In addition to the MCP server, Cloudflare has partnered with companies such as Auto0, Stytch, and WorkOS.

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More. AI agents are set to change ID authorization: As they integrate behind the scenes, they will need to move seamlessly between different apps on our behalf, and not get continually halted by login screens, lest they become cumbersome. “Every app, or almost every app, will need to function as its own identity provider in the future,” Reed McGinley-Stempel, CEO of authorization platform Stytch, told VentureBeat. This requires a different approach to permissioning, one that supports sophisticated AI workflows while also protecting sensitive proprietary and personal data. Stytch’s new Connected Apps is aimed at this: The platform allows any SaaS company to become its own identity provider (IdP), ultimately enabling AI agents and third-party apps to securely authenticate, access data and take action on behalf of users.“AI agents are obviously having a moment,” said McGinley-Stempel. “You can delegate a task to an agent, and it can allow those other apps that are connected to this core customer or this primary identity provider to have read and write functionality.” Supporting whole-app ecosystemsSince its founding four and a half years ago, Stytch’s main role has been to effectively power “identity handshakes”: The platform enables the “client” side of the handshake with an external identity provider (such as Google or Microsoft) to verify user identity, share information like emails and names and allow for a simple login. Now with Connected Apps, Stytch customers can make the data within their apps accessible to other apps (both from a read and a write perspective). Third-party apps and agents can verify user identity, receive information and act on behalf of users in a permissioned way (AI agents), and login states can be shared between apps and systems. As McGinley-Stempel put it: “You can support an app ecosystem.” He pointed to the rise of “unsanctioned agentic access” — for instance, he personally has connected OpenAI Operator to his Twitter and LinkedIn profiles to occasionally do certain things on his behalf. “One of the problems with that is from a security and privacy and consent management level, it’s giving complete, broad-range access to these agents,” he conceded. With Connected Apps, the goal is to be more “programmatically secure” so that admins have a control pane and can properly manage permissions and refresh or revoke tokens as needed, he explained. “Because even though I want that productivity gain, I also need the ability to revoke access if I don’t think a certain app should be connected,” said McGinley-Stempel