Identity and access

Vercel buys Better Auth on the pitch that agents need their own login

Vercel buys Better Auth on the pitch that agents need their own login

Vercel has acquired Better Auth, and framed the deal as an infrastructure bet on AI agents holding first-class identity of their own instead of borrowing a human developer's. The New Stack reported the acquisition on July 7. The operational read for CI/CD teams: every pipeline that keys branch protection, review approval or environment access on a human account is about to see machine callers on the other side of those gates, and the identity primitive that stamps them is now something a deployment vendor wants to own.

The report does not spell out deal terms. It positions the buy as a platform move.

The framing the acquirer chose

Vercel already owns a deployment surface a lot of engineering teams push through. Better Auth is an authentication project. Bundle them and the argument, per The New Stack, is that agents opening pull requests, reviewing code, creating deployments, querying internal systems and updating business systems should have first-class identity of their own, instead of acting under a person's account.

That is a business claim before it is a technical one. Own the deployment path, own the identity issuer, and every machine actor that fires a workflow needs a credential you minted. The pitch is coherent. It is also the same shape identity vendors have been drawing around cloud workloads for a decade.

Where each of those verbs lands on a pipeline

The five actions The New Stack lists sit on gates SRE and platform teams already operate:

  • Opening a pull request. Branch protection rules currently key on the account that authored the change. If the author is a bot user, the enforcement graph collapses to whatever token got wired in, and the audit trail flattens to a single shared CI account with no way to attribute the action further.
  • Reviewing code. Required-reviewer counts and approval-based merge gates fire on whichever identity the review is filed under. An agent-issued approval that looks like a human approval is a gate that has already failed open.
  • Creating deployments. Environment protection rules, deploy secrets and role assignments guard the transition to production. If the caller is the agent, the role has to exist and be scoped.
  • Querying internal systems. This is the read side, where blast radius quietly accumulates. Weak identity here means audit trails that cannot answer which agent touched what.
  • Updating business systems. Any write outside the code repository is where the pipeline stops being self-contained and starts inheriting the trust of downstream owners.

None of these need a Vercel product to be worth reviewing. All of them get worse when the identity model is one shared robot account with a permission set wide enough to cover every case.

Workload identity did not start this week

The problem this pitch names is old. OIDC-federated CI runners against cloud IAMs are the pattern most teams already use to kill long-lived tokens on the runner. SPIFFE and SPIRE define workload identity that outlives any single provider. Cloud IAMs have supported machine service accounts for years, with role assumption and scoped short-lived credentials. Recent CI platform work has pushed per-workflow OIDC subject claims into the request path so the caller is legible at the far end.

Agents are the newest workload class, not the first one. What is genuinely different is that a coding agent's action list is closer to a developer's than to a service's: it opens PRs, it reads issues, it drafts code, it triggers deploys. The identity model has to answer for both.

The acquisition changes none of the underlying primitives. It changes who is now trying to sit on the seam between deployment and identity.

The catch to hold in mind

The New Stack piece is a report on the deal. It is not a specification, an SDK reference or a shipping integration. There is a claim about intent, and a list of verbs. There is not, in the coverage as reported, a described flow that shows an agent presenting a specific identity to a specific merge or deploy gate today.

Two things worth watching without extrapolating from what the reporting actually says. First, whether the resulting product speaks the identity shapes CI already talks to, OIDC and SPIFFE-adjacent, or whether it defines a house dialect only legible inside one hosting stack. Second, whether the pipeline-side integration ends up on the standards path, so a merge check on any platform can verify an agent identity, or stays a first-party feature that ties agent legibility to where you deploy.

Agent identity is now a pipeline concern regardless of who won this acquisition. Vercel has raised its hand on the plumbing question. The gates already in production will find out over the next several quarters what accepting an answer costs them.

Source: The New Stack (thenewstack.io)

Related
Security & supply chain

Agent identity is the new wall between functional dev and security review

A New Stack analysis argues agentic systems pass functional review and then stall at the security gate because no one scoped identity, permissions or audit at the platform layer first. For CI/CD owners, it pushes a familiar workload-identity problem onto a much larger fleet of callers.

June 28, 2026
Security & supply chain

Vault wants your AI agents to ask permission, one request at a time

HashiCorp Vault Enterprise has put a new authorization model for AI agents into public preview, built on OAuth 2.0 Rich Authorization Requests so agents must declare what they want on every call instead of inheriting long-lived secrets. For pipelines that now host coding agents, it changes who is allowed to do what at runtime.

June 27, 2026
Identity and access

Boundary 1.0 adds RDP session recording, previews AI-agent access controls

HashiCorp shipped Boundary 1.0 with RDP session recording and a preview of work aimed at securing AI-agent access. For teams that route Windows targets through the proxy, session recording lands as an audit point that used to live in ad-hoc tooling.

July 7, 2026

Turn this into your pipeline. Build it on Buddy.

Start free