HackerTrans
TopNewTrendsCommentsPastAskShowJobs

positiveblue

no profile record

Submissions

Stop giving your AI Agent admin credentials

positiveblue.substack.com
5 points·by positiveblue·10 bulan yang lalu·1 comments

JWTs and OAuth suck for AI agents. Meet Wafers

positiveblue.substack.com
3 points·by positiveblue·10 bulan yang lalu·5 comments

The web does not need gatekeepers: Cloudflare’s new “signed agents” pitch

positiveblue.substack.com
454 points·by positiveblue·11 bulan yang lalu·489 comments

comments

positiveblue
·10 bulan yang lalu·discuss
It’s wild, decades of work on least privilege and delegation, and we’re back to handing out root credentials to bots T.T
positiveblue
·10 bulan yang lalu·discuss
Adoption is definitely the hardest "cryptographic" problem :D

You can think about this as a new auth token to add in your stack. It does not need to grow and take over the world overnight. We have seen how hard it is to change the status quo + how much it can adapt to new ideas (ex: SQL vs NoSQL)

For now I would imagine teams who need more flexibility in their auth stack to adopt this for new API
positiveblue
·10 bulan yang lalu·discuss
Wafers are definitely inspired by Macaroons, but the core difference is that delegation is tied to identity.

In Macaroons, anyone who holds the token can tack on caveats.

In Wafers, only the current holder can extend it, and they can explicitly name the next holder by public key.

That gives you a verifiable chain of custody instead of an unanchored blob.
positiveblue
·10 bulan yang lalu·discuss
TLDR: JWTs say who you are. Wafers say who this request is on behalf of and exactly what it can do.
positiveblue
·11 bulan yang lalu·discuss
I could not give less of a shit between whitelist/allowlist. I use them indistinctly.

You can sleep peacefully today but you should try to don't over stress from how other people write on the internet
positiveblue
·11 bulan yang lalu·discuss
100% needs to be done at the last mile.
positiveblue
·11 bulan yang lalu·discuss
Hi, "this person here" Cloudflare will block that request that has a jwt because "it does not come from a person".

What I was trying to say is that even the discussion "is this a bot 100% sure or not" makes no sense.
positiveblue
·11 bulan yang lalu·discuss
many people don't remember/know history though
positiveblue
·11 bulan yang lalu·discuss
yep, that's why I am writing this now :)

You can see it in the web vs mobile apps.

Many people may not see a problem on wallet gardens but reality is that we have much less innovation in mobile than in web because anyone can spawn a web server vs publish an app in the App Store (apple)
positiveblue
·11 bulan yang lalu·discuss
I know the image, what I do not understand is the argument between using it being incompatible with "fairness" and "openness"
positiveblue
·11 bulan yang lalu·discuss
No
positiveblue
·11 bulan yang lalu·discuss
Where everyone needs a cloudflare account to be able to pay*
positiveblue
·11 bulan yang lalu·discuss
> An allowlist run by one company that site owners chose to engage with.

Exactly, no problem with that, just hinting that's not a protocol.

> But the irony of taking an ideological stance about fairness while using AI generated comics for blog posts

Wait, what?
positiveblue
·11 bulan yang lalu·discuss
The point is "should everyone just have an account with Cloudflare then"
positiveblue
·11 bulan yang lalu·discuss
This is one of the main points :+1:
positiveblue
·11 bulan yang lalu·discuss
I actually thought about this before publishing it hahaha

Good thing they are not the only place to post!
positiveblue
·11 bulan yang lalu·discuss
Narrator: but he did put effort...

Anyway, main take aways for you:

- We REALLY need a way to tie identity to agent/requests - The idea of registering with cloudflare to be able to access a website is bad - Sites should be able to block whoever they want or make anything they desire a requirement (there are people that has login only with google after all)

We have the right primitives to build something that works for any provider (from cloudflare, to Akamai, to self hosting nginx servers). Let's take that route
positiveblue
·11 bulan yang lalu·discuss
Giving an agent full access to your data without clear guardrails is a really bad idea.

We automate checkouts for e-commerce stores and work with very sensitive information, but our agents never see the real data. They only fill forms with placeholders, which later get swapped with the actual values downstream.

Prompt injection is a real risk, and while the industry will adapt, you need to be extremely cautious when letting agents operate in these contexts. Long story short: do not give "admin" privileges to AI Agents in the wild.