Build a CIMD-based confidential MCP client in Python using Authorization Code + PKCE.

Anthropic, OpenAI, Block, and the Linux Foundation discuss governing MCP together as the new Agentic AI Foundation launches with 50 companies on day one.

Michael Grinich traces MCP's evolution from local file system interface to industry standard, announces the Agentic AI Foundation, and walks through the latest spec updates.

Paul Irish shows how Chrome DevTools' MCP integration lets AI agents parse 15M-line performance traces and debug browser sessions programmatically.

Den Delimarsky demonstrates MCP's new auth flow—Protected Resource Metadata replaces Dynamic Client Registration for zero-config authentication.

Reilly Wood on why structured queries beat freeform commands at scale

Craig Cannon demos the Turbo-Man Tracker at MCP Night, showing how Supabase's MCP server turns natural language into SQL queries in real-time.

Cloudflare's Code Mode generates code instead of calling MCP tools directly—cutting token usage by 32% for simple tasks and 81% for complex batch operations.

A practical guide to choosing the right role-based access control provider for modern multi-tenant SaaS apps.

MCP Night, The Holiday Special, marked a historic moment: Anthropic donated MCP to the Linux Foundation, launching the Agentic AI Foundation. Demos from Cloudflare, Supabase, Datadog, Microsoft, and Google.

How the Identity Assertion Authorization Grant (ID-JAG)—marketed by Okta as Cross-App Access (XAA)—lets enterprises manage MCP AI app connections through their IdP, with centralized visibility, policy control, and no consent fatigue.

The Linux Foundation unites MCP, goose, and AGENTS.md under open governance. WorkOS breaks down what the new Agentic AI Foundation (AAIF) means for developers.

A practical guide to OAuth’s original MCP onboarding method: how DCR works, where it breaks at scale, and why it still matters alongside CIMD.

Scalable, stateless client registration for AI agents: using a URL as your OAuth client ID to access MCP servers.

OAuth 2.0 and OIDC are no longer just for SSO or integrations; they’re the trust layer that makes AI agents safe, scoped, and governable.

New this month: Strengthened SSO Security with Sign-in Consent, CIMD Support for MCP Auth, AuthKit SDK for TanStack Start, & more

‍AWS’s new “open training” approach could fundamentally reshape who gets to build frontier-grade AI models—and what they can do with their proprietary data.

What MCP Tasks are, why they matter, and the full technical guide to implementing them.

Auth0 FGA requires schemas and DSLs. WorkOS FGA extends RBAC without the complexity tax—no new languages, incremental adoption, 10M free operations. Compare both.

A practical, end-to-end deep dive into data isolation, tenant-aware auth, scaling, and compliance for B2B SaaS.

Learn how Arcade’s MCP-native, credential-isolating tool-calling platform complements WorkOS’s full-stack enterprise auth to secure AI agents and B2B SaaS apps.

A technical guide to MCP client registration: Dynamic Client Registration (DCR) vs Client ID Metadata Documents (CIMD).

How modern apps get access to your data without your password.

Duality AI provides high-fidelity digital twin simulation for robotics and embodied AI, enabling teams to generate synthetic data, test autonomy, and validate real-world behavior safely in virtual environments.

WorkOS FGA introduces a new approach to SaaS authorization that extends familiar RBAC into a flexible, hierarchical model designed for real product evolution. Learn why traditional RBAC and schema-driven FGA systems break down as applications grow, how WorkOS’ resource-scoped model avoids rewrites and role explosion, and how it supports enterprise identity mapping, high-cardinality architectures, and emerging AI agent workflows.

Keep tenants isolated, roles sane, and your auth layer out of incident reviews.

The checklist that makes authorization boring, predictable, and surprisingly hard to break.

Year two starts with fewer hacks and more infrastructure.

Read how the agent connector boom turned into the internet’s newest security liability and how to fix it before the next CVE.

A practical guide to the best OAuth/OIDC platforms for securing autonomous AI agents.

Everything you need to know about choosing a SAML provider for enterprise SSO in modern B2B platforms.

Everything you need to know about OTPs, from HOTP and TOTP internals to real-world pros and cons, plus how WorkOS can help you implement them cleanly.

WorkOS is a proud partner in the Microsoft Entra Agent ID partner ecosystem.

Everything you need to know to implement and validate JWTs securely in Go: from signing to verifying with JWKS, with code examples and best practices throughout.

A developer-focused walkthrough of SAML SSO for developers who want to understand all the moving parts without needing a PhD in XML sorcery.

A practical guide to choosing the right machine authentication model for your SaaS product.

Understanding the intent behind 401 vs 403, 400 vs 422, and other misunderstood status codes.

Comparing Obsidian Security's SaaS monitoring to WorkOS's proven authentication infrastructure for securing AI agents in production.

The illusion of free: How open source SSO quietly makes your team the vendor, the patch manager, and the on-call ops team.

Comparing Credo AI's governance platform to WorkOS's proven authentication infrastructure for securing AI agents in production environments.

Comparing Zenity's AI agent observability platform to WorkOS's proven authentication and authorization infrastructure for enterprise AI security.

Comparing Bedrock Data's data governance platform to WorkOS's comprehensive authentication and authorization infrastructure for securing AI agents and autonomous systems.

Aim Security was acquired by Cato Networks in 2025. Compare their runtime threat detection approach with WorkOS's proven authentication and authorization for AI agents.

A comprehensive comparison of Noma Security and WorkOS for securing AI agents and autonomous systems in enterprise environments.

Comparing Relyance AI's privacy management platform to WorkOS's comprehensive authentication infrastructure for securing AI agents.

Comparing Skyflow's data privacy vault to WorkOS's comprehensive authentication and authorization infrastructure for securing AI agents.

Comparing Immuta's data governance platform to WorkOS's comprehensive authentication and authorization infrastructure for securing AI agents.

Exploring Tumult Labs' differential privacy platform and comparing specialized data privacy to WorkOS's comprehensive authentication infrastructure for AI agents.

Comparing Duality's privacy-enhancing computation platform to WorkOS's comprehensive authentication and authorization infrastructure for AI agent security.

Comparing Jazz Security's DLP platform for AI agents to WorkOS's proven authentication and authorization infrastructure for enterprise AI systems.

Model Context Protocol servers enable LLMs to interact with tools and data sources, but without observability, debugging performance issues and errors becomes difficult. Agnost provides analytics for MCP servers, tracking tool invocations, latency, errors, and user journeys across Claude Desktop, VS Code, and other AI clients.

Concentric AI's Semantic Intelligence protects data accessed by AI agents. WorkOS provides enterprise authentication and authorization for agentic systems.

Nightfall AI's autonomous DLP monitors data exfiltration to AI tools. WorkOS provides the authentication and authorization foundation for securing your AI agents.

Compare HiddenLayer's AI-specific security platform with WorkOS's proven authentication and authorization infrastructure for securing AI agents in production.

Why SCIM looks easy on paper but is one of the hardest integrations to build and scale in practice.

Haize Labs for AI Agent Security: Features, Pricing, and Alternatives

Password sharing quietly eats away at seat-based revenue and introduces risk when companies tighten authentication rules. WorkOS Radar gives teams a smarter way to detect shared credentials, reduce false positives, and protect growth.

Explore how SCIM’s advanced features, bulk operations and filtering, make identity synchronization faster and more efficient for large-scale environments.

Strata Identity for AI Agent Security: Identity Orchestration, Features, and Alternatives.

Straiker emerged in 2025 as a specialized player in AI security testing and runtime protection, raising $21 million from Lightspeed Venture Partners and Bain Capital Ventures.

As AI agents gain autonomy in production environments, security has become a multi-layered challenge. While authentication determines who can access your systems, output validation ensures AI agents behave correctly once they're in. Guardrails AI has emerged as a leading open-source framework for validating AI outputs, preventing hallucinations, and detecting data leaks.

A deep dive into how Pomerium delivers zero-trust, identity-aware access for internal infrastructure—and why enterprise AI applications still need WorkOS for customer authentication, SSO, and directory sync.

Cerbos is an open-source authorization engine that helps developers implement fine-grained access control in their applications. Released under the Apache 2.0 license, it provides a centralized policy decision point that applications query to determine whether specific actions should be permitted.

A clear comparison of Protect AI’s runtime threat detection for machine learning systems and WorkOS’s enterprise-grade authentication—helping teams understand where AI security ends and identity infrastructure begins.

Keycard emerged from stealth in October 2025 with $38 million in funding to solve the agent identity problem from first principles, offering ephemeral, task-scoped credentials purpose-built for agentic workloads. In this article, we'll examine Keycard's approach to agent identity, and explore their architecture and capabilities.

Learn what session revocation is, why it’s essential for securing user and AI agent sessions, and how WorkOS makes it simple to build “Sign Out Everywhere” into your app with just a few lines of code.

A deep dive into how authorization engines like Oso fit into modern application architectures, why they depend on strong identity foundations, and how WorkOS provides the authentication layer required for secure AI agent and multi-tenant access models.

A clear-eyed comparison of Okta’s XAA-based “identity fabric” for AI agents versus WorkOS’s simpler, production-ready auth platform—showing why modern SaaS teams can skip legacy IAM overhead and still get enterprise-grade security for their agents.

Descope launched its Agentic Identity Hub in April 2025, positioning itself as a developer-focused external IAM platform for agent authentication and authorization. In this article, we’ll examine Descope’s approach to agentic identity, explore their key features and pricing, and compare their offering to production-ready alternatives like WorkOS—especially for B2B SaaS teams.

Clerk's Agent Toolkit helps pass identity context to AI agents—but lacks SCIM, audit logs, and admin portal.

A clear-eyed breakdown of Snyk’s new Evo agentic security platform—what’s real, what’s experimental, and why WorkOS remains the production-ready foundation for authenticating and authorizing enterprise AI agents.

Learn how Semgrep secures AI-generated code with SAST, AI-powered triage, and automated fixes—and why production AI agents still need WorkOS for enterprise authentication and authorization.

Modern enterprise faces a security challenge that most organizations are only beginning to understand: for every human employee, there are roughly 100 non-human identities operating across cloud infrastructure, SaaS applications, and AI platforms. Astrix security addresses this non-human identity problem.

Promptfoo has emerged as a specialized security testing platform for AI applications, offering automated red-teaming capabilities that simulate adversarial attacks against LLM-powered systems. With backing from Insight Partners and a16z, plus adoption by companies like Shopify and Amazon, Promptfoo represents a new category of tooling: security validation for agentic systems.

Google Vertex AI offers a comprehensive machine learning and agent platform embedded in Google Cloud. WorkOS provides specialized authentication and authorization infrastructure for B2B SaaS applications, including OAuth 2.1 for MCP servers and agents. These aren’t competing products—they operate at different layers of the stack.

A clear breakdown of how OpenAI’s new AI-security tools like Aardvark and gpt-oss-safeguard differ from WorkOS’s enterprise authentication stack — and why both are required to build secure, production-ready AI applications.

New this month: API Keys, Stripe Billing Seat Sync, AI Branding Assistant, & more

WorkOS now supports automated seat-based billing with Stripe. It tracks organization members and sends seat usage to Stripe Meters so billing stays accurate without custom scripts, webhooks, or billing infrastructure.

Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your app using SCIM, Okta, Python, and WorkOS, with just a few lines of code.

Engineering Manager Pavan Kulkarni walked Enterprise Ready Conference 2025 attendees through the evolution of authorization systems—from simple permission checks to complex, multi-dimensional access control graphs.

At Enterprise Ready Conference 2025, WorkOS's Tobin South delivered a compelling talk on one of the most pressing questions in enterprise AI: how do we handle identity for AI agents?

Learn how SAML Request Signing and Response Encryption protect integrity and confidentiality in modern SSO implementations, and when to use what.

Three CTOs share candid insights from the Enterprise Ready Conference 2025 about how AI is transforming engineering organizations - from junior engineers advancing in 18 months instead of three years, to product managers writing their own code, to interns leading major migrations.

A new SCIM spec draft extends provisioning to AI agents and agentic applications, laying the groundwork for what SCIM for AI could become.

Insights from the Developer Experience and AI panel at Enterprise Ready Conference 2025 on why good DX matters more than ever, what makes production AI systems successful, and how to raise the bar on API design, documentation, and team practices.

WorkOS API Keys eliminates the undifferentiated work of building API authentication infrastructure. Ship production-ready API key management in an afternoon instead of spending weeks building it yourself.

Drew Houston shares how Dropbox scaled from viral consumer tool to profitable public company serving 18M paying customers, revealing the mechanics of PLG-to-enterprise transition and why he's still debugging CUDA kernels after 18 years as CEO.

At Enterprise Ready Conference 2025, Sentry co-founder David Cramer demoed the company's ambitious leap from detecting bugs to fixing them with AI-powered error resolution and automated remediation.

Three ways to add authentication to your MCP server: build your own auth, use WorkOS as a bridge with your existing users, or let WorkOS handle everything with AuthKit.

At ERC 2025, Augment Code’s lightning demo explored why AI-assisted programming still struggles to feel senior — and how true context might finally close that gap.

At ERC 2025, Cosmo from Metronome demonstrated how their platform solves enterprise billing complexity through real-time contract management and flexible monetization models.

At Enterprise Ready Conference 2025, Nuon demonstrated how Bring Your Own Cloud deployments are becoming essential for SaaS companies targeting regulated industries, with live demos of drift detection and change management for customer-hosted applications.

A panel with Linear, Amp, and Jam explores why 80% of companies get net negative value from AI coding tools—and what it takes to be in the winning 20%.

Opal Security moderates a panel exploring how AI is simultaneously transforming security challenges and solutions—and why everything old is new again.

Go behind the scenes at WorkOS to discover the culture, principles, and people powering a company obsessed with excellence, developer joy, and purposeful growth.

Michael Grinich's opening keynote at Enterprise Ready Conference 2025 introduced the Enterprise Chasm concept and unveiled six major product launches while exploring how AI is fundamentally changing software development.

Tobin South demonstrates that enterprise-grade identity and authentication for AI agents isn't a future problem—it's solved today, with WorkOS AuthKit.

This post outlines the timeline and impact to our services and shares how we will improve resiliency for all WorkOS products starting immediately.

On October 22, 2025, Enterprise Ready Conference brought together hundreds of product, engineering, and AI leaders at San Francisco's SF Jazz Center for a conversation about what it takes to build AI products that enterprise customers will actually buy.

A deep dive into the MCP Registry's architecture, exploring design decisions, implementation details, and the sophisticated systems that enable standardized server distribution while maintaining flexibility for custom implementations.