Who Let the Agents Out? Your client_id Is Not An Identity

About this recording

Your agents are running. Your MCP servers are connected. Now ask yourself: who actually authorized that tool call?

Most agent systems in production today authenticate with static API keys and client IDs. That's the same credential model that nearly broke microservices a decade ago, and it doesn't hold up for non-deterministic agents that generate SQL queries on the fly and call MCP servers with whatever scope an attacker can prompt them into.

This session covers the identity gap at the heart of modern agentic systems and walks through how Dapr and Diagrid Catalyst provide the workload identity and policy enforcement layer that agents and MCP servers are missing today.

Inside the session

• Why client IDs and OAuth alone don't solve agent identity
• The failure modes without agent identity: prompt injection access amplification, slow access revocation, no audit trail, no provenance
• Why MCP gateways stop at the wall and don't solve identity once you're inside
• How SPIFFE workload identity, mTLS, and rotating certificates work inside Dapr and Catalyst
• A live demo: apply a zero trust policy across agents and MCP servers in a single CLI command, then layer in granular, runtime-configurable access
• Just-in-time access for non-deterministic agent workflows
• Trust domains for grouping agents, MCP servers, and applications

Who this is for

• Platform engineers and DevSecOps teams securing agent infrastructure
• Developers building multi-agent systems or integrating MCP servers into production workflows
• Security architects evaluating governance and auditability for agentic AI
• Engineering leaders defining the identity and access control strategy for their AI platform

Resources

• Demo code on GitHub
• Tutorial: Zero-Trust Authorization for MCP Servers
• Agent Identity: The Foundational Layer that AI Is Still Missing