Most conversations about AI agents focus on what they can do. Very few focus on what they should be allowed to do. That gap is what I kept thinking about when I built Vouch for the Auth0 "Authorized to Act" hackathon. The Problem: AI agents are getting good at taking actions: booking meetings, calling APIs, sending emails, managing files. But the current delegation models are broken. You either leak credentials in prompts, which is dangerous, or you hand the agent broad OAuth access and hope it stays in its lane, which is just risky in a different way. There is no clean way to say: this agent can do X on service A, for user B, until this session ends. Nothing more. That missing primitive is the whole problem. How Vouch Works: Vouch sits between the agent and the services it wants to interact with. Instead of giving the agent raw credentials, you define a permission scope for each action. The agent operates within that scope and nothing outside it. The credential delegation runs through Auth0 Token Vault.…