June 2026 Summaries
31 posts from WorkOS
Filter
Month:
Year:
Post Summaries
Back to Blog
WorkOS has introduced an API Gateway that streamlines the integration of authentication traffic by consolidating user authentication and API key validation into a single layer using JWTs. Initially focusing on API key integration, the gateway eliminates the need for backend systems to make additional network calls to WorkOS for validation, instead verifying API keys inline and exchanging them for JWTs containing user and permission data. This results in reduced latency and a unified integration pattern for handling both authentication methods, enhancing efficiency and simplicity. The gateway also offers advanced capabilities such as rate limiting, API spec ingestion, and permission enforcement at the edge, as well as infrastructure readiness for agents making concurrent API calls. The aim is to provide a comprehensive solution for managing API traffic in a centralized manner, ensuring that APIs remain robust and efficient regardless of the caller type. Early access to the API Gateway is currently available for interested teams.
Jun 30, 2026
442 words in the original blog post.
WorkOS has introduced a new organizational feature called "Projects" to better manage environments and branding for multi-product teams. Previously, all environments were grouped under a single team with shared branding, which worked for single-product teams but presented challenges for those managing multiple products. Projects now allow teams to logically group environments, such as staging and production, for each product separately, thus maintaining organization without the need for awkward workarounds. Additionally, branding has shifted from the workspace level to the environment level, enabling distinct branding configurations for different environments like staging and production. This update provides each product with its own project, environments, and branding, ensuring a more accurate product structure and organized dashboard. Existing WorkOS accounts have been automatically migrated to a default project, and users can create additional projects or reorganize their environments as needed, with support for more advanced transfers and custom branding options coming soon.
Jun 29, 2026
843 words in the original blog post.
React Router v7's framework mode transforms how authentication functions in React applications by supporting server-side OAuth flows, which eliminate client-side token management and increase security. Loaders facilitate authorization redirects and code exchanges, while sessions are maintained in encrypted cookies, ensuring that sensitive information like OAuth client secrets and access tokens remain untouched by the browser. This streamlined approach to OAuth 2.0 enables seamless social login integration, covering providers such as Google, GitHub, and Microsoft, and is further simplified with the use of WorkOS AuthKit, which automates the setup and management process. AuthKit provides a comprehensive solution by handling state validation, session creation, and provider-specific nuances, allowing developers to focus on other aspects of their applications. This approach not only supports social login but is also designed to accommodate enterprise SSO needs without altering the application's architecture, making it a flexible choice for both consumer and business-focused applications.
Jun 26, 2026
3,719 words in the original blog post.
In late 2025, Uber implemented Claude Code for 5,000 engineers, quickly exhausting its annual AI budget by April 2026, reflecting a broader trend of uncontrolled AI spending due to lacking governance infrastructures. Traditional enterprise software costs are predictable, but token consumption in AI is notably different, marked by non-linearity, invisibility, and non-attribution, which complicates financial oversight. The emerging FinOps response emphasizes real-time monitoring, business-unit chargeback, and ROI thresholds, contingent on establishing a robust authorization architecture. This involves distinct agent identities, tool-level scoping, and session boundaries to facilitate accurate cost attribution. The Model Context Protocol has yet to resolve these issues at the protocol level, but the FinOps Foundation's initiatives and tools like WorkOS are developing frameworks to manage these challenges effectively, underscoring the necessity for early architectural decisions to prevent budget crises.
Jun 22, 2026
1,504 words in the original blog post.
SAML SSO involves the transmission of a SAML assertion, an XML document sent by an identity provider (IdP) after user authentication, containing key user data like name and email. The process of aligning these attributes with the application's expected fields is called attribute mapping, which is crucial for correctly identifying user roles, permissions, and group assignments within an application. Common issues with attribute mapping include silent failures due to incorrect mappings, varying attribute naming conventions across different IdPs, and oversized assertions due to excessive group data. Proper configuration, testing with staging environments, and using tools like SAML Tracer are recommended to ensure accurate mappings without impacting real users. Solutions such as WorkOS offer automatic normalization and configurable attributes to streamline the process, allowing for consistent handling of user data across various IdPs.
Jun 19, 2026
3,271 words in the original blog post.
In a surprising development, Cloudflare CEO Matthew Prince announced that AI-driven bot traffic now surpasses human traffic online, with automated requests making up 57.5% of web traffic. This shift, which Prince had anticipated by the end of 2027, arrived 18 months earlier due to the rapid growth of AI agents capable of mimicking human web interactions. These agents, distinguished from traditional bots, perform tasks such as browsing, form-filling, and transactions at a scale far greater than human capability. This evolution necessitates significant changes in web analytics, site design, and e-commerce strategies, as traditional metrics no longer accurately reflect user engagement. Companies are urged to adapt by segmenting human and bot traffic in analytics, optimizing sites for AI interactions, and integrating new protocols like the Universal Commerce Protocol (UCP) and Agentic Commerce Protocol (ACP) to facilitate AI-mediated transactions. The transition to a machine-majority web requires rethinking attribution models and embracing content licensing and access control strategies, as AI crawling dominates web interactions without providing equivalent referral traffic. Major tech companies like Google are integrating agent capabilities at the operating system level, signaling a structural shift in internet usage, which businesses must address promptly to remain competitive.
Jun 18, 2026
1,680 words in the original blog post.
The release candidate for the Model Context Protocol (MCP) 2026-07-28 introduces significant changes, described as the largest revision since the protocol's launch. Key updates include the removal of sessions, the elimination of the initialization handshake, the deprecation of three core features, and a shift to a stateless core, which allows any server instance to handle any request without the need for sticky routing or shared session stores. The authorization framework is strengthened to align with OAuth 2.1 and OpenID Connect, making it more enterprise-ready by requiring OAuth 2.0 Protected Resource Metadata and Resource Indicators. Extensions are now a formal part of the protocol, enabling features like MCP Apps and Tasks to evolve independently. Deprecated features such as Roots, Sampling, and Logging are documented and scheduled for phased removal. The migration deadline is July 28, 2026, and involves updating server and client implementations to accommodate these changes, which are anticipated to enhance the security model by ensuring token validation per request and facilitating standardized extensions for security-relevant capabilities.
Jun 18, 2026
1,723 words in the original blog post.
Visa's Payment Ecosystem Risk and Control (PERC) team has identified a significant increase in dark web activity related to AI agent compromise, with a focus on exploiting these agents for fraudulent transactions that mimic legitimate behavior. The issue lies in agentic commerce, where AI agents, already entrusted with user credentials, can be hijacked to conduct unauthorized purchases, presenting a challenge for traditional fraud detection systems. The proliferation of AI-driven transactions, as seen with the launch of protocols like Google's Universal Commerce Protocol and OpenAI's Agentic Commerce Protocol, underscores the growing scale of agentic commerce, which is expected to handle a substantial portion of e-commerce by 2030. However, the current security model is inadequate, necessitating advancements in areas such as agent identity, scoped delegation, and transaction-level consent to mitigate risks. The responsibility for unauthorized transactions remains ambiguous, with industry stakeholders still grappling with liability issues, as highlighted by Hogan Lovells' analysis and the World Economic Forum's projections on AI agent exploitation in data breaches. To address these challenges, building infrastructure that ensures traceability and accountability through agent identity verification, scoped delegation, and comprehensive audit trails is crucial, even as the legal and regulatory frameworks evolve to catch up with the technological advancements.
Jun 18, 2026
1,848 words in the original blog post.
Switching identity providers presents a significant challenge in migrating password hashes, as they are inherently one-way and cannot be decrypted or translated. This text explores the complexities of handling password hashes from various identity providers like Auth0, Firebase Auth, and Cognito, emphasizing the importance of the silent rehash pattern, which enables seamless upgrades to more secure algorithms without requiring users to reset their passwords. Each provider uses different hash formats and parameters, such as bcrypt, scrypt, PBKDF2, and Argon2, with unique encoding, salt strategies, and parameter configurations that must be carefully managed during migration. The silent rehash pattern involves importing existing hashes, verifying them on the user's next login, and then rehashing with a preferred modern algorithm like Argon2id, ensuring users remain unaffected by the migration. Additionally, the text suggests strategies for handling long-tail users who seldom log in, recommending a balance between maintaining legacy hashes and setting sunset policies to manage security and user engagement effectively. The overarching message is that successful password hash migration requires meticulous attention to both export and import processes, including understanding hash formats, carrying over essential parameters, and verifying salt strategies before executing the migration.
Jun 16, 2026
1,446 words in the original blog post.
The tutorial outlines a method for encrypting personally identifiable information (PII) at the application layer before it reaches the database, using WorkOS Vault to manage encryption keys separately. This approach ensures that PII such as email addresses, phone numbers, and billing addresses are stored as encrypted objects in Vault, with only their Vault object IDs saved in the application database. By doing so, even if a database is compromised through SQL injection, internal queries, or misconfigured exports, the sensitive data remains secure and unreadable. The encryption keys are tied to each user's organization, providing an additional security boundary that ensures data from one tenant cannot be decrypted with another tenant's key. The tutorial provides a step-by-step guide to implementing this system in a multi-tenant SaaS application, covering the full CRUD lifecycle for user PII without requiring in-depth cryptographic knowledge. It leverages Vault's API to securely handle operations like storing, reading, updating, and deleting encrypted data while adhering to GDPR requirements for data erasure.
Jun 16, 2026
2,444 words in the original blog post.
As the Model Context Protocol (MCP) evolves, its authentication layer has incorporated resource indicators from OAuth 2.0 to enhance security by binding tokens to specific resource servers. Resource indicators, defined in RFC 8707, allow a client to specify which server a token is intended for, preventing misuse across multiple servers and mitigating token confusion attacks. MCP utilizes these indicators by having clients include a resource parameter during authentication, ensuring that tokens are bounded to designated servers and reducing potential security risks. Implementation requires consistent URI advertisement, aud claim validation, and informative error messaging to aid debugging. For MCP client developers, managing tokens for multiple servers is crucial, as each server necessitates a unique token. Meanwhile, authorization server operators must support RFC 8707, handling the resource parameter and ensuring correct aud claim embedding. Resource indicators complement OAuth scopes, defining not just what actions a token permits but also where they can be executed, thereby bolstering security in multi-server environments. WorkOS AuthKit provides a solution for those who prefer not to manage this infrastructure, offering native support for resource indicators and seamless integration with existing systems.
Jun 16, 2026
1,622 words in the original blog post.
Developers often encounter challenges when integrating Google's OAuth for accessing user data beyond basic sign-in, such as calendar or Gmail access, due to misconceptions about token usage. The confusion arises from the distinction between ID tokens, which authenticate users, and access tokens, which authorize API calls based on specific scopes. A common mistake is attempting to use the sign-in token for data access, leading to errors when the required scopes aren't included. Adding more scopes upfront can deter users due to complex consent screens and doesn't resolve issues with Single Sign-On (SSO) scenarios, where tokens issued by third-party identity providers lack data access permissions. A more effective strategy is to separate authentication from data authorization, allowing users to log in through any method and request data access subsequently. WorkOS Pipes facilitates this approach by managing OAuth flows and token refreshes, enabling seamless data access without complicating the login process. This approach ensures a smoother user experience and higher consent rates, especially for enterprise users, by addressing the intricate nuances of OAuth and SSO integration.
Jun 15, 2026
1,742 words in the original blog post.
The text outlines the intricacies of implementing secure authorization in React Router v7, focusing on the need to differentiate between authentication ("who is this user?") and authorization ("what can this user do?"). It highlights common pitfalls, such as protecting routes with loaders but neglecting to secure actions, which are HTTP endpoints accessible directly through URLs. The document describes how roles and permissions can be modeled using flat roles or permission-based role-based access control (RBAC), with the latter offering greater flexibility for complex applications. It emphasizes the importance of enforcing authorization checks within actions and provides code examples for building reusable helpers to propagate authorization context throughout an application. The text also covers advanced authorization patterns for business-to-business (B2B) applications, including organization-scoped roles and resource ownership, and introduces WorkOS as a solution for managing RBAC and fine-grained authorization efficiently. The guide concludes by recommending best practices for naming permissions, logging denials, and ensuring comprehensive testing of authorization logic.
Jun 15, 2026
3,377 words in the original blog post.
Encryption at rest may protect data from physical theft, but it does little to guard against attacks at the application layer, highlighting the need for a more robust approach to data security in multi-tenant SaaS applications. Logical isolation, often used in multi-tenant applications, separates tenant data through application logic, but is vulnerable to coding errors and misconfigurations. Cryptographic isolation, a stronger security measure, involves encrypting each tenant's data with unique keys, ensuring that even if one tenant's data is leaked, it remains unreadable without the specific decryption key. This method is achieved through envelope encryption, which uses a Data Encryption Key (DEK) for data encryption and a Key Encryption Key (KEK) for encrypting the DEK, ensuring that each tenant's data remains isolated. The use of key context in systems like WorkOS Vault allows for the creation of a unique KEK per tenant, automatically managed without the need for a key registry, thus simplifying operations and maintaining isolation. Cryptographic isolation provides a mathematical guarantee that even if one tenant's key is compromised, it does not expose other tenants' data, emphasizing the need for both cryptographic and authorization controls to ensure comprehensive security.
Jun 15, 2026
2,739 words in the original blog post.
In the context of B2B SaaS platforms, the inevitability of compromised agents, copilots, and MCP servers raises concerns about the extent of potential damage rather than its occurrence, with credential hygiene being a central issue. The rapid integration of AI tools into production environments often involves security oversights, such as using API keys with excessive permissions or long-lived credentials stored insecurely, leading to vulnerabilities similar to those seen in the 2021 Codecov breach. Effective risk management involves several strategic actions: inventorying and tagging non-human principals to identify and rectify orphaned keys, replacing static secrets with short-lived tokens to minimize exposure, and ensuring that service identities are synchronized with directories to maintain up-to-date inventories. These practices aim to restrict the damage when a credential is compromised, focusing on limiting the blast radius rather than outright prevention, and involve pragmatic steps like tightening credential lifetimes, narrowing scopes, and monitoring for anomalies in non-human principal activities.
Jun 12, 2026
801 words in the original blog post.
Running an AI product with a free tier often results in token theft and abuse, where attackers create multiple fake accounts to exploit free services without any intention of paying. This abuse involves tactics like mass account creation, use of stolen credit cards, and account reselling, with the stolen access being used for various purposes such as automated content generation and running coding tasks. The traffic generated by such abuse is characterized by automated signups with randomized usernames and abnormal token use, which can lead to significant operational disruptions. Traditional security tools often miss these abuses due to their focus on network-layer signals rather than application-specific behaviors. Effective mitigation requires making abuse economically irrational through strategies like device fingerprinting, email domain reputation checks, velocity scoring, and SMS challenges, as well as leveraging cross-product intelligence to adapt to evolving threats. As attackers continue to adapt quickly, relying on dedicated services like Radar can help manage this ongoing threat without diverting resources from core product development.
Jun 12, 2026
977 words in the original blog post.
AI agents require credentials to perform tasks, much like traditional software, but managing these credentials poses unique challenges due to the agents' autonomous and unpredictable nature. Standard methods of using long-lived API keys or shared service accounts often fail because they provide excessive and persistent access, risking unauthorized actions and complicating audit trails. Effective credential management for agents entails using short-lived, task-specific credentials tied to the user who authorized the action, stored securely, and easily revocable. This approach comprises three layers: encrypted storage for secrets to prevent unauthorized access, OAuth connection management to ensure scoped and revocable permissions, and session-scoped authorization requiring human approval for each task session. These practices aim to minimize security risks and improve the traceability of agent actions, addressing concerns highlighted by incidents of credential misuse and emphasizing the need for robust identity and access management in AI-driven environments.
Jun 10, 2026
1,943 words in the original blog post.
Security failures in AI agent systems often result from recurring mistakes, such as shared user sessions, static API keys, and inadequate audit trails. To mitigate these risks, a checklist has been provided for backend and platform engineers to ensure robust agent authorization. This checklist emphasizes nine crucial properties, including assigning unique identities to agents, ensuring agent permissions are the intersection of agent and user permissions, and separating authentication from authorization using OpenID Connect and OAuth 2.1. It also highlights the importance of short-lived, audience-bound access tokens, implementing human approval for sensitive actions, securely storing and rotating tokens, maintaining immutable audit logs, enabling immediate access revocation, and designing systems to fail closed rather than open. The document underlines that addressing these aspects is vital for creating production-grade systems that can withstand incidents and meet enterprise security requirements.
Jun 10, 2026
2,388 words in the original blog post.
When AI agents delete production databases, it often results from them having permissions equivalent to the user who invoked them, due to a flawed design decision where the agent operates under the user's credentials. This model, while simple to implement, is risky because it allows the agent to perform any action the user can, leading to potential security incidents. The industry is shifting towards a delegated access model governed by the intersection rule, which requires that an agent's effective permissions be the overlap of its own configured capabilities and the user's current permissions. This approach ensures that agents only perform tasks they are specifically authorized for, reducing the risk of excessive agency, where agents can take unintended actions with significant impact. The delegated access model involves using scoped tokens, ensuring that an agent's actions are both limited and auditable, and it addresses vulnerabilities such as confused deputy attacks by enforcing stricter access controls at each tool invocation.
Jun 10, 2026
2,396 words in the original blog post.
In December 2025, researchers introduced the concept of MemoryGraft, a method to compromise AI agents by embedding malicious entries in their long-term memory through seemingly harmless content. This attack could result in AI agents adopting harmful behaviors by retrieving and acting upon these poisoned memories, believing them to be part of their own successful experiences. The MINJA attack, revealed at NeurIPS 2025, demonstrated a more sophisticated version whereby an attacker could corrupt an agent's memory merely through regular interactions without direct memory access. This poses a significant security threat distinct from prompt injection attacks due to its temporal decoupling and implicit trust in memory. Memory poisoning affects future decisions and can spread across multi-agent systems, making detection and mitigation challenging. Various defense strategies are suggested, including validating content at ingestion, tracking memory provenance, isolating memory by trust scope, setting expiration policies, monitoring for behavioral drift, and implementing incident response processes to trace and quarantine poisoned memories. These strategies are crucial for maintaining the integrity of AI agents and preventing compromised decision-making processes.
Jun 09, 2026
2,135 words in the original blog post.
.NET occupies a distinctive role in the JWT ecosystem, with libraries maintained by Microsoft under the IdentityModel project, seamlessly integrated into ASP.NET Core's authentication pipeline and widely used in applications consuming tokens from Azure AD, Entra ID, or any OIDC-compliant provider. The transition from the legacy JwtSecurityTokenHandler to the modern, more performant JsonWebTokenHandler underscores a significant shift in JWT handling within .NET, which now emphasizes asynchronous operations and improved performance. This guide provides comprehensive insights into both the legacy and modern approaches, covering essential aspects such as token creation, validation, JWKS with automatic key discovery, ASP.NET Core JWT Bearer authentication, claim mapping, and best practices for production environments. It highlights the importance of using modern libraries for better security and performance, configuring JWT handling through the Authority pattern for OIDC providers, and adopting practices like policy-based authorization and short-lived tokens for enhanced security. Additionally, WorkOS is presented as a solution for managing enterprise authentication needs, offering a .NET SDK to streamline OAuth flows and support features like Single Sign-On and user management without the need for building an entire authentication stack from scratch.
Jun 09, 2026
3,451 words in the original blog post.
Enterprise software teams often default to supporting SCIM for directory synchronization due to its standardized schema and broad IdP support, but real-world applications reveal complexities. Many enterprise directory systems like Google Workspace, on-prem Active Directory, and various HRIS platforms such as Workday and BambooHR do not fully conform to SCIM standards, necessitating additional integration strategies like polling and webhook handling. This requires a flexible infrastructure that includes reconciliation logic to handle discrepancies and schema normalization to manage diverse data models. Companies must prioritize which system's data takes precedence and maintain comprehensive logs to address potential conflicts or errors. WorkOS offers a solution by managing these complexities through a unified API that abstracts the intricacies of different directory systems, allowing businesses to integrate varied sources without dedicating extensive resources to maintaining directory synchronization. This capability is particularly crucial for enterprises dealing with complex directory setups, where a SCIM-only approach proves insufficient.
Jun 09, 2026
1,292 words in the original blog post.
The text delves into a detailed exploration of the OAuth authorization protocol, addressing its design choices and security measures. It explains the separation between the authorization server and the resource server, emphasizing security benefits such as reduced attack surfaces and distinct maintenance teams. The use of an authorization code instead of directly issuing an access token is justified by security concerns, like preventing exposure through browser history or malicious extensions. The discussion highlights the role of access and refresh tokens, noting that while access tokens are bearer tokens, refresh tokens require a valid clientId and clientSecret, thus reducing vulnerability. The text also introduces PKCE as a method to enhance security, particularly for Single Page Apps and mobile applications, by ensuring the entity redeeming the access token is the one that requested the authorization code. The author acknowledges the complexities of OAuth and expresses a continued interest in understanding its intricacies, such as the use of the state parameter as a CSRF token.
Jun 04, 2026
2,159 words in the original blog post.
Switching identity providers is a complex and high-stakes process that affects every user session, login flow, and SSO connection, presenting significant risks if not handled correctly. To avoid the pitfalls of a "flag day" approach—where all users are migrated simultaneously, leading to potential system-wide failures—WorkOS proposes a gradual migration strategy. This involves four phases: shadow authentication, just-in-time (JIT) provisioning on login, password hash import, and individual SSO connection cutover. Shadow authentication allows both the old and new providers to run concurrently, routing users based on their migration status, while JIT provisioning migrates users during their login process without disruption. Password hash import ensures inactive users can transition smoothly without requiring password resets, although some providers like Cognito may necessitate alternative actions. The SSO cutover phase requires careful coordination for each connection to avoid service interruptions, with the option of using a transparent proxy for larger scales. By implementing these phased steps, the risk of migration failures is minimized, making the transition seamless and avoiding the need for a risky, all-at-once switch.
Jun 03, 2026
1,299 words in the original blog post.
Role-based access control (RBAC) presents a challenge in maintaining consistent logic across numerous endpoints over time, and this tutorial offers a solution by leveraging FastAPI and WorkOS for a sustainable RBAC system suitable for production environments. The process involves using a verified JWT to carry claims into an API, with a thin enforcement layer querying permission validity, and a centralized policy layer providing answers. WorkOS simplifies the management of roles, permissions, and organization-specific assignments, allowing applications to enforce specified policies without internal code modifications. The tutorial guides users through setting up the WorkOS RBAC system, defining permissions and roles, and implementing an enforcement layer in FastAPI utilizing dependency injection. It also addresses common pitfalls like mixing authorization with business logic and highlights the benefits of fine-grained authorization for complex resource structures as a future-proofing step. This ensures that as authorization models evolve, the enforcement layer remains stable, requiring minimal alterations to the core system.
Jun 03, 2026
2,199 words in the original blog post.
In the context of AI agent systems, traditional logging methods are insufficient to ensure accountability and compliance, as they fail to capture the nuanced activities of autonomous agents operating on behalf of users. While application logs are designed to identify operational issues by logging user actions and system responses, they do not account for the complex, multi-step processes involved in agent systems where agents independently make decisions, perform tasks, and interact with various tools. This necessitates a more comprehensive agent audit logging approach that records the agent's identity, session context, delegation chain, and detailed tool-level activity to provide a complete picture of agent actions. Such logs are crucial for tracing authorization chains, distinguishing between user and agent actions, and ensuring all activities are within approved scopes. Unlike operational logs, agent audit logs must be immutable, complete, and retained for extended periods to satisfy regulatory requirements and enable identity-centric queries. Establishing this logging infrastructure is critical for maintaining trust, accountability, and security in AI-driven systems, and platforms like WorkOS offer solutions to streamline this process by integrating necessary authentication and audit features.
Jun 03, 2026
1,755 words in the original blog post.
The text provides an in-depth examination of the architecture and terminology surrounding AI agents, breaking down the complexity into five essential layers: the User/App Surface, Agent Framework, Tools and MCP Servers, LLM/Model, and Auth and Identity. It emphasizes the importance of understanding each layer's function, from where human interaction begins to where reasoning and decision-making occur, highlighting how each contributes to the overall functionality and security of AI agents. The text stresses the significance of the Human-in-the-Loop (HITL) design pattern, the role of agent frameworks in orchestrating tasks, the evolution from tools to skills for enhanced capabilities, and the necessity of robust authentication and authorization processes throughout the stack to ensure secure and effective operations. It underscores the need for a coherent vocabulary to navigate the evolving landscape and the integration of WorkOS solutions to address authentication challenges, ultimately advocating for a secure, well-architected approach from the outset to avoid retrofitting complexities later on.
Jun 02, 2026
2,693 words in the original blog post.
The guide delves into the complexities of implementing authorization in TanStack Start, emphasizing that it involves more intricate layers than authentication, which simply establishes user identity. It outlines the necessity of modeling roles and permissions to ensure secure application access, advocating for either flat roles or the more scalable permission-based Role-Based Access Control (RBAC). The guide stresses the importance of enforcing authorization at multiple levels, including server functions and middleware, to prevent unauthorized access, even if route-level checks are in place. It introduces organization-scoped roles and resource-level permissions for more granular control, addressing common B2B application needs. The guide also highlights the advantages of using WorkOS for managing roles and permissions, which simplifies complex authorization tasks like syncing roles from identity providers and handling multi-organization scenarios. Ultimately, it underscores testing authorization logic thoroughly to safeguard sensitive operations and suggests starting with a minimal role setup that can be expanded as needed.
Jun 02, 2026
3,870 words in the original blog post.
Securing AI agents, particularly within the context of an MCP (Model Control Protocol) server, involves addressing specific risks beyond just focusing on prompt injection. An MCP server, which facilitates network access for AI clients and exposes tools for invocation, faces unique security challenges that differ from traditional APIs. These challenges include unauthenticated tool access, prompt injection through tool results, excessive agent permissions, persistent token exposure, and the absence of an audit trail. To mitigate these risks, it's crucial to implement OAuth 2.1 for authentication, treat all tool results as untrusted data, enforce session-scoped permissions, avoid long-lived token exposure, and establish a comprehensive audit log. By addressing these areas, the security of an MCP server can be significantly enhanced, ensuring that the interplay between AI models and production systems remains secure and trustworthy.
Jun 02, 2026
1,295 words in the original blog post.
Boris Cherny, the creator of Claude Code at Anthropic, discussed with Ben Gilbert and David Rosenthal how AI coding tools are transforming software engineering, highlighting significant shifts in productivity and roles within teams. Initially contributing a small percentage of Cherny's code, Claude Code's capabilities rapidly advanced with improved models, leading to a dramatic reduction in the need for traditional coding environments and a shift towards orchestrating automated workflows. This transition has effectively doubled Anthropic's engineering team productivity, significantly reducing onboarding time for new engineers and decreasing coordination overhead. The conversation also touched on the evolving roles within teams, emphasizing a "golden age of the generalist" where staff are encouraged to adopt diverse responsibilities, fostering automation and innovation. Cherny shared insights on the evolving nature of product taste in the AI era, noting that personal biases may soon give way to model-driven decisions as AI improves its ability to generate viable product ideas. Ultimately, Cherny believes that instilling values will remain the unique human contribution in guiding AI, aligning with Anthropic's focus on AI safety.
Jun 02, 2026
555 words in the original blog post.
At an Acquired Unplugged event at Shake15, hosts Ben Gilbert and David Rosenthal of the Acquired podcast shared insights from their extensive study of successful companies, highlighting that enduring success often stems from being deeply founder-led and embracing unique differentiators rather than conforming to industry norms. They noted that companies like Hermès, Apple, and Google thrive by leaning into their distinctiveness, with the founders treating their businesses as lifelong endeavors. Despite the uniqueness of each company's path, the common thread is their ability to resist external pressures to conform. Additionally, Ben and David remark on the forward-thinking nature of successful leaders, who focus on future innovation rather than past achievements. Their research process for podcast episodes is thorough, involving six weeks of preparation, extensive interviews, and the use of AI tools for organizing content, culminating in a comprehensive exploration of what makes companies exceptional.
Jun 02, 2026
562 words in the original blog post.