Arcade for AI Agent Security: Features, Pricing, and Alternatives

AI agents need to interact with external services—from Slack to Salesforce, GitHub to Gmail. But granting agents access to these tools introduces a critical security challenge: how do you authenticate API calls without exposing credentials to the AI model itself?

This is the problem Arcade addresses. Arcade.dev is an AI agent infrastructure startup backed by a $12 million seed round led by Laude Ventures in March 2025, alongside investors like Flybridge, Hanabi Capital, Neotribe, and Andy Rachleff. Arcade positions itself as the industry’s first authenticated tool-calling platform, focused specifically on the credential management and authorization challenges that emerge when AI agents need to execute actions across third-party APIs.

For teams building AI agents that need to call external tools securely, Arcade offers a specialized approach. But it’s important to understand what Arcade is—and isn’t—designed to handle in your authentication architecture.

What is Arcade?

Arcade is a tool-calling authentication platform designed for AI agents. Unlike general-purpose identity and access management systems, Arcade focuses on a specific problem: securely managing OAuth 2.0 / OAuth 2.1 flows, API keys, and tokens when AI models need to interact with external services on behalf of users.

The company was founded by a team combining Okta-style enterprise auth experience with AI-native engineering backgrounds from places like Redis. Their core premise is that existing authentication solutions weren’t built for the agentic AI paradigm. Traditional auth systems assume a human user is in the loop for every request. AI agents, by contrast, make dozens or hundreds of API calls autonomously—often without direct user supervision.

Arcade’s core innovation is a “zero token exposure” architecture: credentials are stored and managed in an environment completely separate from the AI models themselves. LLMs never see OAuth tokens, API keys, or other authentication secrets; those are held in Arcade’s runtime and retrieved only at execution time.

The platform offers native support for the Model Context Protocol (MCP), Anthropic’s open standard for connecting AI models to external tools and data sources, and can act as the MCP runtime for multi-user, multi-tool deployments.  Arcade maintains a large catalog of pre-built MCP servers and “agent tools” for popular SaaS platforms like Gmail, Slack, GitHub, and Salesforce, alongside an SDK for building custom authenticated tools.

Arcade is used by teams at companies like LangChain and Snyk, and by engineering organizations in financial services, healthcare, and technology that are building production AI agents.

What Arcade Offers

Arcade’s feature set centers on the tool-calling authentication workflow.

Credential Isolation

The primary security primitive is ensuring AI models never directly access authentication credentials. Arcade’s runtime stores tokens and secrets, executes the API calls, and returns only structured results back to the LLM. This zero-token-exposure design keeps credentials out of model prompts and logs while still enabling agent actions.

OAuth 2.x Management

Arcade provides managed OAuth 2.0 / OAuth 2.1 flows, including authorization code flows with PKCE and refresh-token handling, across many providers. Their auth providers and OAuth 2.0 abstraction are designed to connect to any OAuth-compatible API, while provider-specific guides (e.g., Airtable, Salesforce, Zendesk, X) document PKCE and refresh usage explicitly.  The platform handles redirect URLs, state, verifier routes, and token refresh logic so agents can safely operate as users.

Just-in-Time Authentication

Rather than pre-authorizing every integration upfront, Arcade emphasizes just-in-time authentication: users are challenged only when an agent actually needs to use a given tool or permission. Blog posts and partnership announcements describe this as “just-in-time auth” and “post-prompt authorization,” where the LLM proposes an action and Arcade validates it at execution time.

Granular Scoping

Arcade enforces least-privilege access by requesting only the scopes required for each tool and action. Their guidance around OAuth and agent security consistently frames this as avoiding broad “super user” access and instead using scoped, just-in-time permissions aligned with modern OAuth 2.1 and rich authorization request patterns.

Pre-built MCP Servers and Tools

Arcade maintains a broad set of pre-built MCP servers and authenticated tools across categories like productivity, communication, developer tools, payments, sales, and customer support (Asana, Gmail, Google Calendar, Notion, Slack, Stripe, Salesforce, Zendesk, and many more).  These can be wired directly into MCP clients such as Claude Desktop, Cursor, and LangChain / LangGraph agents.

Custom Tool SDK

For services not covered by the pre-built catalog, Arcade provides a Python MCP server framework and SDK with a FastAPI-like interface (via MCPApp) for building custom tools.  The SDK handles server setup, transports (stdio, HTTP/SSE), environment-based configuration, and security plumbing so developers focus on the actual tool logic.

Multi-User Support

Arcade is explicitly designed for multi-user, multi-tenant agent scenarios. The docs and case studies focus on “multi-user authorization,” user challenges, and per-user credential management, where each user has their own delegated access to tools (e.g., different email or CRM accounts) under centralized governance.

Human-in-the-Loop Workflows

For high-stakes operations (like sending emails, making purchases, or modifying financial records), Arcade supports human-in-the-loop control. Integrations with frameworks like LangGraph demonstrate workflows where tools expose authorization URLs, graphs pause until the user approves, and only then does the tool execute.

Audit Trails

Arcade emphasizes auditability: their SOC 2 materials and industry-specific guides repeatedly highlight “complete audit trails for every agent action” and agent-level traceability across sectors like healthcare, wealth management, and accounting.  This is key for regulated environments.

Multiple Deployment Options

Arcade can run as a managed cloud service or be self-hosted within a customer VPC, with on-prem MCP server support for accessing private resources while still leveraging their runtime.  This gives teams options for cloud, on-prem, or hybrid deployments depending on security requirements.

How Arcade Handles Tool-Calling Authentication

At a high level, an Arcade-backed workflow looks like this:

1. The user authenticates to your app and, when needed, is challenged by Arcade to authorize specific tools (for example, granting Gmail read access or Slack message permissions) via an OAuth consent flow.
2. Authorized credentials (tokens, secrets) are stored in Arcade’s secure runtime, not in the LLM or your agent code.
3. When the agent decides to call a tool, it sends a high-level request (parameters and tool name) to Arcade rather than direct API calls.
4. Arcade validates authorization, injects the appropriate credentials, executes the API request, and returns only the response payload to the LLM.
   

The model never sees the OAuth token, API key, or other secrets—only the input parameters it needs to send (for example, channel: #general, message: "Deploy complete") and the output returned (for example, “message sent successfully”).

For developers, this abstraction means you don’t need to build OAuth flows, token refresh logic, or credential storage systems from scratch. Arcade handles the authentication and authorization infrastructure so you can focus on what your agent actually needs to do. Blog case studies explicitly credit Arcade’s auth layer with allowing teams like Tradestack to move from concept to production in roughly two weeks while maintaining enterprise security standards.

Pricing and Plans

Arcade offers three main pricing tiers that match its current public pricing page:

Hobby (Free)

The free tier includes:

• Unlimited access to tools with pre-built authentication
• 100 user challenges (times a user is prompted for new permissions) per month
• 1,000 standard tool executions per month
• 50 pro tool executions per month
• 1 Arcade-hosted MCP server and up to 5 self-hosted workers
• MCP compatibility and community support via GitHub
  

Growth ($25/month + usage)

The Growth plan starts with a $25/month platform fee and includes everything in Hobby, scaled up:

• 600 user challenges included, then $0.05 each
• 2,000 standard tool executions included, then $0.01 each (plus a small surcharge if scheduled)
• 100 pro tool executions included, then $0.50 each (plus optional scheduling surcharge)
• Unlimited Arcade-hosted workers billed per server-hour and unlimited self-hosted workers
• Email support with an SLA
  

Enterprise (Custom Pricing)

Enterprise plans build on Growth with:

• Volume pricing across usage metrics
• A dedicated account representative
• Custom SLAs
• The same cloud and self-hosted deployment options, with additional enterprise-grade support and governance
  

The distinction between “standard” and “pro” executions is defined in Arcade’s own comparison table: standard tool executions cover basic tools with lower infrastructure costs, while pro executions are for advanced, higher-cost tools (often where Arcade runs the infrastructure and you can optionally bring your own credentials to reduce cost).

For teams just exploring agentic AI, the free tier provides a generous sandbox. For production applications, the Growth plan offers predictable base pricing with consumption-based scaling, and Enterprise adds the contractual and operational guarantees larger organizations expect.

Arcade vs. WorkOS: Specialized Tool-Calling vs. Comprehensive Enterprise Auth

Arcade is a tool-calling authentication and authorization platform for agents. WorkOS is an enterprise authentication and identity infrastructure platform for applications.

If you’re building an AI agent that needs to call external APIs on behalf of users, Arcade provides a focused solution for that specific problem: OAuth management, credential isolation, least-privilege scopes, and pre-built integrations for common SaaS tools.

But Arcade does not provide—and is not designed to provide—the full set of authentication and identity features that enterprise B2B applications require at the application layer.

What Arcade Doesn’t Include

Arcade does not handle end-user authentication to your core product (email/password, social login, magic links, or MFA), nor does it provide enterprise SSO, SCIM-based directory sync, or built-in user and organization management for your app. Its scope is tool-calling authorization and credential management, not primary user auth or tenant management.

Arcade also doesn’t aim to replace your identity provider, authorization system, or access control model inside your own application; instead, it complements them by enforcing tool-level policies and OAuth scopes when agents call external services.

Why WorkOS Is the Proven Choice

WorkOS provides the authentication and identity infrastructure for enterprise B2B applications themselves. Its platform includes:

• Enterprise SSO (SAML/OIDC) with dozens of supported identity providers and robust connection management.
• Directory Sync (SCIM) for automatic user provisioning, de-provisioning, and role mapping from systems like Okta, Azure AD, and Google Workspace.
• A full user management stack (email/password, social auth, Magic Auth, MFA, org modeling, domain verification, and more) designed to be “the last auth solution you’ll need.”
• Admin Portal and Audit Logs for enterprise admins to self-serve configure SSO, directory sync, log streaming, and view auditable activity across your app.
• Enterprise-grade SLAs and 99.99% availability for SSO, Directory Sync, and Audit Logs.
  

If you’re building an AI agent application that enterprise customers will use, you typically need both:

• WorkOS for core application authentication and identity (how users log into your application, how IT admins manage access, how users and organizations are modeled).
• Arcade for tool-calling authentication (how your agents securely interact with external APIs—email, CRM, finance systems—on behalf of those authenticated users).
  

If you’re choosing between the two, it’s important to recognize that you’re comparing different layers of the stack. Arcade is a specialized tool for a specific problem in the AI agent workflow. WorkOS is the foundation of enterprise identity and access management for B2B applications.

For companies selling to enterprise customers, WorkOS is the infrastructure that makes your application enterprise-ready at the identity layer. Arcade may complement WorkOS for AI-specific tool-calling scenarios, but it doesn’t replace the comprehensive authentication and identity features WorkOS provides.

Getting Started with Arcade

For developers interested in exploring Arcade’s tool-calling authentication platform, the getting-started flow is:

1. Sign up for an Arcade account and obtain an API key from the dashboard.
2. Choose pre-built tools or MCP servers for the services you need (for example, Gmail, Slack, or Google Calendar), or scaffold a new MCP server using the arcade-mcp CLI and MCPApp interface.
3. Integrate Arcade into your agent framework (LangChain / LangGraph, OpenAI Agents, Vercel AI, etc.) using their language clients and framework-specific guides.
4. Configure user challenges and scopes for each tool so that agents only receive the minimum permissions needed.
   

The documentation explicitly describes a “FastAPI-like” developer experience for Python developers building MCP servers, and the overall platform is positioned as something that can take you from prototype to production agents very quickly if you don’t want to rebuild auth infrastructure yourself.

For production deployments, you’ll want to evaluate the Growth or Enterprise tiers, confirm whether managed cloud, self-hosted, or hybrid makes the most sense for your compliance posture, and decide how Arcade fits alongside your existing identity stack (for example, WorkOS + your IdP of choice).

Final Thoughts

Arcade addresses a real problem in the agentic AI landscape: how to securely authenticate tool calls without exposing credentials to AI models. For teams building agents that need to interact with external APIs, Arcade’s credential isolation, OAuth 2.1-aligned flows, and MCP-native tooling offer a focused, production-oriented solution.

But authentication for enterprise B2B applications requires far more than tool-calling OAuth management. Your customers expect enterprise SSO, directory sync, admin controls, audit logging, compliance certifications, and contractual uptime guarantees.

If you’re building a B2B application that enterprise customers will buy, WorkOS is the authentication and identity infrastructure you use for your core product. Arcade can then sit alongside it as the agent-action layer, making your AI agents safe, auditable, and capable of acting across the rest of your stack—without ever handing them the keys.