Five years in, our mission remains the same, fixing access control. 2025 was about making our authorization infrastructure available to more teams in more ways.
AI and Authorization
If AI isn't eating the world, it's certainly consuming the collective attention of the tech community. We started 2025 with generative AI still perceived largely as a novel tool, with developers and non-developers alike searching for the right use cases. By year's end, users had graduated from experimentation to optimizing their AI workflows, and enterprises found themselves navigating a familiar tension: the urgency to deploy AI applications balanced against the need to observe and secure them.
At AuthZed, we've been tracking this progression through the lens of authorization. We've worked directly with companies like OpenAI, where we provide the authorization infrastructure supporting ChatGPT connectors, and Workday, where we secure their AI-powered contract lifecycle management platform. These partnerships have shown us that AI magnifies authorization challenges: more actors, more checks, more velocity.
The Model Context Protocol (MCP) captured significant attention this year. We tracked its rapid development, analyzed the spec through an authorization lens, and identified that the authorization model is lacking for many critical use cases. We then built our own MCP servers and published resources for adding authorization to MCP implementations. We're continuing to track related efforts including ACP, A2A, and the newly formed Agentic AI Foundation.
This work culminated in our announcement of Authorization Infrastructure for AI, providing official support for Retrieval-Augmented Generation pipelines and agentic AI systems. Teams building AI applications can now enforce consistent fine-grained permissions across every stage of their RAG, in their MCP tools and AI agent workflows.
Progress Toward Our Mission
Beyond AI, we made progress toward our core mission: fixing access control.
We launched AuthZed Cloud, our self-service, usage-billed permissions system. AuthZed Cloud makes authorization infrastructure more accessible. Teams can start quickly, manage their own deployments, and pay based on usage. For enterprises requiring dedicated infrastructure, we added Microsoft Azure support, giving customers the flexibility to choose from AWS, Google Cloud, or Azure.
We also focused on making authorization infrastructure fit naturally into existing operations. The AuthZed Cloud API lets teams manage authorization resources alongside their other cloud infrastructure. Our Terraform and OpenTofu provider brings declarative infrastructure-as-code to authorization management. And with our Datadog integration, engineering teams gain visibility into authorization performance without custom tooling.
We closed out our development year with the December 2025 release, which includes Materialize support on Azure.
Five Years of AuthZed
This year marked AuthZed's fifth anniversary. We celebrated by hosting the authorization infrastructure event where Jake, our CEO, reflected on our journey and announced AuthZed Cloud. Customers including Canva and Turo joined us to share their experiences. We also explored the growing importance of authorization infrastructure as AI use cases emerge, with Andy Pavlo from Carnegie Mellon contributing his perspective on databases.
SpiceDB Community Showcase
Separately, we hosted a Community Showcase to highlight SpiceDB adopters. Kelsey Hightower walked us through the history of Google research-inspired projects, which led to the release of our annotated Google Zanzibar white paper with his foreword.
What makes SpiceDB special isn’t just that it’s based on great research—it’s that it addresses a real-world problem that most developers don’t even realize is holding them back.
- Kelsey Hightower
We also heard from teams at Reddit and ReliON about their implementations.
SpiceDB Development
SpiceDB continued its steady development throughout the year:
- 20 releases published, from v1.40.0 (January) to v1.48.0 (December)
- 231,296 insertions and 80,869 deletions across the codebase
- 4,905 files changed
- 29 contributors participated
Meet Dibs
In March, we introduced Dibs, the SpiceDB mascot. Continuing our tradition of Dune references in the SpiceDB ecosystem, Dibs represents the resilience and adaptability we aim for in SpiceDB itself.
We wanted to end the year with a gift for our community, something that shares what we're passionate about. So we wrote a story featuring Dibs that explores authorization concepts. Our note in the book expresses it best:
We're on a mission to fix access control, the invisible layer that keeps systems safe and running smoothly. We want to share that mission with you, and we believe stories are one of the best ways to explore new ideas together.
Just like in the Magic Library, when authorization is accurate and fast, the right doors open.
Thank you for reading. We hope it sparks curiosity.
With gratitude, The AuthZed Team
Looking Ahead
There's more to do in 2026. AI systems need better authorization and more teams need onramps to authorization infrastructure to secure and build their applications.
If you've been with us as a customer or user or community member, thank you. If you're new here, welcome. We hope you'll join us in the work ahead.