Position: AI Agents Need Authenticated Delegation

Tobin South; Samuele Marro; Thomas Hardjono; Robert Mahari; Cedric Deslandes Whitney; Alan Chan; Alex Pentland

Position: AI Agents Need Authenticated Delegation

Tobin South, Samuele Marro, Thomas Hardjono, Robert Mahari, Cedric Deslandes Whitney, Alan Chan, Alex Pentland

Published: 01 May 2025, Last Modified: 18 Jun 2025ICML 2025 Position Paper Track oralEveryoneRevisionsBibTeXCC BY 4.0

TL;DR: Extending web infrastructure to make AI agent delegation more robust

Abstract: The rapid deployment of autonomous AI agents creates urgent challenges in the areas of authorization, accountability, and access control in task delegation. This position paper argues that authenticated and auditable delegation of authority to AI agents is a critical component of mitigating practical risks and unlocking the value of agents. To support this argument, we examine how existing web authentication and authorization protocols, as well as natural language interfaces to common access control mechanisms, can be extended to enable secure authenticated delegation of authority to AI agents. By extending OAuth 2.0 and OpenID Connect with agent-specific credentials and using transparent translation of natural language permissions into robust scoping rules across diverse interaction modalities, we outline how authenticated delegation can be achieved to enable clear chains of accountability while maintaining compatibility with established authentication and web infrastructure for immediate compatibility. This work contributes to ensuring that agentic AI systems perform only appropriate actions. It argues for prioritizing delegation infrastructure as a key component of AI agent governance and provides a roadmap for achieving this.

Lay Summary: This paper argues that we need a clear system for "authenticated delegation." This means when an AI agent interacts with websites, services, or even other AI agents, those entities can confidently verify: - Who authorized the AI: Confirming it's acting on your behalf, not rogue. - What the AI is allowed to do: Limiting its actions to the specific task you delegated. We explore how existing internet security technologies, like those used when you log into websites and grant apps access to your data, can be adapted for AI agents.

Primary Area: Research Priorities, Methodology, and Evaluation

Keywords: Agents, delegation, authorisation, auditability

Submission Number: 227

Loading