How AI Agents Will Break Passkeys And 3 Ways To Fix Them

The Authentication Crisis: Why AI Agents Are Breaking Passkeys

Passkeys were built to secure humans, not machines. As Asia's enterprises wire AI into daily operations, a new kind of identity crisis is emerging that threatens to undo years of security progress.

The promise was simple: eliminate phishing by replacing passwords with cryptographic credentials stored on your device. Apple, Google, and Microsoft have spent years coaxing the world toward this vision. Banks in Singapore and Hong Kong now encourage customers to use them. Retailers across Australia and Japan deploy them to reduce checkout fraud.

But beneath that success lies a fundamental design flaw. Passkeys authenticate humans through biometrics and device-specific keys. They were not designed for autonomous AI agents that operate on behalf of those humans.

How Passkeys Work (and Why They Excel for Humans)

For all their marketing jargon, passkeys are elegant. Instead of a shared secret that can be stolen, they use asymmetric cryptography. Your private key never leaves your device; the server only ever sees your public key. That means there's nothing for a phisher to trick you into giving away.

The system replaces brittle passwords with a pair of keys secured by your fingerprint or face. They solve two long-standing headaches: proving you are you and ensuring that websites are who they claim to be.

The trade-off, however, is dependency. Passkeys tie your identity to a single device or cloud service. Lose the device, and recovery depends on whatever backup policy your provider enforces. In Apple's case, that's iCloud with two-factor authentication.

Where AI Agents Shatter the Authentication Model

Here's the critical issue: an AI agent cannot press its thumb against a fingerprint reader or scan its face with Face ID. It cannot live inside iCloud. It cannot authenticate via a smartphone.

So, if you want your AI agent to approve a purchase order, reconcile invoices, or fetch HR data, it needs access. The only way to give it that access today is by proxying your credentials.

That's like handing your house keys to a cleaning robot and telling it to make copies "just in case." Convenient, yes. Secure, absolutely not.

"We're seeing enterprises rush to deploy AI agents using human credentials as a shortcut. It's creating massive security blind spots that most organisations don't even recognise yet," says Dr Sarah Chen, Chief Security Officer at CyberEdge Solutions in Singapore.

OAuth, the protocol that powers delegated logins, does technically allow fine-grained permissions. But adoption remains vanishingly low, and human behaviour is rarely tidy. Faced with friction, people override controls. We've seen this movie before, with sticky notes full of passwords taped to monitors.

The Over-Permission Problem

Once an AI agent holds human credentials, it inherits everything. If a CFO's passkey grants access to the entire finance stack, so too does the agent. The result: over-permissioned AI that can move data, approve transactions, or replicate itself faster than any human could.

The danger multiplies when these agents spawn sub-agents or when attackers create impostor agents that mimic legitimate ones. Suddenly, the tidy promise of passwordless security devolves into chaos at machine speed.

For Asia's enterprises, the implications cascade across three critical areas:

• Operational risk: AI agents working with expired or duplicated credentials can trigger system-wide outages
• Compliance risk: Regulators in Singapore and Japan require clear audit trails, but agent actions under human credentials blur accountability
• Security risk: Over-permissioned agents become irresistible targets for attackers seeking to inherit human privileges
• Scale risk: Unlike humans, compromised agents can act simultaneously across hundreds of systems

"The traditional security model assumes one person, one identity, one set of actions. AI agents break all three assumptions simultaneously," explains Marcus Kim, Head of Identity and Access Management at Seoul National Bank.

Three Strategic Fixes for the AI Authentication Crisis

The solution isn't to abandon passkeys but to extend them beyond human-centric design. Three approaches can future-proof^✦ authentication for the AI agent era:

1. Agent-Specific Identities Each AI agent must have its own cryptographic identity, distinct from the human it represents. Think of it as a digital passport with limited permissions, renewable and revocable. This creates accountability without compromising human credentials.

2. Intent-Based Authorisation Access decisions should depend on what an agent is doing, not just who it represents. If an AI is generating an invoice summary, it should never be able to access payroll data. Context-aware permissions prevent privilege creep.

3. Stronger Governance and Observability Businesses must treat AI agents as first-class digital actors, subject to the same monitoring, revocation, and audit policies as employees. Real-time credential mapping becomes essential as regulators tighten data governance rules.

How do AI agents currently access enterprise systems?

Most AI agents today use proxied human credentials, inheriting full user permissions. This creates security blind spots and compliance issues since actions cannot be distinctly attributed to the agent versus the human user.

Can existing OAuth protocols handle AI agent authentication?

OAuth technically supports fine-grained permissions, but only 1% of websites implement it fully. Even when available, most organisations default to broad permissions for simplicity, recreating the over-permission problem.

What regulatory challenges do AI agents create for authentication?

Regulators in Singapore and Japan require clear audit trails for financial transactions. When AI agents act under human credentials, it becomes impossible to determine who or what initiated specific actions, creating compliance gaps.

How fast can compromised AI agents cause damage compared to human attackers?

AI agents can operate simultaneously across hundreds of systems at machine speed. A compromised agent with broad permissions could exfiltrate data or execute transactions faster than any human attacker or security response team.

What's the timeline for implementing agent-specific authentication systems?

Industry experts estimate 18-24 months for new standards to emerge, with another 2-3 years for widespread enterprise adoption. Early movers are already piloting custom solutions for high-risk environments.