AI coding agents need better permissions, and so does the code they write. SpiceBox enforces fine-grained permissions on AI coding agents using SpiceDB, while spicedb-dev gives agents the authorization context they need to generate code with proper access control from the start. Both are open source.
IAM has never been a single thing—and treating it like one is holding us back. Authentication and authorization are fundamentally different disciplines, and agentic AI might finally force us to address them separately.
Next week, RSAC and KubeCon happen at the same time. While the two shows have very different core audiences, the overlap in topic this year is striking—especially around authorization as a key driver of AI and agentic security.