Introducing Ory Agent Security — authentication, authorization, and audit for the AI coding agents now working across your engineering org.
Product Technologist
How Apple broke "Sign in with Apple" with an unannounced and silent redirect
Every company is racing to put AI coding agents on their engineers' machines. Claude Code, Codex, Gemini CLI, OpenCode, OpenClaw and a dozen others are spreading in months, not years. These agents earn powerful access fast: they read and write source code, run shell commands, call internal APIs, and act with the same credentials as the developer running them.
Here is the uncomfortable part. The security and platform teams who own that risk rarely approved any of it, and most organizations can't even say how many AI agents are running inside them right now. Every other kind of teammate in the company has an identity, a permission scope, and an audit trail. Agents don't. Ory Agent Security closes that gap — and it's one of the two value propositions that ship in Ory Agent Plugins.
Meet Alice, a platform engineer who installed an AI coding agent last week. By Friday the agent is editing files in her repository, running shell commands on a laptop that holds production credentials, calling internal APIs as Alice, and opening pull requests that look like they came from Alice.
Her CISO has three simple questions. Who is actually acting in our systems — the human, or the AI? What is the AI allowed to touch? And what did it do last quarter? Today, the honest answer to all three is the same: we don't know. Multiply Alice across an engineering org and you have the governance gap every security leader is now being asked about.
In one sentence: Ory Agent Security brings authentication, authorization, and audit to agents wherever they run.
In practice that means four things. The human at the keyboard logs in properly, using the identity setup the organization already has. The AI agent gets its own identity, distinct from the human's — separately tracked and separately revocable. The organization decides what the AI is allowed to touch, by role, team, or environment. And every action the agent takes becomes a structured, queryable event the security team can audit. It plugs into the AI agent tools developers already use, so no one has to pick a winning agent or change how they work.
The product maps directly onto the CISO's three questions. Each pillar answers one of them.
Authenticated — who is acting? Every agent begins with a verified identity, not a borrowed credential or an anonymous token like other solutions on the market. The human signs in through the existing login flow, the agent gets its own identity, and the background tasks an agent spawns get their own identities too. Every action carries both signatures: Alice's AI did this, on Alice's behalf.
Authorized — what can they touch? Every action the agent takes is checked against the same access policies that govern your people. Rules are tied to who the human is, so the sales team's agent is not the on-call engineer's agent. Agent harnesses don't ship this kind of control; Ory Agent Security does.
Accountable — what did they do? Every login, permission decision, and agent action becomes a structured event that captures which human, which agent, which tool, which decision, when, and for how long. It's the audit trail compliance has been asking for — with no change to how developers work.
The most common worry about agent governance is that it will slow developers down. Ory Agent Security is built so it never has to. It starts in monitoring mode by default: you can see exactly what would have been blocked without interrupting a single developer. Once the rules are tuned and the team is confident, you flip to enforcement mode and actually block what shouldn't happen. Observe first, enforce when you're ready — on your timeline, not the agent vendor's.
On the accountability side, those structured events stream straight into the stack you already run — SIEM, Datadog, Splunk, or whatever your security team uses — so the agent audit trail lands where the rest of your audit evidence already lives.
Ory Agent Security is ready for the AI agent tools your developers already prefer: Claude Code, OpenAI Codex, Gemini CLI, OpenCode, and OpenClaw — spanning Anthropic, OpenAI, Google, and open source. The experience is the same regardless of which agent a developer chooses, and new agents are added as the market moves. Customers don't have to standardize on one tool to get governance across all of them.
None of this is a separate stack. Ory Agent Security extends the identity, OAuth, and permissions that Ory customers already rely on for their humans, now covering the AI agents that act alongside them. For existing customers it's an extension of what they have — no parallel system, no new vendor. For teams new to Ory, it's the lowest-friction way in: agent governance is the urgent problem, and Ory is the foundation that solves it. One identity model, one policy surface, one audit trail — now spanning humans, applications, and the agents that act for them.
The agent plugins are free on the Anthropic marketplace and work out of the box with Ory's open source. Install the plugin for your harness, run in monitoring mode to see what your agents are actually doing, and turn on enforcement when you're confident. Pair it with Ory Agent DX — the developer-experience side of Ory Agent Plugins — and the same identity, authorization, and audit model is present from the very first line an agent writes.
Learn more about Ory Agent Security or download the plugin for free today.
