In this episode of Resilient Cyber, I sat down with Karl McGuinness — author of Control Plane and one of the sharpest voices working on identity in the agentic era — to unpack what most of the industry is still getting wrong about IAM for AI agents.
Karl’s thesis is a provocation: we spent two decades optimizing authentication and authorization, and we built that stack for human-paced execution. Agents remove the presence, pacing, and natural scope-limiting that made those controls work — and no amount of stronger credentials, tighter scopes, or faster JIT provisioning closes the structural gap. The real frontier isn’t AuthN or AuthZ. It’s delegation: how approved intent becomes bounded authority that stays governed across delegation chains, unfamiliar tools, consent expansion, revocation, and task termination.
Prefer to Listen?
Be sure to please leave a review and subscribe!
Chris and Karl dig into:
Why the industry optimized for the wrong question, and what changes when agents enter the loop
The Execution Mandate — agents don’t need your passport, they need your authority
Why governing the stay matters more than governing the entry, and what continuous evaluation of authority looks like in practice
Mission-Bound OAuth, including Karl’s own pessimistic case against it
AAuth vs. OAuth as the substrate for agentic identity, and what signal will tell us which one wins
Why Mission Shaping is necessary but not sufficient when quiet expansion, headless execution, and stale state are in play
Open-world OAuth, MCP, and first-contact trust — what the newer standards solve and the substrate gaps no draft is closing
ID-JAG and Cross-App Access (XAA): why enterprise SaaS needs to abandon app-by-app OAuth islands
The widening gap between IETF drafts and the “agentic IAM” being sold at RSA, and the minimum viable posture for teams running agents in production today
Whether you’re a CISO, an identity architect, or a security leader trying to separate vendor narrative from substrate reality, this is a clear-eyed map of where agentic IAM actually is and where it has to go.
