Table of Contents
This article was written by Kevin Gao, Head of DevRel at Descope, and Rohit Ganguly, AI Product Manager at Descope.
Today, we’re excited to share that Descope has joined the Agentic AI Foundation (AAIF)! The AAIF is a new Linux Foundation initiative bringing together leaders across the AI landscape such as Anthropic, Google, Microsoft, Block, and others to shape the future of agentic AI in a transparent, interoperable manner.
The agentic year
In 2025, we witnessed the explosion of AI systems from simple chatbots to full-blown AI agents. The Model Context Protocol (MCP) was a key part of this transformation, empowering developers to easily build systems to enable agents to take actions within their systems.
When an AI agent wants to access critical data in HubSpot, write code in your GitHub repo, or update internal systems, we see traditional identity models fracture and vulnerabilities appear. Since the beginning of this shift, we at Descope have recognized, advocated for, and pioneered agentic identity solutions tailor-made for this new era.
The latest iteration of the Descope Agentic Identity Hub enables developers to implement protocol-compliant auth and access control for their MCP servers with five lines of code, along with enterprise-grade access policy and auditing support. Our newest Python MCP SDK also makes it very easy to bring in authentication and authorization to any MCP server built with Python.
AI agents break traditional IAM systems
When AI agents connect to systems that contain sensitive data or enable high-privilege actions, identity models built for humans start to break. Static machine-to-machine authentication, permission scoping, and audit expectations don’t always translate cleanly to software acting autonomously across multiple services. This shift is why we believe agent-native identity infrastructure is critical.
MCP’s rise, and its role as a founding AAIF project, highlights this trend well. It has set a strong direction for agent-to-tool connectivity, but many organizations still face a large gap between early development and enterprise-ready agent deployments, particularly around authentication, authorization, and governance. A recent Descope survey of 400+ identity decision-makers found that while 88% use or are planning to use AI agents, only 37% have moved past pilots due to identity headaches.
As AI agents take on real work across systems, authentication and authorization need to be treated as core infrastructure primitives. Developers shouldn’t just connect agents to tools in a haphazard manner–organizations need shared standards that make those connections secure, consistent, and trustworthy by design.
Joining the AAIF signals our commitment to helping define identity and security standards in the open, including continued contributions to the evolving MCP authentication and authorization specifications. Our focus is on advancing agentic identity as shared, practical infrastructure that organizations can trust as deployments scale.
We’d love to hear from you
If you're building AI agents, MCP servers, or if you're thinking about these problems, let's talk. We’ve helped organizations of all sizes–fast growing startups like WisdomAI and Daylight Security, scaleups like Cequence Security, and large enterprises–build secure, identity-aware agentic systems, but we know the industry has many more questions than answers.
Agentic AI is going to transform how we work and live, but it'll only reach its potential if we can trust it. Trust starts with identity.
Let's build this future together!
