nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

The five critical gaps of OAuth 2.0 that put your business at risk

Ash C

#1 AI agents don’t have their own identity

This was one of the most debated issues. Attendees asked, “Should agents be treated as a service principal, workload identity, or new entity?”

Some organizations are treating agents like human users, complete with licenses and permissions.

Meanwhile, others are using hybrid models that combine user and agent-specific attributes.

There's no standard approach, which means everyone’s guessing.

#2 It’s all-or-nothing access when it comes to AI agents

OAuth 2.0 grants fixed permissions up front, but they don’t adapt to context. This means once an agent has these permissions, it can perform both safe and harmful tasks as long as it remains authenticated.

There’s no alternative where an agent has its own clearly defined identity termination policy and continuous, context-aware validation workflow.

#3 You can’t see what your AI agents are really doing

When a security incident occurs, you need to know what happened. But if an AI agent was involved, good luck on figuring out:

Did a person tell it to do that?
Did the AI agent decide on its own?
Did another AI agent tell it to do that?

One expert put it bluntly, “Agents are showing us where our access controls are already broken.”

#4 Nobody knows who’s in charge of which AI agent

Here’s a question that stumped a room full of experts: Who actually owns an AI agent?

If someone leaves an organization, you deactivate their account. But what about the AI assistants they created? Should they be shut down or allowed to co-exist with current agents? Most importantly, who decides?