Adoption is definitely the hardest "cryptographic" problem :D
You can think about this as a new auth token to add in your stack. It does not need to grow and take over the world overnight. We have seen how hard it is to change the status quo + how much it can adapt to new ideas (ex: SQL vs NoSQL)
For now I would imagine teams who need more flexibility in their auth stack to adopt this for new API
Many people may not see a problem on wallet gardens but reality is that we have much less innovation in mobile than in web because anyone can spawn a web server vs publish an app in the App Store (apple)
- We REALLY need a way to tie identity to agent/requests
- The idea of registering with cloudflare to be able to access a website is bad
- Sites should be able to block whoever they want or make anything they desire a requirement (there are people that has login only with google after all)
We have the right primitives to build something that works for any provider (from cloudflare, to Akamai, to self hosting nginx servers). Let's take that route
Giving an agent full access to your data without clear guardrails is a really bad idea.
We automate checkouts for e-commerce stores and work with very sensitive information, but our agents never see the real data. They only fill forms with placeholders, which later get swapped with the actual values downstream.
Prompt injection is a real risk, and while the industry will adapt, you need to be extremely cautious when letting agents operate in these contexts. Long story short: do not give "admin" privileges to AI Agents in the wild.