Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
We saw how 30 AI agent projects handle authorization-93% use unscoped API keys
1 point by mishrasanjeev 20 days ago | hide | past | favorite | 2 comments
We reviewed 30 of the most popular AI agent projects on GitHub (OpenClaw, AutoGen, CrewAI, LangGraph, MetaGPT, AutoGPT, etc.) across six authorization criteria: scoped permissions, per-agent identity, user consent, revocation, audit trails, and delegation control.

  Key findings:
  - 93% rely on unscoped API keys as the only auth mechanism
  - 0% have per-agent cryptographic identity
  - 97% have no user consent flow
  - 100% have no per-agent revocation

  We mapped the gaps to OWASP's Agentic Top 10 (ASI01, ASI03, ASI05, ASI09,
  ASI10) and documented real incidents from this year — 21k exposed OpenClaw
  instances, 492 MCP servers with zero auth, 1.5M leaked tokens in the
  Moltbook breach.

  Full report: https://grantex.dev/report/state-of-agent-security-2026


We've been working on exactly this problem from the credential layer side. The root issue isn't that frameworks lack auth features — it's that .env files are the path of least resistance, and every framework optimizes for that path. Not just a problem for OpenClaw but also for the more 'trusted' regular CLI agents.

One thing the report doesn't cover: even with perfect credential injection, agents can still leak secrets through their output. An agent that received a key via a proxy can print it into a chat window, a log, or a commit message.


Great research. The 93% unscoped key finding matches what we see in practice. We built nornr.com specifically for the spend side of this: agents request a mandate before any financial action, policy scopes what's allowed (amount, vendor, frequency), every decision gets a signed receipt for audit. Works with existing payment rails. The delegation and revocation gaps you identified are first class concerns in our model. Would be interesting to see how your framework scores projects that adopt a mandate based approach.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: