AuthZed Blog

Policy engines promise flexible authorization, but they struggle with the ambient context and relationship-driven decisions that AI systems require. Learn why Relationship-Based Access Control (ReBAC) is the better approach for securing AI agents and RAG pipelines.

Policy engines are being pitched as the solution for AI agent authorization, but they fall short in dynamic, relationship-heavy environments. Jake Moshenko breaks down why relationship-based access control is a better fit as we start treating AI agents more like people than scripts.

Introducing the SpiceDB Foreign Data Wrapper (FDW) for PostgreSQL — a new experimental way to bring real-time authorization context from SpiceDB into Postgres queries, without duplicating data or embedding authorization logic where it doesn't belong.

The SpiceDB query planner project explains the architecture on how we're improving the performance of every permission check.

While many companies push return-to-office, AuthZed stays remote-first. Our secret is regular off-sites where bonding and business coincide. When we prioritize being human together, we return with more empathy, better communication, and renewed drive to solve hard problems.

MCP, A2A, and ACP standardize how AI agents communicate, but none adequately address authorization. This post analyzes specific vulnerabilities in token granularity, revocation propagation, and delegation chains, and outlines requirements for secure agent infrastructure.

Five years in, our mission remains the same, fixing access control. 2025 was about making our authorization infrastructure available to more teams in more ways.

MCP standardizes how AI agents connect to tools and data. What it doesn't do is secure them. The spec addresses authentication plumbing but leaves authorization decisions to implementers. So how do you build with MCP without recreating the mistakes behind 2025's breach timeline? It starts with understanding where the protocol ends and your responsibility begins.

AI fundamentally changes the interface, but not the fundamentals of security. Here's a timeline of security breaches in MCP Servers from the recent past.

Learn how to build a complete retrieval-augmented generation pipeline with multi-tenant authorization using Motia's event-driven framework, OpenAI embeddings, Pinecone vector search, SpiceDB permissions, and natural language querying.

AuthZed now supports Terraform and OpenTofu. You can manage service accounts, API tokens, roles, and permission system configuration as code, just like your other infrastructure. Define resources declaratively, version them in git, and automate deployments across environments without manual configuration steps.

Should your company rebrand as an AI company? We decided not to. AI companies attract outsized funding and partnership dollars. Yet rebranding means trading established brand value and customer mindshare for alignment with today's hottest trend. We stayed brand-neutral because our authorization solution serves both AI and non-AI companies alike. Limiting ourselves to AI-only would be a disservice to our broader mission and the diverse customers who depend on us.

AuthZed now supports Microsoft Azure, giving customers the opportunity to choose from all major cloud providers - AWS, Google Cloud, and Microsoft Azure. Deploy authorization infrastructure to 23+ Azure regions for globally distributed applications.

How a startup designer makes the T wide, expanding into 3D, rapid iteration, and small-batch production without lowering the quality bar.

We're launching two MCP servers to bring SpiceDB closer to your AI workflow. The AuthZed MCP Server provides instant access to documentation and examples, while the SpiceDB Dev MCP Server integrates with your development environment. Learn about our MCP journey from early prototypes to production, and discover how these tools can speed up your SpiceDB development.

In this technical deep-dive, Canva software engineer Artie Shevchenko draws on five years of experience with centralized authorization systems, first with Google's Zanzibar and now with SpiceDB, to tackle one of the most challenging aspects of authorization system implementation: the dual-write problem. This talk was part of the Authorization Infrastructure event hosted by AuthZed on August 20, 2025.