You don’t have to be closely following the AI space to hear about AI agents. They're on everybody’s lips right now, framed as an evolution of our interaction with artificial intelligence. Tools like ChatGPT, DeepSeek, or GitHub Copilot allow you to have a “conversation” with the large language model (LLM). As a result, they might tell you what to do to fulfill your task—show you the code you should write, propose some steps you should undertake, or point you to a place where you can search for more information. Agents, on the other hand, take action on your behalf. While an AI chat can tell you where you should go to book your flight, an AI agent can book one for you. At least, that is the promise.

AI Agents Are the Next Big Thing…

… even though they’re not quite there yet. To say that the AI environment is rapidly evolving would be an understatement, and you can definitely see similarly rapid development in the AI agents space. Still, few products are completely production-ready, and many companies are still trying to figure things out.

Consider this anecdotal evidence. I recently tried out an AI agent that claims to be one of the best for travel assistance. Even though I allowed the agent to use my location (Poland) and shared my mobile number with it, the flights it proposed were priced in Australian dollars. I tried to change that but to no avail.

In the end, the agent concluded that it actually couldn’t change the currency at all and claimed that the prices were in fact in my local currency — PLN, even though they clearly were not. The whole process of trying to book a flight took a few times longer than it would have taken me if I had used a dedicated booking website, like Kayak or Expedia. It was also much more frustrating trying to figure out how to interact with the agent.

Even if the agents are not ready for the end user to utilize them, the market is clearly growing, which means that service providers should examine this space closely.

AI Agents Need Integrations

Most AI agents will eventually operate with an external service—they read data, perform searches, update data, and commit transactions. This means the agent needs a way to integrate with the external service, regardless of whether it’s a weather API, online store, or mailbox. Agents can adopt different approaches to integrating with external parties — some might mimic the user’s behavior and operate directly on the user interface, while others will operate on API, which is still the common way to integrate with external services.

This means that service providers should take this new reality into consideration when planning how to evolve their products. Consider the following:

• Make sure that the service offers an API that AI agents can easily integrate with.

• Create documentation that not only developers but also LLMs can consume.

• Be prepared that the service might be used by an agent even when no API is exposed.

Some in the industry propose that agents will automatically find and connect to APIs they need to fulfill the user’s current request. However, this will not be as simple as it sounds. API providers should consider how to facilitate integration with agents but also acknowledge that this integration will most probably involve a limited amount of manual tasks. An AI agent will need to act as the usual API client, which means it will need a way to obtain credentials that allow it to access the API. This is important as the API provider needs its usual way to control which applications call the API and properly apply billing.

For some open APIs, like weather data or restaurant review APIs, authorization is not important. But, for APIs that handle user data or perform actions on the user’s behalf, properly authorizing API access is imperative. Even if the agent operates on its own, it will need the initial user authorization to perform certain actions. It might also require additional authorization whenever it performs a sensitive action, like placing an order or modifying the user’s data. The API providers have to start planning how these functionalities can be achieved so that agents can properly integrate with their APIs.

Let’s Not Make Stepbacks

Moving fast to develop new solutions incentivizes taking shortcuts. It is important, however, that we don’t sacrifice the good security practices we have built along the way. Consider the following AI agent example, taken from the Multi-ON Agent API:

At first sight, it may look impressive, as it allows performing an action in a fast and simple way, and uses natural language to do so. There are a couple of issues with this approach, however:

• It requires disclosing user credentials to a third-party provider. Something we, the web industry, advocated to stop doing long ago (and pretty much achieved it).

• It does not take multifactor authentication into consideration.

• It does not allow using modern ways of authentication, like passkeys.

Utilizing AI agents should not compromise the security of our accounts nor impede the user experience. Companies should take that into consideration when thinking about the solutions.

 AI Agents and Security Considerations

API providers should take time to design proper authentication and authorization solutions for AI agents, and they should remember that the necessary building blocks are already available. It’s just a matter of applying them.

OAuth

OAuth is a great framework that should form the basis of any access made by AI agents. It’s been created to solve the problem described above — it’s a way of delegating access to a user’s resources to another application. With OAuth, a user can decide what the agent will be able to do with their data, and as a result, the agent receives a credential that is limited both in time and scope — the access token. The user retains both: all the means of authenticating that they previously had and a way of having the AI agent perform some work on their behalf.

OAuth requires user interaction, and now it is up to the industry to come up with a way that provides a seamless user experience when working with agents.

Token Exchange

Once an agent obtains an access token, it can leverage the token exchange standard to obtain another token that will allow it to perform another action. If service providers can build a chain of trust among themselves, it could allow an agent to call services without needing additional authorization from the user. This will become especially important should the agent call numerous different services to perform an action. If an agent has to call five or more services and every service requires the user to authorize access, this does not result in a good user experience. If the user could authorize access only once, then the agent could exchange the token to access all the other services, creating a much smoother but still secure UX.

Dynamic Client Registration and AI Gateways

Dynamic Client Registration is a protocol that can allow agents to integrate with APIs in an automated way. Together with the aforementioned techniques — building a chain of trust and using token exchange — agents could be able to register at an API without any manual interaction whatsoever, where the initial access to the DCR endpoints is provided by another trusted service.

An emerging technology that might help with API integration is AI gateways. Similar to API gateways, these products can help introduce some central features, allowing agents to integrate more easily with external APIs.

Preparing for AI Agent Integration

AI agents might not have reached their maturity yet, but the industry is actively working on making them better. Service providers should keep that in mind and keep an eye on what is happening in the agentic-AI space. If your service is not using OAuth yet, consider adding it as a secure way for AI agents to integrate with it. If you already protect your service with OAuth, prepare for the automatic onboarding that AI agents will require to easily integrate. Remember that even if you don’t expose APIs, AI agents might be able to integrate with your services using user interfaces directly, which might mean that you have less insight into the integration. It is better to avoid such a situation and properly prepare for the agentic environment.