Designing an Auth model for Multiplayer AI

What everyone agrees on: Multiplayer AI: Where humans and a shared AI agent can work together in one shared conversation thread.

What is not clear: What privilege level does the shared AI agent work with when responding to different users?

These are the 2 options:

1. Self-authorized: The AI agent has its own credentials. In this case, the AI agent just reduces to a trivial case of being another "user" with its own set of credentials. Implement this by giving the AI agent its own google email or Okta id. This is the "Agent Identity" paradigm introduced by Claude Tag.
2. User-authorized: Each AI agent always works on the behalf of a particular human user. This is truly a shared AI agent that can securely work with multiple users at the same time. Implement this by having the AI agent use the human user's id and enforce those permissions.

Here's a way to visualize the explosive increase in security governance for a self-authorized model (each agent gets its own identity depending on which user group is using it and for what intent) vs the user-authorized system where there's no additional security surface area.

A self-authorized multiplayer AI implementation will ultimately not feel like a truly multiplayer agent or coworker. From a security posture point of view, it comes built-in with a confused deputy problem. The future belongs to user-authorized multiplayer AI.