July 2026 Summaries
6 posts from WorkOS
Filter
Month:
Year:
Post Summaries
Back to Blog
At the AI Engineer World's Fair 2026, Michael Grinich discussed the evolving landscape of AI expenditure with Remy Guercio from Tailscale, focusing on the shift from "token maxing" to "ROI maxing" in AI projects. Remy highlighted the financial implications of utilizing large context windows in AI models, emphasizing that while this exploration has been productive, it has also led to significant costs, prompting finance teams to scrutinize AI bills from various providers like OpenAI and Anthropic. He used the Concorde analogy to illustrate that efficiency should be measured per task rather than per token, as cheaper tokens don't necessarily equate to cheaper tasks. Aperture, Tailscale’s AI gateway, was introduced as a solution to monitor and manage AI model usage and costs, providing insights into average costs per million tokens and facilitating governance by tracking agent activities and stripping PII. Remy cautioned against consolidating AI services with one provider, advocating for diverse experimentation across models to ensure cost-effectiveness and performance verification. He noted the cultural shift within Tailscale, where AI has enabled engineers to explore multiple approaches, leading to potentially better software development. The discussion also touched on the broader theme of token allocation akin to capital allocation, underscoring the importance of thoughtful AI usage in balancing costs and innovation.
Jul 08, 2026
956 words in the original blog post.
Vercel's acquisition of Better Auth, an open-source TypeScript authentication library, signals a shift in governance and development priorities towards agent identity and Vercel's platform integration, while maintaining its open-source and MIT-licensed status. Despite the acquisition, the library's core features remain unchanged, but it presents developers with a decision between maintaining their own authentication infrastructure or opting for a managed platform like WorkOS, which offers extensive enterprise features and support. As Vercel integrates Better Auth's capabilities into its broader strategy, the acquisition prompts developers to reconsider the benefits and drawbacks of self-managed authentication versus outsourcing to a service that handles complex identity management tasks, especially as they scale towards enterprise-level needs. The acquisition does not compel immediate changes, but it encourages developers to evaluate their long-term authentication strategy, with Vercel and several other companies opting for WorkOS to manage their authentication needs.
Jul 08, 2026
910 words in the original blog post.
The AI Engineer World's Fair 2026 in San Francisco saw the WorkOS team hosting a variety of events and discussions that centered around the evolving role of AI in organizational operations. The events included a popular workshop, "Lifestyles of the AI-Native," which emphasized transitioning from manual typing to operating with AI agents, leveraging tools like Handy for voice coding and implementing verification gates for automated processes. Michael Grinich, founder of WorkOS, presented "Auth for Agents" on the mainstage, discussing the open protocol auth.md that enables AI agents to authenticate users without traditional sign-up forms. Additionally, Garrett Galow introduced Studio, a system empowering non-technical employees to create tools without coding, while Ryan Cooke critiqued simplistic software factory models, advocating for a deeper integration of organizational processes. The conference highlighted the importance of building robust frameworks around AI models to effectively harness their potential within business operations, a theme underscored by the open-source resources shared for further exploration.
Jul 07, 2026
1,203 words in the original blog post.
WorkOS has introduced a new GraphQL API that provides developers with direct access to data and mutations, allowing them to construct custom user interfaces without being constrained by the prebuilt Widgets previously offered. This API enables developers to fetch necessary fields in a single request, providing a more streamlined and efficient development process compared to traditional REST endpoints. The API retains a session-aware, client-side access model similar to Widgets, but without the predefined UI, supporting the complete lifecycle of user management, including queries and mutations for users, memberships, and invitations. Initially launched in closed beta, the API plans to expand its capabilities to include features like SSO, directory sync, audit logs, and RBAC, with future enhancements benefiting both the API and existing Widgets. Access to the API is currently limited to teams developing custom user management interfaces, who are encouraged to provide feedback on its schema and authentication model.
Jul 03, 2026
723 words in the original blog post.
AuthKit has introduced step-up authentication to address the issue of equal trust levels for all actions within a session, regardless of their sensitivity. This feature allows specific operations to require fresh verification without terminating the existing session, ensuring that actions such as accessing admin panels or changing billing details are executed with confirmed user identity. This is particularly important for applications under compliance regulations like SOC 2, HIPAA, or PCI-DSS, where re-verifying before accessing sensitive data is expected. The new release includes an auth_time claim on tokens to track the last active authentication, a max_age parameter to enforce re-authentication based on a specified time threshold, and a hosted re-authentication flow. The system emits an authentication.reauthenticated event upon successful step-up, and the WorkOS Node core SDK facilitates integration by providing tools to build authorization URLs with max_age and check token freshness.
Jul 02, 2026
739 words in the original blog post.
WorkOS has introduced the Management MCP Server, a remote server that allows agents to manage WorkOS accounts via OAuth authentication, mirroring the permissions of the user's dashboard login. This server provides a comprehensive range of operations across the WorkOS product suite, including managing organizations, SSO connections, and user roles, while deliberately excluding sensitive operations such as credential-minting and billing. Instead of a tool for each endpoint, it uses a discover-then-execute design to efficiently manage operations within an agent's context. This enables agents to perform management tasks traditionally done via the dashboard, such as debugging sign-in issues or configuring branding, without the need for a local development setup. Team access to the MCP server can be controlled through authentication settings, allowing incremental adoption. The MCP server complements the WorkOS CLI by offering remote, no-install access, making it suitable for various automated workflows and agent interactions.
Jul 01, 2026
1,153 words in the original blog post.