A detailed glimpse at Project Horizon: an internal code factory at WorkOS.
Grant agents time-limited access to OAuth connections using Pipes and MCP.
Develop with WorkOS entirely from your terminal, with agent-ready tooling built in.
A 2026 guide to the leading IAM solutions for SaaS teams, with a breakdown of features, pricing, and trade-offs to help you choose the right provider and start closing enterprise deals faster.
Your users enable multi-factor authentication, use strong passwords, and follow every security best practice you recommend. But none of it matters if an attacker is sitting between them and your login page, relaying traffic in real time and walking away with a valid session cookie.
From forged assertions to memory leaks, SAML's XML foundations keep producing serious bugs. Here's what happened and what you should be doing about it.
Most AI agents run with borrowed sessions and far more access than they need. Here's how to replace that with scoped, revocable credentials and tool-level authorization.
Master secure authentication in Laravel from Breeze and Sanctum to enterprise SSO, with production-ready patterns and security best practices.
API keys, token files, OAuth Device Flow, and Client Credentials compared. A practical guide to choosing the right authentication pattern for your CLI.
How FIDO2 and passkeys use cryptographic domain binding to stop phishing attacks, why SMS and push notification fallbacks destroy your security posture, and what to do about it.
MFA still blocks most automated attacks. But the new generation of AI-powered phishing tools does not send automated attacks. It runs real-time, human-speed session hijacking that MFA was never designed to stop.
A hijacked maintainer account, a hidden trojan, and a two-hour window that put millions of projects at risk. Here's the full story and how to protect yourself.
AI agents don't have phones, fingerprints, or sessions. The identity infrastructure they need looks nothing like what we built for humans.
What they are, how they work, and why modern password security has moved beyond them.
A practical comparison of the leading multi-factor authentication solutions: what they're good at, where they fall short, and how to choose the right one for your stack.
Cookie syncing and credential injection get agents past login screens, but they break every security assumption your app relies on.
How to design AI agents that do less, prove more, and stay within boundaries your security team can actually audit.
How AI agents get hijacked, poisoned, and over-privileged, and why identity is the fix for most of it.
Please try a different search
Our global team is growing and we’re hiring all types of roles.
WorkOS builds developer tools for quickly adding enterprise features to applications.
This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.
.webp)
.jpg){kind=avatar}
.webp)
.webp)
.webp)
.webp)
.webp)