Scalekit: Auth Stack for AI Apps is now GA

Software has always assumed a human at the other end of the login screen. You authenticate once, set a session, and that identity lives until logout.

But agentic software breaks that model.

AI agents don’t log in, hang around, and log out. They:

• Spin up dynamically, often per task or workflow.
• Need ephemeral identities that exist only for the lifetime of that task.
• Operate with scoped, least-privilege permissions — not blanket, long-lived access.
• Often act on behalf of users, which requires delegated consent and revocation.

These are entirely new identity primitives. And they don’t fit into systems built around passwords, long sessions, and static app registrations.

When the Model Context Protocol (MCP) first started gaining traction, developers rushed to expose their products as MCP servers. But in practice, most of these servers ran locally, wired up for demos rather than production. The missing piece? Authentication.

Without a secure way to prove which agents should connect (And what data they should be allowed to touch), MCP servers weren’t ready for mainstream adoption. That’s why we built one of the first dedicated solutions for a drop-in authorization server: An external layer that handles authentication outside the MCP server itself. This design soon became part of the official MCP spec.

At the same time, developers building agents ran into a parallel wall. In a dev environment, an agent acting for a single user works fine. But move that into production — where hundreds of users expect those agents to take real actions in Gmail, Slack, or Salesforce — and the whole setup cracks. Tokens are hard-coded, consent flows don’t exist, and security becomes guesswork.

Those two realities shaped our roadmap. Today, we’re making it official:

Scalekit’s Auth Stack for AI Apps is generally available.

(And yes, we’ve also raised a $5.5M seed led by Together Fund and Z47 to keep shipping ahead of the curve.)

The new modules in the Auth Stack for AI Apps

MCP Auth: For MCP developers

If you’re building an MCP server, the first blocker is always the same: How do you securely let agents in?

With MCP Auth, you don’t need to roll your own OAuth layer. Scalekit gives you a drop-in authorization server that:

• Implements OAuth 2.1 with dynamic client registration.
• Issues scoped, short-lived tokens tied to workflows, datasets, or projects.
• Runs as an external auth layer, so your MCP server logic stays clean.

Instead of shipping a local MCP demo that anyone can poke at, you can expose a production-ready endpoint that enforces exactly which agents get access, and under what conditions.

Agent Actions: For agent builders

Building an agent that works for one user in dev is easy. Making it work for hundreds of users in production is where things break:

• Tokens get hard-coded.
• Consent flows are missing.
• There’s no safe way to refresh or revoke credentials.
• And every new integration requires hand-rolled OAuth code.

Agent Actions fixes that by giving your agents a turnkey execution layer:

• A secure token vault, scoped per user and per tool.
• A consent orchestrator that handles approvals and revocations.
• Automatic token rotation so credentials don’t linger.
• A tool-calling layer that standardizes how agents invoke external apps (calendars, CRMs, chat, docs, storage).
• Tool metadata so your agent knows which actions are supported, with the right params and scopes.
• Prebuilt connectors for Gmail, Slack, HubSpot, Notion, Salesforce, and more.

The result: your Slack bot posts with the right user’s token, your CRM agent edits only the allowed fields, and your workflows don’t collapse under bespoke OAuth hacks.

One stack for Human+Agent

Most B2B teams don’t just have agents. They have human users too. Scalekit’s auth stack is designed to handle both sides together:

• Human auth→ Passwordless login, OTP, social sign-in
• Enterprise auth→ SSO, SCIM, admin portals
• API/M2M auth→ Service accounts, lifecycle management
• Agentic auth→ MCP Auth+Agent Actions on the same platform

You don’t need to juggle parallel systems. One stack covers all your identity needs.

What’s next

This launch is only the start. Our $5.5M seed round — led by Together Fund and Z47 with support from Adam Frankl, Oliver Jay, Jagadeesh Kunda, and others — is a bet on a simple but radical idea: Authentication has to be reimagined for the agentic era. These investors backed us because they see the same shift we do: That agent identity is not a feature but a new foundation layer for software.

We’re putting that capital to work across the stack:

• Deeper agent actions → Richer tool-calling semantics, structured tool metadata, lifecycle governance, and a growing library of prebuilt integrations.
• Expanded MCP auth → Tighter support for the evolving spec, background agent support, and more granular scope controls.
• Human + Enterprise auth → Continuing to ship passwordless flows, SSO, SCIM, and admin tooling so B2B teams don’t have to run parallel systems.
• Observability and security → Fine-grained audit logs, policy-driven revocation, and rate limiting that scales with production workloads.

The meta goal: Make it possible for more agentic apps to move into production without worrying about security.

Start building

• Explore MCP Auth → Secure your MCP server with a drop-in authorization server.
• Enable Agent Actions → Ship tool calling with consent, token vault, and metadata-aware actions.
• Manage complete auth with Scalekit’s full stack auth → Complete auth infra for modern applications

FAQs

Why does agentic software require a new identity model?

Agentic software breaks traditional session models because agents spin up dynamically per task rather than logging in as humans do. These entities require ephemeral identities that exist only for specific workflow lifetimes. Unlike static human accounts, agents need scoped, least privilege permissions and delegated consent frameworks. Scalekit addresses this by moving away from passwords and long lived sessions toward a foundation built for ephemeral, task based identity primitives that scale with agentic workloads.

How does Scalekit simplify authentication for MCP servers?

Scalekit provides a drop in authorization server that implements OAuth 2.1 with dynamic client registration for MCP developers. Instead of hand rolling complex security layers, you can deploy an external auth layer that keeps your server logic clean. It issues short lived tokens tied to specific datasets or projects, ensuring that only authorized agents can connect. This transforms local demos into production ready endpoints by enforcing strict access conditions without increasing the maintenance burden on engineering teams.

What role does Dynamic Client Registration play in agent auth?

Dynamic Client Registration allows AI agents to register themselves securely and receive unique credentials on the fly. In the agentic era, creating static application registrations for every ephemeral task is impossible to manage manually. By automating this process, Scalekit ensures that every agent interaction is uniquely identified and authenticated. This improves security posture by enabling granular revocation and auditability, allowing security leaders to track exactly which agent performed a specific action within the corporate environment.

How does Agent Actions manage secure tool calling for agents?

Agent Actions provides a turnkey execution layer consisting of a secure token vault and a standardized tool calling interface. It abstracts the complexity of managing OAuth credentials for external apps like Salesforce or Slack. The system handles automatic token rotation and metadata aware actions, ensuring agents know which parameters and scopes are required. This approach prevents developers from hard coding sensitive credentials and ensures that agent workflows remain stable and secure as they interact with various third party productivity tools.

Can Scalekit handle both human and agentic authentication simultaneously?

Scalekit is designed to provide a unified identity stack that manages both human and agentic authentication in one place. It supports enterprise requirements like SSO and SCIM alongside modern agentic primitives and machine to machine auth. By consolidating these systems, engineering managers avoid the operational overhead of running parallel identity infrastructures. This unified approach ensures consistent security policies, centralized audit logs, and simplified lifecycle management for every identity type, whether it belongs to a human or an agent.

How does the platform ensure least privilege access for AI agents?

Scalekit enforces least privilege access by issuing scoped, short lived tokens that are strictly tied to specific workflows or tasks. Unlike traditional service accounts with broad permissions, agent tokens are designed to expire once a task is completed. The platform uses policy driven revocation and granular scope controls to limit what data an agent can touch. This prevents lateral movement in the event of a compromise and ensures that agents only have the minimum necessary access to perform their designated functions.

What are the risks of hard coding tokens in agentic apps?

Hard coding tokens creates significant security vulnerabilities, including credential leakage and a lack of auditability. Without a centralized management system, there is no safe way to refresh or revoke compromised credentials without shipping new code. This practice fails to meet enterprise security standards and makes it impossible to manage user consent at scale. Scalekit eliminates these risks by providing a secure token vault and automated rotation, ensuring that credentials never linger or exist in plain text within application environments.

How does Scalekit manage user consent for third party integrations?

Scalekit includes a dedicated consent orchestrator that manages approvals and revocations for agents acting on behalf of users. When an agent needs to access a user mailbox or chat, the platform handles the delegated authorization flow to ensure explicit permission is granted. This provides a transparent mechanism for users and administrators to monitor and control agent access. By standardizing consent, Scalekit allows developers to build trustworthy AI applications that comply with privacy regulations and corporate governance policies.

Why is an external authorization layer better for MCP servers?

Using an external authorization layer decouples the security logic from the core functionality of the MCP server. This architectural choice keeps the server logic clean and easier to maintain while providing a robust defense against unauthorized access. It allows the authorization server to handle complex tasks like token validation, rate limiting, and dynamic registration independently. This design is now part of the official MCP specification, offering a scalable way to secure agent connections without forcing developers to reinvent security protocols for every new server.