HackerTrans
TopNewTrendsCommentsPastAskShowJobs

positiveblue

no profile record

Submissions

Stop giving your AI Agent admin credentials

positiveblue.substack.com
5 points·by positiveblue·10 miesięcy temu·1 comments

JWTs and OAuth suck for AI agents. Meet Wafers

positiveblue.substack.com
3 points·by positiveblue·10 miesięcy temu·5 comments

The web does not need gatekeepers: Cloudflare’s new “signed agents” pitch

positiveblue.substack.com
454 points·by positiveblue·11 miesięcy temu·489 comments

comments

positiveblue
·10 miesięcy temu·discuss
It’s wild, decades of work on least privilege and delegation, and we’re back to handing out root credentials to bots T.T
positiveblue
·10 miesięcy temu·discuss
Adoption is definitely the hardest "cryptographic" problem :D

You can think about this as a new auth token to add in your stack. It does not need to grow and take over the world overnight. We have seen how hard it is to change the status quo + how much it can adapt to new ideas (ex: SQL vs NoSQL)

For now I would imagine teams who need more flexibility in their auth stack to adopt this for new API
positiveblue
·10 miesięcy temu·discuss
Wafers are definitely inspired by Macaroons, but the core difference is that delegation is tied to identity.

In Macaroons, anyone who holds the token can tack on caveats.

In Wafers, only the current holder can extend it, and they can explicitly name the next holder by public key.

That gives you a verifiable chain of custody instead of an unanchored blob.
positiveblue
·10 miesięcy temu·discuss
TLDR: JWTs say who you are. Wafers say who this request is on behalf of and exactly what it can do.
positiveblue
·11 miesięcy temu·discuss
I could not give less of a shit between whitelist/allowlist. I use them indistinctly.

You can sleep peacefully today but you should try to don't over stress from how other people write on the internet
positiveblue
·11 miesięcy temu·discuss
100% needs to be done at the last mile.
positiveblue
·11 miesięcy temu·discuss
Hi, "this person here" Cloudflare will block that request that has a jwt because "it does not come from a person".

What I was trying to say is that even the discussion "is this a bot 100% sure or not" makes no sense.
positiveblue
·11 miesięcy temu·discuss
many people don't remember/know history though
positiveblue
·11 miesięcy temu·discuss
yep, that's why I am writing this now :)

You can see it in the web vs mobile apps.

Many people may not see a problem on wallet gardens but reality is that we have much less innovation in mobile than in web because anyone can spawn a web server vs publish an app in the App Store (apple)
positiveblue
·11 miesięcy temu·discuss
I know the image, what I do not understand is the argument between using it being incompatible with "fairness" and "openness"
positiveblue
·11 miesięcy temu·discuss
No
positiveblue
·11 miesięcy temu·discuss
Where everyone needs a cloudflare account to be able to pay*
positiveblue
·11 miesięcy temu·discuss
> An allowlist run by one company that site owners chose to engage with.

Exactly, no problem with that, just hinting that's not a protocol.

> But the irony of taking an ideological stance about fairness while using AI generated comics for blog posts

Wait, what?
positiveblue
·11 miesięcy temu·discuss
The point is "should everyone just have an account with Cloudflare then"
positiveblue
·11 miesięcy temu·discuss
This is one of the main points :+1:
positiveblue
·11 miesięcy temu·discuss
I actually thought about this before publishing it hahaha

Good thing they are not the only place to post!
positiveblue
·11 miesięcy temu·discuss
Narrator: but he did put effort...

Anyway, main take aways for you:

- We REALLY need a way to tie identity to agent/requests - The idea of registering with cloudflare to be able to access a website is bad - Sites should be able to block whoever they want or make anything they desire a requirement (there are people that has login only with google after all)

We have the right primitives to build something that works for any provider (from cloudflare, to Akamai, to self hosting nginx servers). Let's take that route
positiveblue
·11 miesięcy temu·discuss
Giving an agent full access to your data without clear guardrails is a really bad idea.

We automate checkouts for e-commerce stores and work with very sensitive information, but our agents never see the real data. They only fill forms with placeholders, which later get swapped with the actual values downstream.

Prompt injection is a real risk, and while the industry will adapt, you need to be extremely cautious when letting agents operate in these contexts. Long story short: do not give "admin" privileges to AI Agents in the wild.