Agent Identity as Core Infrastructure
Reed McGinley-Stempel, CEO of Stytch, on authentication for AI agents
Agent identity turns authentication from a login widget into core product infrastructure. The big change is that apps now need to safely let outside clients and AI agents act on a user’s behalf, which means building Google style consent flows, token issuance, scoped permissions, revocation, and audit logs. That expands identity from a narrow sign in feature into a broader control plane for what software can read, write, and trigger across other software.
-
This is a larger platform shift than passwordless because many apps that never needed to be identity providers now need OAuth 2.0 servers for MCP and agent access. Stytch positions Connected Apps as the fast path, letting a product add delegated access without replacing its existing auth stack.
-
The workflow is concrete. A user connects an app to Claude or another client, sees a consent screen, approves a narrow set of scopes, and the app must remember what that agent can do, block risky actions, and keep an audit trail. That is much closer to Google Calendar and Superhuman than to a normal signup form.
-
This also reshuffles competition. Clerk is strongest where teams want prebuilt UI and fast startup onboarding. WorkOS grew from enterprise SSO and SCIM. Stytch is pushing toward a fuller stack that combines login, RBAC, delegated OAuth, and fraud controls for both cooperative and adversarial agents.
The next phase of identity spend will follow agent adoption inside SaaS. As more products expose read and then write actions through MCP and similar protocols, the winning identity vendors will be the ones that can make every app into a secure delegated access layer, with fine grained permissions for humans and their agents built in from day one.