Kevin Ghim
Published  
September 5, 2025

Agents Are Coming — And the Web Isn’t Ready

Just as the internet connected people, a new layer is forming — an internet designed not for humans, but for AI agents.

This shift is no longer theoretical. Agents are already scheduling meetings, monitoring markets, booking travel, and triggering workflows — not through robust, native protocols, but by mimicking human behavior. They're scraping UIs, reusing session tokens, and navigating web pages with brittle automation tools. It’s the equivalent of asking every user to write their own browser driver just to log in.

Today’s infrastructure was never designed for autonomous agents. It assumes a human at the keyboard, clicking buttons, interpreting errors, navigating state. But as AI agents gain capabilities, they’re being forced into interfaces meant for people — fragile, insecure, and deeply inefficient.

Worse, most current agent frameworks don’t solve this. They’re built for closed systems, orchestrating agents in isolation or behind walled gardens. Even those that enable communication often treat agents as workflow steps, not autonomous peers.

Meanwhile, the world’s largest companies are racing to bolt agent-to-agent capabilities onto their existing platforms — but they’re still grounded in legacy assumptions: synchronous calls, trusted APIs, centralized control. That’s not a foundation for the next phase of the internet. That’s scaffolding.

The OAuth Delegation Crisis

The technical foundations of this problem run deep. Current agent frameworks like Anthropic's MCP and Google's A2A represent important progress, but they're built on legacy authentication systems that create fundamental bottlenecks.

Consider OAuth, the standard that powers most API authentication today. When an agent needs to act on your behalf, OAuth provides a bearer token that says "this request is authorized." But OAuth was designed for simple, human-approved actions—not the complex, multi-step coordination that agents require.

The Scoping Problem

OAuth permissions are broad and binary. You can grant an agent permission to "manage your calendar" or "access your email," but you can't express nuanced intent like:

  • "Only schedule meetings during office hours"
  • "Approve expense reports under $500 automatically"
  • "Coordinate with partner agents, but require approval for external vendors"

Real human intent is conditional, contextual, and evolving. OAuth permissions are static and simplistic.

The Identity Crisis

Even more problematic: OAuth tokens authenticate the user and the application, but they don't identify which specific agent instance is acting. When Agent A needs to delegate to Agent B, which then coordinates with Agent C, the bearer token provides no way to track this chain of delegation.

This becomes critical when something goes wrong. If an automated transaction fails, was it Agent A's logic error, Agent B's data formatting, or Agent C's API timeout? Current authentication systems provide no visibility into multi-agent workflows.

The Static Consent Problem

OAuth assumes one-time consent for well-defined actions. But agents excel at handling long-running, evolving tasks that require incremental decision-making. An agent coordinating a supply chain disruption might need to:

  1. Initially: Access inventory data from your ERP system
  2. Then: Negotiate with alternate suppliers (new permissions needed)
  3. Later: Approve expedited shipping costs above normal thresholds
  4. Finally: Update stakeholders across multiple communication platforms

Each step requires different permissions, but OAuth has no mechanism for incremental, conditional consent. The agent either gets broad permissions upfront (creating security risks) or constantly interrupts humans for approval (defeating the purpose of automation).

The Attack Surface Explosion

When agents operate through human interfaces, they inherit all the vulnerabilities that affect humans—but at machine speed and scale.

Manipulation at Machine Speed

Websites use dark patterns to manipulate human behavior: hidden fees, confusing cancel buttons, and misleading default options. When agents encounter these patterns, they can be manipulated just as easily as humans—but they process thousands of interactions per minute instead of dozens.

An agent optimizing travel costs might consistently fall for fake "limited time offers" that trick humans. Multiply this across thousands of agents, and small manipulation tactics become massive revenue streams for bad actors.

Brittleness as a Feature

Many companies deliberately make their APIs brittle or rate-limited to maintain control over automated access. They'll provide a public API that's intentionally crippled while keeping the full-featured interface locked behind human-facing web forms.

This forces agents to scrape websites and reverse-engineer workflows, creating a cat-and-mouse game where website changes constantly break agent functionality. What should be stable, programmatic interfaces become moving targets that require constant maintenance.

The Single Point of Failure Problem

Current agent architectures create cascading failure points. When agents coordinate through corporate APIs and human interfaces:

  • Platform changes can break dozens of dependent agents overnight
  • Rate limiting by one service can halt entire agent workflows
  • Authentication tokens expire and require human intervention to refresh
  • Terms of service changes can suddenly make previously-legal automation violate agreements

These aren't edge cases—they're the inevitable result of forcing machine coordination through human-centric infrastructure.

The Economic Misalignment

Perhaps most fundamentally, current web architecture misaligns economic incentives. When agents coordinate through platform APIs, the platform captures value from automation while bearing none of the coordination costs.

Consider an AI agent that helps users compare insurance quotes across multiple providers. The agent does the work of:

  • Standardizing data formats across different insurance APIs
  • Handling authentication and rate limiting for each provider
  • Reconciling pricing models to enable apples-to-apples comparison
  • Managing error handling when individual providers are down

But the insurance platforms capture all the economic value when users purchase policies. The agent developer bears the integration costs while the platforms get the conversion revenue. This creates a tragedy of the commons where everyone wants agents to integrate with their platform, but no one wants to pay for the coordination infrastructure.

The question isn't whether agents will coordinate autonomously across the internet—they already are. The question is whether we'll build proper infrastructure for this coordination, or continue forcing sophisticated AI into the digital equivalent of horse-drawn carriages.

Insights and Updates from Our Recent Posts