What is AgentAuth?
Purpose-built identity and authorization for AI agents
Early Access
Hawcx Agentic Auth is currently in early access. Fill out the form below to request access.
AI agents are making decisions, calling APIs, and moving data across your systems, hundreds of times per minute, completely autonomously. But here's the problem: they're authenticating like it's 2015.
The Identity Crisis
When an AI agent accesses your CRM, email, or financial systems, your security infrastructure treats it as the human who launched it. Same OAuth token. Same permissions. No separate identity. No per-action audit trail.
That's like handing your employee badge to a contractor and hoping for the best.
If the agent gets compromised (through prompt injection, token theft, or a supply chain attack) the attacker gets everything the user had access to.
This isn't theoretical. Prompt injection attacks have demonstrated near-perfect success rates against AI coding assistants, and zero-click data exfiltration has been shown possible through enterprise copilot tools using the user's full OAuth scope.
Why Existing Auth Doesn't Work for Agents
| Approach | Why It Fails |
|---|---|
| Static API keys | No identity. No expiry. One leaked key = total compromise. No way to trace which agent did what. |
| OAuth 2.0 client creds | Built for known services, not dynamic agent fleets. Session-scoped permissions are too broad. Bearer tokens are replayable. |
| Passkeys / WebAuthn | Requires a human to touch a fingerprint reader. Agents can't do that. |
Every one of these was designed for humans accessing applications. None of them were designed for autonomous software making hundreds of independent decisions.
A Different Approach
Hawcx Agentic Auth gives every AI agent its own cryptographic identity, separate from the human who deployed it, with permissions scoped to exactly what each agent needs to do on each individual request.
Unique agent identity
Each agent gets its own cryptographic identity, registered by an authorized human via your organization's identity provider. The agent authenticates with its own key. It never borrows or shares human credentials. Full audit trail per agent.
One token, one action
Before every action, the system pre-mints a single-use token scoped to exactly what the agent is allowed to do: which tool, what resource, what constraints. No long-lived sessions with broad permissions.
Fast offline verification
The receiving service verifies the token cryptographically in under 400 microseconds using pre-loaded key material. No round-trip to a central authorization server. No single point of failure.
Humans stay in the loop when it matters
Destructive operations (delete, execute, transfer) can pause and require human approval before the token is minted. The agent cannot observe, interact with, or bypass this gate.
Encrypted and tamper-proof tokens
Tokens are both encrypted and signed in a single operation. Even if intercepted, the token payload is unreadable and tamper-proof. Single-use consumption means stolen tokens cannot be replayed.
How It Works
Hawcx Agentic Auth uses three components that run in separate, isolated processes:
- Authentication Service (AS): Handles mutual authentication between the agent and the service. Establishes a secure session. Shared infrastructure.
- Token Queue Service (TQS): Runs as a separate process per agent, isolated from the agent's runtime. Pre-mints batches of single-use tokens based on your access policies. The agent can only request tokens through a constrained local channel.
- Your API service: Verifies tokens using pre-loaded key material. No contact with the auth service at request time. Sub-millisecond verification.
The four phases
Per-user, per-agent isolation
Each user gets their own isolated set of processes. Each agent within a user's account gets its own token service with its own access policies:
User A
├── code-deploy-agent → Token Service (deploy policies) → Service (shared)
├── data-analysis-agent → Token Service (read-only policies) → Service (shared)
└── monitoring-agent → Token Service (observe policies) → Service (shared)
User B
├── code-deploy-agent → Token Service (deploy policies) → Service (shared)
└── reporting-agent → Token Service (report policies) → Service (shared)Compromise of one agent's token service does not expose another's tokens, keys, or policies.
Works With Any Framework
Hawcx Agentic Auth is framework-agnostic. Use it with:
- LangChain (see example)
- OpenAI Agents SDK
- CrewAI
- AutoGen
- Anthropic MCP with purpose-built integration for the Model Context Protocol
- Raw HTTP that works with any language or framework
Get Started
Ready to give your agents their own identity?
- Quickstart to register your first agent in under 10 minutes
- Permissions & Policies to understand how permissions work per action
- Security for the zero-trust architecture and threat model