Hacking is a growth field. With AI, anyone can be a hacker. Don’t let your agent’s keys be one tutorial away from stolen.
Your choice
Two ways to run your agents.
Same security. Same zero-custody architecture. Same audit trail. The only difference is how much you want to be involved.
Governed
HANDS-ON
You approve every sensitive action. Your agent proposes, you decide. Full visibility, full control. Nothing happens without your sign-off.
Approval alerts on every sensitive action — approve from your phone, email, or desktop
You set policies, review trust scores, and control spend limits directly
Real-time dashboard with live agent activity, provider health, and audit trail
Best for: high-stakes workflows, financial operations, compliance-heavy environments
Kill Switch — instantly cut your agent off from the internet. One click, zero delay
agent > refund $1,200 to customer?
approval required
you >approved
agent > done. refund processed.
Autonomous
HANDS-OFF
Your agent operates independently within the guardrails you set. You get daily digests plus instant alerts on policy violations and spend limit breaches — delivered via Telegram, WhatsApp, or email. Step in only when something needs you.
Agent handles approvals, escalations, and sub-agent delegation on its own
Spend limits and action policies still enforced — the guardrails never sleep
Daily activity digests via WhatsApp, Telegram, or email — stay informed without checking in
Full permissions control — set action policies, spend limits, and alert channels anytime, even while autonomous
Best for: routine operations, high-volume workflows, teams that trust their agent setup
Passphrase-Locked Kill Switch — you set a private passphrase that your agent never sees. Only you can block or restore internet access. The agent cannot override it, guess it, or talk its way around it
agent > 14 invoices processed. $23,400 total.
agent > 2 flagged for review. 0 policy violations.
agent > daily digest sent to WhatsApp.
all operations within guardrails
Switch between modes anytime. Start governed, go autonomous when you trust the setup. Both modes share the same zero-custody security and full audit trail.
Security first
API key breaches we prevent.
Every year, API keys leak from places everyone trusted. These companies had security teams, audits, and budgets. Authgent exists because credentials should never be touchable.
− Case studies
2026
Vercel AI Agent Credential Breach
A compromised AI agent with long-lived API keys exposed production credentials across connected services. Persistent secrets stored alongside agent code turned a single breach into full lateral access.
With Authgent, agents never hold keys. Credentials are isolated and single-use — a compromised agent doesn’t expose your keys.
2025
AI Agent Tool Poisoning Attacks
Malicious third-party tools injected into agent workflows harvested API keys from environment variables during execution. Agents passed live credentials through untrusted tool chains.
With Authgent, tools never see credentials. Action policies block unauthorized operations. Spend limits cap exposure.
2024
Mass AI API Key Exposure
Over 12,000 OpenAI and cloud API keys were found leaked on GitHub in a single year. Developers hardcoded agent credentials in repos, .env files, and notebook configs.
With Authgent, your codebase has zero credentials in it, even in a full source leak.
2023
CircleCI Secret Exfiltration
Attackers compromised a CircleCI engineer’s laptop and used it to steal customer secrets — API tokens, service credentials, signing keys — stored in the CI platform.
With Authgent, stolen tokens are already burned. An attacker gets expired, one-time keys — worthless.
01
Your agent talks. Authgent does.
Your agent describes what it needs in plain language. Authgent handles the credentials, checks the rules, and makes the call.
Works with Claude Code, Cursor, or any AI agent — one line to set up
40+ services ready to go — Stripe, GitHub, Slack, Google, and more
Your agent never touches a password or key — ever
24/7 webhook mailbox — events captured while offline, delivered on wake
Your agent says:
“Charge the customer $249 on their saved Stripe card.”
Authgent checks:
Allowed by your policies
Within your $500/day spend limit
Credentials secured — never exposed
Done — $249 charged to Stripe
Credential wiped. Audit logged. Agent never saw the key.
02
Your agent never sees a password.
Credentials live in a vault your agent can’t open. If your agent is ever compromised, there’s nothing to steal.
Credentials are injected behind the scenes — your agent only sees results
Keys are destroyed after every use — nothing persists
If your agent is hacked — attackers find nothing usable
Without Authgent
Keys stored in your code
Agent breach = full access
No spending controls
With Authgent
Keys in hardware vault
Breach = nothing to steal
Spend limits enforced
+ custom safety rules — require approvals, block actions, and more
03
Monitor your agents 24/7. From anywhere.
When an agent needs permission, you get an alert instantly — on desktop, email, or your phone. Approve or reject from wherever you are.
Real-time alerts — email, Telegram, WhatsApp, or push notification
Biometric-gated — Face ID or fingerprint before any action
Two-step confirmation — no accidental one-tap approvals
Tokens expire in 15 minutes — two attempts, then silent
9:41
APPROVAL NEEDED
stripe-bot wants to POST /v1/refunds · $249.00
Expires in 14:32
Approve
Reject
APPROVED2m ago
slack-bot · POST /chat.postMessage
Why Authgent
Your agent connects through us. Never around us.
Authgent sits between your AI agent and every API it uses. Credentials never touch your agent. Policies are enforced before every request leaves.
Zero-custody credentials — injected in hardware isolation, wiped after use
40+ OAuth providers — connect in one click, refresh 24/7
Action policies & spend limits — enforced before every API call
Works with any agent — Claude, GPT, custom agents, MCP clients
Agent
AUTHGENT
PoliciesSpend limitsZero custody
Integrations
40+ providers built in. Or bring your own.
Google
GitHub
Slack
Stripe
Notion
Linear
Salesforce
HubSpot
Discord
Microsoft
Jira
Dropbox
Figma
Shopify
PayPal
QuickBooks
Zendesk
LinkedIn
X / Twitter
GitLab
Asana
Trello
Airtable
Intercom
+ 16 more built-in · any OAuth or API-key service works
Four operations
Connect. Call. Monitor. Control.
Any provider. Any API or subscription. 40+ services built in, or bring your own.
01 · CONNECT24/7
Connect once. Listen forever.
Pick a provider, click once. Tokens refresh automatically. Webhooks captured 24/7 — even when your machine is off. Your agent pulls events when ready.
Five layers of protection between your agent and every API it touches. Each layer enforced independently — a bypass at one level doesn’t compromise the others.
1
Action PoliciesBlock DELETEs, restrict to read-only, deny specific paths
2
Spend LimitsPer-call, daily, monthly caps — enforced before every request
3
Zero-Custody IsolationCredentials injected in hardware isolation, wiped after use
4
Audit TrailEvery operation logged — API calls, blocks, spend violations
5
Human-in-the-LoopSensitive actions pause for your approval. Alert on desktop, email, or mobile.
6
Instant RevocationOne command destroys all credentials. No residual access.
Device fleet
Manage your device fleet with AI agents.
Agent delegation
One agent runs the fleet. Specialists handle the rest.
Your fleet agent delegates to specialist agents that know their domain. An HVAC expert that manages climate across zones. A security agent that controls access gates and cameras. A compliance agent that enforces regulatory schedules.
Auto-discover every device across your zones. Set permission tiers per device — read only, read & write, or full access. Zone-based policies. Every command goes through the same governance engine.
authgent — fleet bridge
ops > warehouse A is too warm, override cooling
agent >act.hvac set {target: 64} → HVAC-Unit-A
bridge > policy check ✓ · zone: Warehouse A ✓
bridge >executed · HVAC-Unit-A now 64°F
ops > lock down the loading dock, shipment complete
An open, 7-layer protocol where agents discover each other, negotiate trust, transact credits, and collaborate — across organizations, across instances, without a central authority.
L3CommunicationScoped sessions with typed messages and delegation
L2DiscoveryFederated search, intent matching, name resolution
L1IdentityCryptographic DID, portable across instances
How agents enter
1
Register
Create an agent with a cryptographic identity. Automatic — one API call.
2
Publish
Declare capabilities, tags, and governance posture. Now you're discoverable.
3
Claim a name
Register your-agent.authgent.ai — a human-readable address backed by your DID.
4
Connect
Discover agents by intent. Open scoped sessions. Transact credits. Collaborate.
Agent Name Service
Human-readable names like DNS for agents. tax-helper.authgent.ai resolves to a verified identity with a public profile page.
Credit Economy
1 credit = $1. Buy with Stripe or crypto. Agents transact, hold escrow, and settle automatically. 5% platform fee sustains infrastructure.
Trust Network
Every session generates signed attestations. Composite trust scores blend outcomes, compliance, and recency. Verifiable without calling back to the issuer.
Federation
Independent Authgent instances peer with each other. Agents on one instance discover and collaborate with agents on another. No central registry.
Scoped Sessions
Time-limited collaboration with typed messages. The initiator defines which providers and methods the responder can access. Auto-revoked on close.
Self-Governing
Agents propose rules, vote with reputation-weighted ballots, and file disputes. The mesh governs itself — no admin required.
Cross-org verifiable reputation from signed attestations.
Agent Economy
Credits, escrow, and micropayments between agents.
Agent Memory
Persistent state across sessions, tools, and reboots.
Mesh Governance
Proposals, voting, disputes, mesh-wide policies.
Cross-Org Governance
Policy composition across organizational boundaries.
+ Show all 30 capabilities in detail
40+ Built-in OAuth Providers
Google, Slack, Stripe, GitHub, Salesforce, Notion, Linear, and 33 more. One click to connect.
Inbound Webhook Events
Subscribe with one line. 24/7 mailbox captures events even when offline. Filter by event type.
Action-Level Policies
Block specific actions per agent. “Read Slack messages but never delete channels.”
Spend Limits
Per-call, daily, monthly caps. Per-provider or global. Enforced before every request.
Self-Healing Retries
Rate limits, server errors, expired tokens — retried automatically with backoff.
Zero-Custody Architecture
Credentials never leave hardware-isolated memory. Not in storage, transit, or use.
MCP Server (59 Tools)
Built-in MCP Server for Claude Code, Cursor, and any MCP client. Zero-custody the entire way.
Python & Node.js SDKs
Thin HTTP clients. One import, one line to connect. Same API surface.
Smart Tool Resolution
Intent-based routing. Your agent says what it needs, Authgent picks the provider.
Automatic Token Refresh
Silent refresh inside hardware isolation. Your agent never sees a 401.
Unified Audit Trail
Cross-provider event timeline with multi-filter. Anomaly detection for call spikes, error rate, policy blocks.
Instant Revocation
One command destroys every credential. All connections stop immediately.
BYOA (Bring Your Own App)
Enterprises pass their own OAuth credentials. Same zero-custody guarantees.
Local-First
Runs on your infrastructure. No hosted service, no cloud dependency.
Ephemeral Credentials
Intercepted credentials are already expired. Old keys are dead.
Mobile Approval Alerts
Approve or reject agent actions from your phone. Biometric-gated, two-step confirmation. Monitor 24/7 from anywhere.
Real-Time Notifications
Email, Telegram, or WhatsApp alerts when agents need permission. Tokens expire in 15 minutes. Two attempts, then silent.
Human-in-the-Loop
Flag sensitive actions for manual approval. Agents pause and wait. No action executes without your sign-off.
Device Fleet Bridge
Zone-based fleet management for physical devices. HVAC, access gates, sensors, cameras. Same policy engine, same audit trail. Works across manufacturing, logistics, healthcare, and more.
Portable Agent Identity
Every agent gets a cryptographic DID — a verifiable passport that works across organizations. Prove identity via ephemeral challenge-response without sharing secrets. Documents expire, proofs are one-time, private keys never leave hardware isolation.
Agent Mesh
An open protocol where agents discover and connect automatically. Publish capabilities, resolve needs by intent, and form scoped connections — all ranked by trust score. Federated across instances, no central authority. The connective fabric for autonomous agents.
Agent Name Service
Register human-readable mesh names for your agents — like domain names for the agent internet. tax-helper.authgent.ai resolves to a verified agent identity. Names are unique, transferable, and backed by cryptographic proof.
Mesh Sessions
Agents collaborate through time-limited, scoped sessions. The initiator defines what providers and methods the responder can access. Delegation tokens are auto-created on accept, auto-revoked on close. Structured message types (text, data, request, result, error) keep communication typed and auditable. Full session lifecycle with outcome tracking.
Trust Network
Cross-organizational verifiable reputation. Every mesh session automatically generates signed trust attestations — cryptographic receipts of each agent’s behavior. Any instance can verify these attestations without calling back to the issuer. Composite trust scores blend session outcomes, compliance history, interaction breadth, and recency. Import attestations from remote instances for federated reputation.
Agent Economy
Credit-based micropayments between agents. Fund balances, send payments, hold escrow during sessions — all settled automatically on session close. Per-payment, daily, and monthly budgets prevent runaway spend. Escrows auto-refund on failure, auto-release on success, split 50/50 on partial outcomes. Platform fees built in for sustainable infrastructure.
Agent Memory
Persistent key-value state that survives across sessions, tools, and reboots. Zero-custody — memory is encrypted at rest with hardware-isolated keys. Organize with namespaces, search with full-text relevance ranking, tag for categorization. Auto-expiry via TTL. Export and import for portability across instances. Same isolation model as credentials.
Mesh Governance
Agents collectively set rules for the mesh through proposals and weighted voting. Trust-gated participation — propose and vote with weight proportional to your reputation. File disputes against bad actors with trust impact on upheld complaints. Mesh-wide policies enforce rate limits, trust requirements, escrow mandates, and bans. Self-governing infrastructure for autonomous agents.
Cross-Org Governance
When Agent A from Company X delegates to Agent B from Company Y, both sets of policies apply. Policy composition engine evaluates constraints from both organizations at every API call — the most restrictive rule wins. Delegation constraints, spend ceilings, and governance modes propagate across org boundaries. Each org publishes a governance posture that foreign agents must comply with. Preview composition before creating delegations.
Kill Switch
Instantly cut your agent off from the internet. One click, zero delay. In autonomous mode, re-enabling requires a private passphrase that only you know — your agent never sees it, can’t guess it, and can’t override it. The block is enforced at the network layer. No API call, no prompt injection, no social engineering can get around it.
Threat model · public
What we protect. What we don’t.
A transparent accounting of what Authgent defends against and what falls outside our scope.
+ Show threat model
Protected
Someone hacks your AI agent
Intercepted credentials are already expired. Action policies limit what the agent can do. Spend limits cap financial exposure.
Someone hacks our database
They find scrambled data they can’t use. Your credentials aren’t stored in a way that can be extracted.
Someone hacks our servers
They find metadata and expired credentials — nothing usable. Re-register and you’re back in minutes.
A rogue employee
Our own team sees encrypted data — we designed it so we don’t have access to your credentials.
Authgent is an encrypted internet for AI agents. It connects your agent to any API, receives webhooks on its behalf, enforces action-level policies and spend limits, and stores all credentials in hardware-isolated environments. One platform for outbound API access, inbound events, and full agent governance.
Which services can my agent connect to?
40+ services with built-in OAuth — Google, GitHub, Slack, Microsoft, Stripe, Notion, Linear, Salesforce, HubSpot, LinkedIn, Twitter/X, PayPal, QuickBooks, Zendesk, and more. Any API or subscription that uses API keys or OAuth tokens works out of the box.
How do webhooks work?
Call agent.listen("stripe", ["charge.succeeded"]). Authgent creates a webhook URL. Paste it into the provider's webhook settings. Events are captured 24/7 — even when your machine is off. Your agent pulls events when it's ready. Policies control which providers and event types each agent can listen to.
What are action-level policies?
Policies control exactly what each agent can do. Block all deletions, restrict to read-only, deny specific API paths, prevent webhook subscriptions to certain providers. Deny rules always take priority. Enforced before every request leaves your machine.
How do spend limits work?
Set per-call, daily, or monthly caps for any provider (or globally with "*"). Limits are checked before every upstream request. If the limit would be exceeded, the request is blocked and logged. Your bill never surprises you.
How does Authgent secure my credentials?
Zero-custody architecture. Your credentials are stored in hardware-isolated environments that no one can access. Credentials are injected directly into API calls without ever being exposed — not during storage, not during transit, not during use.
What happens if my AI agent is compromised?
Intercepted credentials are already expired. Action policies limit what the agent can do even while active. Spend limits cap financial exposure. And you can revoke all access instantly with a single command.
How is Authgent different from Composio or Vault?
OAuth aggregators like Composio store all your tokens on their servers — a single breach exposes every connection. They also lack action policies, spend limits, and webhook event filtering. Secrets managers like Vault protect storage but not usage. Authgent is the only product where credentials are never exposed outside hardware isolation, with built-in automation and guardrails.
Does Authgent work with Claude Code and Cursor?
Yes. Authgent includes a built-in MCP Server with 39 tools. Add one line to your config and your agent can make API calls, pull webhook events, manage policies, and set spend limits — all through zero-custody hardware isolation.
What’s the difference between Governed and Autonomous mode?
Governed means you approve every sensitive action — your agent proposes, you decide. You get real-time alerts and control everything from your dashboard or phone. Autonomous means your agent operates independently within the guardrails you set — spend limits, action policies, and audit logging still apply, but you get daily digests instead of constant alerts. Both modes use the same zero-custody security. You can switch between them anytime.
What is the Device Fleet Bridge?
The Device Fleet Bridge lets your AI agents discover and operate physical devices across your enterprise — HVAC systems, access gates, sensors, cameras, and more. Devices are organized into zones with independent permission tiers and policies. Every command goes through the same governance engine as API calls: policy checks, audit logging, and approval workflows. Works across industries — manufacturing, logistics, retail, healthcare, data centers, and more.
What is Portable Agent Identity?
Every Authgent agent gets a cryptographic DID (Decentralized Identifier) — a verifiable passport derived from its hardware-isolated key. Identity documents are signed by your Authgent instance and can be verified by any external system without calling back to your server. Proving identity uses ephemeral challenge-response: the verifier sends a one-time nonce, the agent signs it inside the enclave, and the proof is burned after verification. Stolen identity documents are useless — without the private key, the challenge can’t be answered. Documents expire every 7 days. Revoked agents are published to a revocation list.
What is the Agent Mesh?
The Agent Mesh is an open protocol where AI agents discover and connect with each other automatically. Instead of manually configuring connections, agents publish their capabilities to the mesh and find each other by intent — “I need my taxes filed” resolves to the best available tax agent, ranked by trust score. The mesh is federated across Authgent instances (no central authority) and uses the same cryptographic identity system (DIDs + challenge-response) for cross-instance verification. Think of it as the connective fabric of the agent internet.
What is the Agent Name Service?
The Agent Name Service (ANS) lets you register a human-readable mesh name for your agent — like a domain name for the agent internet. Instead of referencing did:ag:7f3a9b..., you can reach your agent at tax-helper.authgent.ai. Names are unique, verified, and backed by cryptographic proof. They make agents discoverable and memorable without sacrificing security.
How do mesh sessions work?
Mesh sessions let two agents collaborate through a secure, time-limited channel. The initiator opens a session specifying a task, which providers the responder can access, and a TTL. The responder accepts (or rejects), which auto-creates a scoped delegation token. During the session, agents exchange typed messages (text, data, request, result, error). When the session closes, the delegation is automatically revoked. Every session has full audit trail, expiry enforcement, and outcome tracking. If either agent is compromised, damage is bounded by the session scope.
How much does Authgent cost?
Authgent starts at €9 per agent per month. Each seat covers one AI agent with full OAuth aggregation, webhooks, policies, spend limits, automatic token refresh, and zero-custody credential management.
Who makes Authgent?
Authgent is built by Forgestar Labs, an AI consulting and product studio at forgestar.ai.
GitHub
Notion
Linear
HubSpot
Jira
Confluence
Discord
Dropbox
Figma
Asana
Trello
Airtable
Mailchimp
QuickBooks
Xero
Calendly
Intercom
Zendesk
ClickUp
GitLab
Bitbucket
GCP
