Enterprise-Managed Authorization Is a Foundation, Not a Ceiling: Why Connected Agents Need Per-Action Authorization
Blog post from Arcade
Enterprise-Managed Authorization (EMA) centralizes access provisioning by making an organization's identity provider the authoritative decision-maker for Multi-Cloud Platform (MCP) server access, thus eliminating the need for per-server OAuth consent prompts. However, while EMA efficiently manages connection-time governance by determining who may connect to what, it does not provide authorization for individual tool calls, which is critical in preventing attacks like prompt injection that exploit capabilities already present in an agent's environment. These attacks highlight the need for per-action authorization, which evaluates whether a specific tool call should proceed based on the intersection of organization policy, user delegation, and agent capability, checked at execution time. This form of authorization is necessary to limit the blast radius of such attacks and ensure that actions match user intent. Despite advancements in OAuth, including Rich Authorization Requests (RAR), they remain insufficient for transaction-specific authorization in AI agents, demonstrating a need for runtime enforcement mechanisms. Implementing per-action authorization involves using a pre-execution interceptor to evaluate policy at the execution level, ensuring secure action handling without replacing existing corporate identity infrastructures like EMA, and integrating tools such as Microsoft's Agent Governance Toolkit and platforms like Arcade.dev to provide comprehensive runtime security.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| MCP | 18 | 6,026 | 689 | 188 | -15% |
| LLM | 10 | 5,172 | 1,006 | 220 | -43% |
| AI Agents | 7 | 4,874 | 1,103 | 240 | -1% |
| Platform Engineering | 7 | 1,249 | 211 | 81 | -3% |
| OpenTelemetry | 2 | 701 | 153 | 53 | -26% |
| AI Coding Assistant | 1 | 1,586 | 431 | 148 | -12% |
| AI Guardrails | 1 | 437 | 127 | 49 | +102% |
| Real-time | 1 | 5,457 | 1,338 | 238 | -5% |