Someone from Stytch here! We’re spending a lot of time tackling the challenges of letting delegated AI agents act on a user’s behalf. This post does a good job of sharing our approach- treating agents as separate OAuth clients with scoped tokens, consent flows, and revocation—to prevent overreach or data leaks.

Curious how others are approaching agent permissions, especially in multi-user or enterprise contexts. Would love to hear what’s working in the wild.