问HN:你会把你的微软Azure密钥链交给一个AI代理吗?
嘿,HN,<p>我是Maxime——一名产品开发者,曾担任Qonto的产品负责人(可以把它想象成欧洲的Brex,估值约60亿美元)。我最近启动了一个新项目,叫做[Well](https://wellapp.ai)(https://wellapp.ai),我们通过远程浏览器或Chrome扩展程序部署自主代理,代表创始人收集供应商发票。这为忙碌的运营者节省了大量的脑力资源。<p>现在,我知道我位于欧盟,这可能听起来像是又一次尝试<i>监管一切</i>……但请耐心听我说——核心问题是:<p>> 你会把你的Microsoft Azure密钥链交给一个AI代理吗?<p>多年来,我构建了许多集成——有些使用OAuth2,其他则在没有官方API的情况下通过RPA实现。但随着这一代代理<i>自主</i>代表用户行动,我开始思考:我们将如何管理身份验证,并定义代理被允许做的事情的范围?<p>*问题1:代理身份验证*<p>我的代理代表我行动——但我对密码泛滥极为反感。虽然将我的密码和双重身份验证代码直接交给代理是很诱人的,但这在根本上是有问题的。<p>理想情况下,我希望代理请求具有特定范围、时长和目的的凭证访问权限——而且我希望能够集中管理这种访问。如果我更改密码或撤销权限,代理应该立即失去访问权限。<p>*问题2:代理的范围与同意*<p>假设一个代理获得了有效的SaaS凭证并开始爬取一个账户。我怎么知道它<i>仅仅</i>是在收集发票,而不是在敏感设置中乱翻或触发密码重置?<p>OAuth通过范围和明确的用户同意解决了这个问题。但如今的代理似乎没有相应的机制。没有“仅收集发票”的复选框。<p>我想问的是:这种权限管理应该放在密码管理器内部吗?还是应该由代理平台来建立一个关注同意的保险库?或者我们是否应该考虑一些全新的东西——比如MCP(多代理控制协议)?<p>我很想听听是否有人在这个领域看到过严肃的工作或提案——或者你们是否在自己的领域中面临类似的挑战。<p>谢谢!
查看原文
Hey HN,<p>I’m Maxime — a product builder and former Head of Product at Qonto (think Brex for Europe, ~$6B valuation). I recently started something new called [Well](https://wellapp.ai/) (https://wellapp.ai/), where we deploy autonomous agents (via remote browsers or Chrome extensions) to collect supplier invoices on behalf of founders. It saves tons of brain cycles for busy operators.<p>Now, I know I’m EU-based and this might sound like yet another attempt to <i>regulate everything</i> … but bear with me — the core question is:<p>> Would you give your Microsoft Azure keychain to an AI agent?<p>Over the years, I’ve built many integrations — some with OAuth2, others via RPA when no official APIs existed. But with this new generation of agents <i>acting autonomously</i> on behalf of users, I’m starting to wonder: how will we manage authentication and define the scope of what an agent is allowed to do?<p>*Problem 1: Agent Authentication*<p>My agents act on my behalf — but I’m extremely anti-password proliferation. While it's tempting to just give an agent my password and 2FA codes, that feels fundamentally broken.<p>Ideally, I want agents to request access to credentials with a specific scope, duration, and purpose — and I want to manage that access centrally. If I change my password or revoke permissions, the agent should lose access instantly.<p>*Problem 2: Agent Scope & Consent*<p>Let’s say an agent gets valid SaaS credentials and starts crawling an account. How do I know it's <i>only</i> collecting invoices, and not poking around in sensitive settings or triggering a password reset?<p>OAuth solved this with scopes and explicit user consent. But agents today don’t seem to have an equivalent. There’s no "collect-invoices-only" checkbox.<p>My open question: Should this kind of permissioning live inside a password manager? Or is it the responsibility of agent platforms to build a consent-aware vault? Or should we be thinking about something entirely new — like an MCP (Multi-Agent Control Protocol)?<p>Would love to hear if anyone has seen serious work or proposals in this space — or if you're tackling similar challenges in your vertical.<p>Thanks!