← Back to home · All editions

WorkOS MCP Night 2026: Auth.md and agent-ready authentication

WorkOS hosted MCP Night and introduced Auth.md, a machine-readable way for MCP servers and agent-facing apps to describe authentication requirements. The event included demos from AgentCard, AgentMail, Expo, Executor, Cloudflare, and Firecrawl, plus a panel with Cloudflare, ChatPRD, and Sentry.

Enterprise MCP adoption depends on whether agents can be safely authenticated, scoped, approved, and audited. Auth.md is interesting because it treats agents as real software users rather than anonymous scripts bolted onto APIs.

If your MCP server can touch customer data, production systems, billing, or admin workflows, document auth flows clearly. Start with read-only scopes, require explicit approval for risky actions, and make audit trails easy to inspect.

Key quotes from the event included:

• Michael Grinich, WorkOS: “Agent Ready is the next Enterprise Ready.”
• Michael Grinich, WorkOS: “Make something agents want.”
• Claire Vo, ChatPRD: “Your user is changing... whether they are less technical or no longer human.”
• David Cramer, Sentry: “I'm very anti-let agents sign up for services... but it might be a thing that's necessary.”
• Brendan Irvine-Broque, Cloudflare: “Onboarding happens in somebody else's product.”

Watch the full video: https://www.youtube.com/watch?v=a1jx0H4cSWk