Definition

What is auth for AI agents?

Q: What does Arc by GEOstack do?

Arc gives apps agent identity, action-level permissions, approval flows, audit logs, and revocation so users can connect AI agents safely.

Auth for AI agents is the control system that lets an app decide what an AI agent can do for a user, when the user must approve it, and how access can be audited or revoked.

Short answer

AI agent auth is not just login. It is the combination of agent identity, user consent, action-level permissions, approval flows, audit logs, and revocation.

Why normal app auth is not enough

Most apps understand human users and server-to-server API clients. An AI agent is different: it acts on behalf of a user, can make many requests quickly, and may attempt actions the user did not intend. That requires a narrower authorization model.

The Arc model

Identity

Which agent client is asking, and for which user?

agent

Permission

Is this action allowed, should it ask, or should it be blocked?

policy

Approval

If the action is sensitive, did the user approve it?

ask

Audit

What happened, when, and which grant allowed it?

log

Revocation

Can the user stop future access?

revoke

Example

A user connects Claude to an email app. Arc can allow read_email and draft_reply, require approval for send_email, and block delete_email. Claude can help, but Arc prevents full mailbox control.

Who needs it?

SaaS companies whose users want agents to work inside their product.
API-first companies exposing operations to agent clients.
Security-minded teams that cannot give agents broad credentials.
Agent builders who need user-approved app access.

See Arc product How permissions work