Insecure Agents is a podcast that curates the most important conversations and trends in AI security. AI engineers, CISOs, and security practitioners listen to learn how to give their agents the security they need to reach higher levels of capability and autonomy.

Allie Howe

ALLIE HOWE HOST

Allie Howe is a Member of Technical Staff at Keycard and has a background in security engineering. She is a core contributor to the OWASP Agentic Security Initiative and has spoken at AI Engineer World's Fair and AI Agent Security Summit.

𝕏 @vtahowe in /allisonhowe

Back to episodes
Karl McGuinness — former Chief Product Architect at Okta
#41 Jun 29

Episode 41 · Jun 29

The Grant Behind Enterprise Managed Auth for Claude: ID-JAG with Karl McGuinness (ex-Okta)

Karl McGuinness · former Chief Product Architect at Okta

--:--

We sit down with Karl McGuinness, former Chief Product Architect at Okta and the author of ID-JAG, to dig into the OAuth problem that agents are about to make much worse. Karl walks us through what he calls OAuth islands, the separate OAuth stacks scattered across enterprise SaaS that security teams cannot monitor or revoke, and explains why every new agent integration adds another one. We get into OAuth federation, how ID-JAG (the Identity Assertion JWT Authorization Grant) lets a central identity provider broker access across those islands, and how it slots into Anthropic's Enterprise Managed Auth for Claude. Karl makes the case that centralizing agent access governance, rather than letting each app mint its own long-lived tokens, is what gives enterprises a real chance at visibility and revocation as agents proliferate.

Listen on