Echoes
Echoes
The Question That Keeps Getting Deferred
Every identity mechanism on the web started with a person at a keyboard. When machines needed access, engineers didn't redesign the system. They removed the human from the flow and kept everything else. That worked for thirty years because each new caller was simpler and more predictable than the one before. Service accounts, cron jobs, scheduled API calls. The assumptions could stretch because nobody was stretching them very far. AI agents are the first caller that breaks the pattern.
The Question That Keeps Getting Deferred
Every identity mechanism on the web started with a person at a keyboard. When machines needed access, engineers didn't redesign the system. They removed the human from the flow and kept everything else. That worked for thirty years because each new caller was simpler and more predictable than the one before. Service accounts, cron jobs, scheduled API calls. The assumptions could stretch because nobody was stretching them very far. AI agents are the first caller that breaks the pattern.
The Shadow Credentials
When software first needed to authenticate on enterprise networks in the 1990s, nobody designed a credential type for it. Engineers created a user account, removed the human, and moved on. No lifecycle tracking. No owner on record. No offboarding trigger when the project that spawned it quietly dissolved.
RPA scaled the same shortcut. Bots got worker-shaped identities faster than any governance function could catalog them. Deloitte found that most enterprises never achieved RPA at scale, largely because scattered bot ecosystems accumulated duplicated logic and inconsistent oversight. The governance gap wasn't a failure of awareness. Gartner flagged segregation-of-duties risks in 2018. Deployment velocity simply outran institutional response, every time.
AI agents are the third generation inheriting this trajectory. They authenticate with familiar credential patterns. But a service account ran a fixed script with fixed permissions. An agent interprets context and decides what to do next. The organizational surface area of a single credential just changed fundamentally, and the governance architecture around it hasn't changed at all.
Two Workarounds Agents Straddle
The Exception That Became the Rule
OAuth was designed to separate identity from authorization. Who you are was one question; what you could do was another. The protocol would handle the second and leave the first alone. Then its edge-case provision — a grant type for when no human was present — absorbed the majority of traffic. The permission became the identity. The spec still reads as though someone is home.
The Session That Assumed You Were There
In 1994, a Netscape engineer built cookies to remember your shopping cart and specifically rejected proposals to turn browsers into universal identity beacons. Thirty years later, the session token does exactly what he refused to build — it passes for proof of who you are. The browser's security model still assumes a human is making choices about where to go. That assumption is quietly breaking.
Further Reading
Past Articles
CAPTCHAs were built on an assumption: that something fundamental separates human behavior from machine behavior, and a t...
Browser testing was built on an assumption: the script knows what it wants to do, and the chaos is in the world around i...
In the early 2000s, an engineer automating IBM mainframes built a small scripting language around a specific expectation...
Between 2018 and 2023, the RPA industry cataloged its failures in painful detail: UI fragility, credential sprawl, owner...