CIAM for AI: Authn/Authz for Agents — Michael Grinich, CEO of WorkOS

00:00:00.000 | .

00:00:15.000 | My talk that was up here said SIAM for AI.

00:00:18.000 | That's a bit of industry lingo.

00:00:19.000 | It stands for Customer Identity and Access Management.

00:00:23.000 | Really what I'm going to be talking about here is auth.

00:00:25.000 | Login for agents.

00:00:27.000 | We just heard from someone from Hex.

00:00:29.000 | Hex is actually a WorkOS customer.

00:00:31.000 | We provide identity services to lots and lots of different

00:00:34.000 | SaaS businesses, B2B products,

00:00:36.000 | and our fastest growing segment is AI companies.

00:00:38.000 | It turns out AI products need identity and authentication,

00:00:41.000 | so we have a lot of experience seeing this.

00:00:43.000 | I want to talk about how you can bring identity

00:00:45.000 | specifically to agentic-based applications,

00:00:47.000 | what we're seeing in the world today.

00:00:49.000 | I'll just start with a little bit of a story.

00:00:52.000 | I want you to imagine that you're building a new chat tool,

00:00:57.000 | kind of like a ChatGPT internally for one of your companies,

00:01:00.000 | and it's like an IT support tool.

00:01:03.000 | It's going to help people not have to reach out to your IT team

00:01:05.000 | to get help with their laptop debug issues they might have.

00:01:09.000 | You ship this thing, and a user signs in, and they say,

00:01:12.000 | "Okay, my laptop had been filling up with files.

00:01:15.000 | Let's delete some unused files just to clear up some space."

00:01:19.000 | And the LLM thinks for a bit, and then it goes,

00:01:21.000 | "Yeah, certainly, sir.

00:01:22.000 | I went ahead and deleted your production database."

00:01:26.000 | And this is a bit of a fictitious situation,

00:01:29.000 | but it's not too far off from reality,

00:01:30.000 | where these non-deterministic agentic systems

00:01:32.000 | can go off the rails and have pretty destructive actions

00:01:36.000 | in your environment and your product.

00:01:39.000 | And these agents only work if you give them access to everything.

00:01:42.000 | This example here, you might say,

00:01:44.000 | "Well, I'll just disable access to the production database,

00:01:47.000 | but what about Jira?

00:01:48.000 | What about Salesforce or your Slack instance, your email?"

00:01:51.000 | Agents are only as powerful as the systems you give them to.

00:01:53.000 | So inherently, there's this whole problem

00:01:55.000 | around kind of identity authentication authorization for these systems.

00:01:59.000 | And really what I want to emphasize here

00:02:01.000 | is there's a shift coming where we need to think about agents

00:02:03.000 | as really having first-class identity support.

00:02:06.000 | what defines an agent in the B2B SaaS ecosystem.

00:02:09.000 | It's different than a bot or an integration.

00:02:11.000 | Agents are really a new paradigm for engineers

00:02:13.000 | and also enterprise IT to be working with.

00:02:16.000 | And my call to all of you is actually to collaborate with us

00:02:19.000 | to figure out how we can come together to work

00:02:21.000 | on these new standards for agent identity

00:02:23.000 | so users can stay safe and protected,

00:02:25.000 | and we can all leverage it to scale and grow forward.

00:02:28.000 | Agents behave a little bit different than people.

00:02:31.000 | Agents interact across many, many different tools,

00:02:34.000 | and specifically they need to act on behalf of users.

00:02:37.000 | They're similar to users, but like I mentioned,

00:02:39.000 | they need that wide data access to do a lot of different things.

00:02:42.000 | They might need to be able to access data

00:02:43.000 | from multiple different users in one.

00:02:45.000 | So the identity stuff here I'm going to talk about,

00:02:47.000 | they're similar to users but a bit different.

00:02:50.000 | Agents really need to support like a machine identity natively.

00:02:55.000 | If you've ever heard of like machine-to-machine auth,

00:02:57.000 | anybody heard about that before, like certificate-based auth?

00:03:00.000 | It's actually not the same framework as agents

00:03:03.000 | because in those scenarios,

00:03:05.000 | you really just have services talking to each other.

00:03:07.000 | Agents behave more like people and systems,

00:03:09.000 | so it's kind of this hybrid between a machine

00:03:11.000 | and a person identity.

00:03:13.000 | And last, I'll just say here before diving into some more details,

00:03:16.000 | we really need to do this.

00:03:18.000 | AI is clearly taking over the world.

00:03:20.000 | It's kind of preaching to the choir here

00:03:21.000 | at the AI Engineer World Summit,

00:03:23.000 | but inside of the enterprise,

00:03:27.000 | people are racing to adopt agents

00:03:29.000 | because they understand the productivity gains that it can have.

00:03:31.000 | So we can't just like wait to do this

00:03:33.000 | and hope that it takes care of itself.

00:03:35.000 | We need to figure it out very soon.

00:03:36.000 | There's a lot of urgency around it.

00:03:38.000 | So I'm going to switch gears a little bit and talk about,

00:03:41.000 | first of all, why identity for agents is hard.

00:03:43.000 | Like what makes it different and why is it challenging?

00:03:46.000 | Well, the first thing is agents need to log in in a headless way.

00:03:50.000 | And when I say that, I mean that they need to build a sign in

00:03:53.000 | without necessarily typing into a web browser.

00:03:56.000 | It's just different than like API auth,

00:03:58.000 | because you might want tokens to persist for a while,

00:04:01.000 | but not forever.

00:04:02.000 | You also might want your agent to actually use the front-end application

00:04:06.000 | and click around like a computer use system.

00:04:08.000 | So they need to be able to sign in,

00:04:10.000 | but at the same time not be signed out like a normal user.

00:04:15.000 | These sessions need to be long-lived.

00:04:17.000 | There's a question around where these credentials should live,

00:04:19.000 | how to refresh them, how do agents store them securely.

00:04:22.000 | This is one of the hard problems around agents.

00:04:24.000 | You'll hear from Paul from BrowserBase in a little bit.

00:04:26.000 | That's a question, you know, for BrowserBase.

00:04:28.000 | Like as people sign in and create sessions,

00:04:30.000 | where is that stored? How is it kept secure?

00:04:33.000 | Another challenge here on agents is the least privileged access model.

00:04:36.000 | So giving agents only a scoped-down ability

00:04:39.000 | to do something very specific.

00:04:41.000 | You know, on the one hand,

00:04:42.000 | you want to scope down an agent's access to a very small amount.

00:04:45.000 | It can only send a certain email,

00:04:47.000 | access a certain amount of data.

00:04:48.000 | But on the other hand,

00:04:49.000 | these non-deterministic systems,

00:04:51.000 | you want to give them access to do a lot of things.

00:04:54.000 | You know, you want to actually give it access to your whole environment,

00:04:57.000 | your whole code base, maybe all of your bugs,

00:05:00.000 | all of your customer conversations.

00:05:02.000 | So there's an authorization challenge around this

00:05:04.000 | where the existing like least privileged model

00:05:06.000 | doesn't necessarily apply.

00:05:08.000 | You can't really constrain it.

00:05:09.000 | Permissions need to be dynamic for agents.

00:05:13.000 | And lastly here, compliance.

00:05:15.000 | That example I gave earlier around the agent deleting the production database.

00:05:19.000 | You know, it's something we need to have a track record of who's done what.

00:05:25.000 | Agents also need to be tied to a person at the end of the day,

00:05:28.000 | often for legal compliance.

00:05:29.000 | If you do something like SOC 2 compliance, you know, all of your code has to be reviewed by people.

00:05:34.000 | What happens if you have agents reviewing code?

00:05:37.000 | And lastly, agents can just do a lot of stuff really fast.

00:05:40.000 | There's an old joke.

00:05:41.000 | I think it goes, "To error is human, but to screw up 10,000 times per second, you need a computer."

00:05:47.000 | Agents will be like that, right?

00:05:49.000 | Like they'll be able to go spawn other agents and do a lot of stuff.

00:05:51.000 | And so the visibility and the observability into agentic systems will be just as important.

00:05:55.000 | So logging systems, enterprise logging management, how you get agent logs into those things,

00:06:00.000 | all very hard, all very complicated, but important to solve for us to actually scale these into production.

00:06:06.000 | So it's really challenging, actually, to kind of bring identity and build these agentic systems.

00:06:12.000 | I want to propose a few architecture patterns here as to how we can actually do it.

00:06:18.000 | And these are things that I'm kind of seeing people start adapting out in the wild.

00:06:22.000 | There's four of them.

00:06:23.000 | I'll go through them each individually.

00:06:27.000 | These are not prescriptive by any means or like the be-all, end-all.

00:06:30.000 | It's just some things that I've seen so far.

00:06:33.000 | Cool.

00:06:34.000 | Persona shadowing, delegation chains, capability tokens, and lastly, escalation to humans, human-in-the-loop.

00:06:43.000 | All right.

00:06:44.000 | Persona shadowing.

00:06:45.000 | So persona shadowing is sort of like impersonation, where you give an agent an identity that shadows a user.

00:06:51.000 | So this reflects off of a user.

00:06:53.000 | It's kind of like a secondary user from your identity system.

00:06:55.000 | It has a subset of the privileges that a user might have, and it lets that agent go do things on behalf of a user.

00:07:02.000 | And this separation lets the system enforce stricter limits in access control around that actual shadow, shadow agent here.

00:07:10.000 | So you get this like isolation and accountability.

00:07:12.000 | However, every action is still explicitly tied to an original human identity, which has the benefit there.

00:07:18.000 | Impersonation, just pure impersonation, gives too much power if it's just exactly mirrored as a person.

00:07:24.000 | So this kind of shadow scoped identity lets you delegate a subset of the privileges.

00:07:28.000 | And you can even create like role templates off of this.

00:07:31.000 | This is probably the closest I've seen to people using agents-- identity in the wild.

00:07:36.000 | You kind of take your enterprise IDP, and if there's like the Michael prime, the human Michael, I have like Agent 1 Michael and Agent 2 Michael or something like that,

00:07:44.000 | which are shadow personas off of my own identity scoped down.

00:07:48.000 | So this is one way that you can achieve identity for agents.

00:07:51.000 | A second here is delegation chains.

00:07:54.000 | So if you've ever used JWTs, JSON Web Tokens, where they're signed, there's a cryptographic signature you can verify as you pass them along from system to system to system.

00:08:03.000 | You know, they're stateless in that way.

00:08:05.000 | Delegation chains are kind of like that, where you can mint a token for an agent that maybe has some, you know, verifiable permission and pass it on step by step.

00:08:13.000 | It means that each link in the chain must carry forward the original user's authorization.

00:08:18.000 | So it requires a different level of kind of remote procedure calling in that way, context passing.

00:08:24.000 | And it's sort of like those shadow personas in the sense that you can--you can layer it on top of shadow users.

00:08:31.000 | This can be supported by a few different things.

00:08:34.000 | I'll talk about in a second the UMA and OIDC extensions.

00:08:37.000 | But this is this kind of idea of delegating access step by step by step.

00:08:42.000 | is becoming more popular.

00:08:45.000 | So again, you create that token, you pass it to different systems, and it can persist from one to the other.

00:08:51.000 | Capability-based tokens.

00:08:53.000 | So essentially, given a token that can do a specific thing, Agent X can read Bob's calendar for the next 60 minutes.

00:09:00.000 | You create a token just for that action, essentially only for that thing.

00:09:04.000 | You know, it's like a secure voucher.

00:09:06.000 | And those can expire after a certain amount of time.

00:09:08.000 | They can have scoped access.

00:09:10.000 | These tokens can be self-contained and time bound.

00:09:12.000 | So it can simplify how actually verification works on it.

00:09:15.000 | And essentially, possession of that token of that voucher lets you prove that you're authorized to do something.

00:09:21.000 | So you can pass it along.

00:09:22.000 | Kind of similar to the JWT stuff I mentioned earlier, but around capabilities versus roles or permissions.

00:09:27.000 | You could even have a token like this minted for just one specific action, one specific API call.

00:09:33.000 | If you're familiar with the Macaroons work that Google has done, this is kind of a version of that.

00:09:38.000 | And lastly here, escalation to humans.

00:09:43.000 | Human in the loop.

00:09:44.000 | Approve everything.

00:09:45.000 | Right?

00:09:46.000 | Pretty simple to understand.

00:09:47.000 | When an agent needs to do something, it bubbles it up to you and hit approve or deny.

00:09:50.000 | Problem with this is that users get, you know, consent fatigue.

00:09:55.000 | Hit approve, approve, approve, approve.

00:09:57.000 | You know, if you have like your Mac or your Windows laptop and it's asking you, hey, do you want to install this thing?

00:10:01.000 | Eventually, users just start hitting approve on everything.

00:10:03.000 | Just oothing, giving broad scopes.

00:10:05.000 | And so this actually doesn't really achieve a secure model, even though from a compliance perspective it might be acceptable from IT.

00:10:14.000 | So these are four techniques that people are kind of adopting today, persona shadowing, delegation chains, capabilities tokens, and, you know, escalation to humans.

00:10:23.000 | I think actually like the right approach is a combination of these things in different scenarios.

00:10:29.000 | So depending on what application you're building, the access patterns, you know, who your customers are, like what kind of what restrictions they have in their environment,

00:10:38.000 | you might adopt different pieces of these or all of them, or maybe something totally different.

00:10:42.000 | But they're just some of the architectural techniques that I'm seeing for kind of securing and bringing identity to agentic systems.

00:10:49.000 | Okay.

00:10:50.000 | We're going to keep going.

00:10:52.000 | I'm going pretty fast.

00:10:54.000 | Next, I want to talk about one of my favorite things, which is acronyms.

00:10:59.000 | We love acronyms at WorkOS.

00:11:02.000 | There's acronyms everywhere in the identity and security space.

00:11:05.000 | I want to talk a little bit about some emerging standards and protocols specifically for bringing identity to agentic systems that are open.

00:11:12.000 | out there.

00:11:13.000 | So some of these you might have heard of.

00:11:14.000 | Some of these you certainly haven't.

00:11:15.000 | They're brand new.

00:11:16.000 | But I'll go through a few of them just so you'll have some lingo as you think about this maybe over the next year.

00:11:21.000 | Cool.

00:11:22.000 | The first is OAuth.

00:11:23.000 | How many people have built something with OAuth?

00:11:25.000 | Like pretty much everybody.

00:11:26.000 | Yeah.

00:11:27.000 | OAuth.

00:11:28.000 | Standard authorization delegation system on the internet.

00:11:31.000 | OpenID Connect.

00:11:32.000 | If you're not familiar with that, it's kind of like OAuth's like younger, hotter cousin or something.

00:11:38.000 | Essentially allows for delegation of the identity and authorization.

00:11:41.000 | This has come to MCP relatively recently.

00:11:44.000 | So you can--through MCP, you can add an OAuth 2.1 authorization server, split the authorization from the resource server, and essentially create identity for MCP servers.

00:11:53.000 | OAuth--problem with it is it was built for human consent and not machines.

00:11:58.000 | So it kind of depends on like a user interface.

00:12:01.000 | We need to adapt it for machine auth.

00:12:02.000 | It also has static scopes.

00:12:04.000 | There's a lot of problems with it for agentic identity.

00:12:07.000 | But the benefit is everybody here knows it, right?

00:12:09.000 | And it's already integrated with a lot of applications.

00:12:11.000 | So there's a ton of momentum just generally around OAuth for agentic identity.

00:12:16.000 | UMA, user-managed access.

00:12:20.000 | This is actually an extension to OAuth that allows a user or resource owner to proactively grant another party, a requester, access to resources from a central authorization server.

00:12:30.000 | Kind of like what we're seeing with the MCP work that I mentioned.

00:12:33.000 | It essentially lets a user set policies or like what an agent can do, but uses the OAuth-based handshake to enforce those policies on resource APIs.

00:12:41.000 | So it's an extension to OAuth for those resources.

00:12:43.000 | Agents are really all about accessing resources and doing specific actions.

00:12:47.000 | So, you know, for an AI agent, it could leverage this UMA to control maybe what a personal AI assistant is allowed to do.

00:12:53.000 | It's externalizing the content in access policy rather than baking it into the OAuth consent dialogue that you approve specific things.

00:13:01.000 | It's on a go-forward basis, user-managed access.

00:13:04.000 | Another one is GNAP, Grant Negotiation and Authorization Protocol.

00:13:11.000 | If you're a masochist like me, you can go read the RFC 9635.

00:13:14.000 | There's a lot of cool stuff in this.

00:13:15.000 | This is designed actually for a dynamic negotiation of token scopes.

00:13:19.000 | So we've all probably seen in OAuth, you have these static token scopes.

00:13:22.000 | Gmail, it's like read and write access.

00:13:24.000 | You know, maybe it's your Twitter account.

00:13:25.000 | You can post tweets.

00:13:26.000 | But we really need like dynamic tokens--excuse me, dynamic scopes.

00:13:31.000 | Because as an agent is running, it might need to go do something that you didn't previously authorize it to do, that you might not have known it needed to do.

00:13:37.000 | Maybe it proposes it wants to go do something that wasn't even in the original scope.

00:13:41.000 | So this dynamic negotiation of tokens is actually an important way to have interaction with agentic identity.

00:13:48.000 | GNAP is actually a flexible framework for this.

00:13:51.000 | It was built before all the stuff around agents.

00:13:54.000 | So it's like pretty cool.

00:13:55.000 | It's like relatively well-baked.

00:13:57.000 | Unfortunately, it's not that well implemented out there in the wild.

00:13:59.000 | So it's a lot of really good ideas, but kind of lower on the implementation stack.

00:14:06.000 | There's more.

00:14:07.000 | OIDC-A, OpenID Connect for agents.

00:14:10.000 | This is very much in the protocol phase.

00:14:12.000 | It's an emerging protocol for OpenID Connect.

00:14:14.000 | I actually was told recently that the guy that's doing this is kind of doing it without the consent of the OIDC Federation.

00:14:21.000 | And so maybe it's not even real.

00:14:22.000 | I don't know.

00:14:23.000 | This is how cutting edge this stuff is.

00:14:24.000 | But essentially, it allows you to bake agent identity claims and delegation chains into OpenID Connect more natively.

00:14:30.000 | So people are really trying to bring OpenID Connect into the agentic world.

00:14:33.000 | It also allows for cryptographic attestations for tokens.

00:14:37.000 | If these big words don't mean anything to you, don't worry.

00:14:40.000 | But essentially, it's an extension to OIDC.

00:14:43.000 | And last one here, secure credential presentation.

00:14:45.000 | The WC3 created something called verifiable credentials a while ago.

00:14:49.000 | It's really used for people.

00:14:50.000 | So if you, like, get a, you know, degree from Stanford, they can, like, mint that,

00:14:54.000 | and actually you can have a signed JSON object that says, you know, you got a Bachelor's of Science degree.

00:14:59.000 | People are applying this to agentic systems, which is pretty cool.

00:15:03.000 | So, you know, an agent could have this, like, verifiable credential.

00:15:06.000 | You know, Alice does work at WorkOS, Alice agent, and that could be passed on to other systems.

00:15:11.000 | So leveraging this existing verifiable credential work.

00:15:15.000 | I'm sort of running short on time, so I'm going to skip forward a little bit of some of this stuff.

00:15:22.000 | In the industry, what we're seeing is that it's still really early.

00:15:26.000 | And the pattern that's really emerging is middleware for agents.

00:15:30.000 | So rather than baking it into the application code, people are writing their agentic code,

00:15:34.000 | and then leveraging services or open source frameworks to actually create a trust boundary in between,

00:15:39.000 | in between your agentic code and enterprise systems.

00:15:42.000 | You can't guarantee your agent is going to do anything very specific.

00:15:45.000 | Even, you know, if you have evals around it or guardrails, people can still prompt inject.

00:15:49.000 | They can prompt hijack.

00:15:50.000 | You kind of have to treat your agent as, like, untrusted.

00:15:53.000 | And so this idea of, like, putting a layer in between that's managed, that can be dynamic,

00:15:57.000 | that can actually log and enforce things is the most common.

00:16:01.000 | This is what we've done at WorkOS.

00:16:03.000 | We've built a bunch of stuff around here.

00:16:04.000 | We have an identity product called AuthKit.

00:16:06.000 | That's what I was mentioning for MTP.

00:16:08.000 | Like, Cursor uses this today at WorkOS.

00:16:12.000 | We also have something called FGA for authorization, granular access to permissions.

00:16:17.000 | And we actually run this middleware.

00:16:18.000 | We even have a system that can detect fraud, bots, abuse.

00:16:22.000 | So we found this middleware approach of layering something in between application code

00:16:26.000 | and kind of enterprise resources to be really, really powerful.

00:16:29.000 | Microsoft is doing some cool stuff with their workload identities, actually.

00:16:33.000 | And I would also recommend going looking at Cloudflare's work on their MCP auth.

00:16:39.000 | Cloudflare is a fantastic, like, networking, you know, stack solution.

00:16:43.000 | And because they're in the network layer, they already are doing this middleware stuff.

00:16:49.000 | So to kind of wrap up, what's next?

00:16:51.000 | Well, I would say, like, in the previous world, especially around enterprise IT, it was very black and white.

00:16:56.000 | You know, there were trusted things and untrusted things.

00:16:59.000 | There were apps that were blessed by IT and apps that were maybe not blessed.

00:17:02.000 | Maybe not blessed that you were kind of using renegade products.

00:17:04.000 | And you could kind of know what to trust and whatnot.

00:17:07.000 | Unfortunately, this is broken down.

00:17:09.000 | Everything's now in a gray area.

00:17:11.000 | Because you might have trusted products that now have agentic behavior and go do crazy things out in the world, right?

00:17:16.000 | And you might have products that are actually, like, haven't been trusted by IT,

00:17:19.000 | but you need to adopt them and bring them in and start using them more and more.

00:17:22.000 | Or even, like, potentially interacting with existing products through agents that IT can't see.

00:17:28.000 | Something like Claude's computer use, right?

00:17:31.000 | Or we'll kind of talk a little bit about-- Paul will talk about browser base.

00:17:34.000 | You know, be able to log in to existing systems, but have agent experiences on top of it.

00:17:39.000 | Today, about 95%, you know, percent of traffic for most apps is people interfacing with them.

00:17:45.000 | It's humans, you know, logging in and doing stuff today.

00:17:48.000 | And maybe about 5% is automated, or you might have an API where people are scripting stuff.

00:17:52.000 | And what I anticipate is this is actually going to transition, where it'll go, you know, from 95% maybe to 50%.

00:17:58.000 | And then eventually, I think what we're going to see is that, like, 95% of traffic and activity will actually be agents interfacing with products.

00:18:06.000 | And, like, 5% will be us mere mortals doing it instead of agents.

00:18:11.000 | And this is actually going to be really profound.

00:18:13.000 | It's going to allow for, like, a brand-new level of collaboration with machines, much more productivity, you know, connecting these third-party systems.

00:18:20.000 | It's going to be really, really, really powerful.

00:18:22.000 | But it requires us to have a totally new way of thinking about identity for agentic systems, for this to be secure and for not to erode, you know, user trust.

00:18:30.000 | And I think it's just going to keep going from here.

00:18:32.000 | It's not going to stop.

00:18:33.000 | It's not going to stop.

00:18:34.000 | We're going to get more and more and more and more agents in the world.

00:18:37.000 | If we have billions of people on the planet today, you know, I think we're going to have, like, trillions of agents at some point going and doing things for us.

00:18:45.000 | Kind of like a giant army of interns working, making us more productive.

00:18:49.000 | I think that's really exciting.

00:18:51.000 | If you're interested in this and working on identity or you're building agents, what I would ask is just please send me a message or come talk with us.

00:18:57.000 | We're really excited to help support people building products like this and engineers.

00:19:01.000 | And we would love to hear from you.

00:19:02.000 | So you can scan this and DM me on Twitter or just email me.

00:19:06.000 | Thanks so much for the time.

00:19:07.000 | Excited to chat with you.

00:19:09.000 | Thank you so much, Michael.

00:19:12.000 | I have a super interesting question for you.

00:19:14.000 | You project 95% agentic interaction with these APIs.

00:19:17.000 | What's your timeline to 50%?

00:19:18.000 | How long do you think it's going to take us?

00:19:19.000 | I think it depends on the product.

00:19:21.000 | Yeah, I mean, I haven't quite seen this yet.

00:19:25.000 | But you know how there's those restaurants that open just for doing delivery food?

00:19:31.000 | Ghost kitchens.

00:19:32.000 | Ghost kitchens, you know?

00:19:33.000 | And then you're like, oh, I've ordered pizza from that place a bunch of times.

00:19:37.000 | I'm going to go actually check it out.

00:19:38.000 | And you go in, you're like the only one there.

00:19:40.000 | I think it's going to be like that for software.

00:19:41.000 | There will be apps that we use exclusively through agents.

00:19:44.000 | Perplexity just launched the ability to book hotels through Perplexity.

00:19:50.000 | And there's actually a company that provides an API for doing this that doesn't actually have like a normal interface.

00:19:55.000 | They're like, so I think it's already happening.

00:19:58.000 | It's just, you know, like, was it Alan Kay that said?

00:20:01.000 | The future is already here.

00:20:02.000 | Equally distributed.

00:20:03.000 | It's just not equally distributed.

00:20:04.000 | So it's probably already happening amongst you.

00:20:06.000 | We'll see you next time amongst you.

00:20:07.000 | We'll see you next time.

00:20:08.000 | We'll see you next time.

00:20:09.000 | We'll see you next time.