INTERFACE Boise
August 20th, 2026

  Presented by Gil Kirkpatrick, Chief Architect • Semperis

Semperis Chief Product Officer Alex Weinert describes AI agents as "curious, genius, sociopathic 5-year-olds." He's right, but while you can supervise one 5-year-old, you can't supervise thousands of AI agents operating at millisecond speed across every system you own. You don't supervise them. You childproof the house.

This session explores the access control model agentic AI actually requires, covering workload identity (SPIFFE, WIMSE, and the IETF's AIMS draft), delegated OAuth (token exchange, actor chains, Rich Authorization Requests, sender-constrained tokens, and the 2026 MCP authorization spec), and dynamic per-action policy evaluation, including why a role is an input to an authorization decision, not the decision itself.

You'll leave with a reference architecture, a maturity model, and a clear understanding of what's standardized today and what still has to be built.