when they need it, rather than having blanket permissions.
Secure connections: We have to verify that agents can interact securely with both internal and external applications, such as Slack or Workday. Tools like Auth0 Token Vault can help developers do that.
To learn more about what developers need to get right and Ramji’s predictions for the future, watch the full video above.
