MCP Needs Authorization
MCP connects AI agents to tools and data sources but has no built-in authorization. Every tool call is a trust boundary crossing without access control.
Dispatch
The State of Authorization in 2026: An Industry Analysis
Analysis of authorization practices across 500+ organizations. Most still use home-grown RBAC. AI agents are exposing the gaps. Broken access control remains the #1 application security risk for the fourth consecutive year.
InferaDB vs. OpenFGA vs. SpiceDB vs. Oso: Authorization Infrastructure Compared
Choosing authorization infrastructure is a high-stakes decision with real lock-in. We compare InferaDB, OpenFGA, SpiceDB, and Oso on performance, security, pricing, and operational burden — honestly.
The CISO's Guide to Fine-Grained Authorization
Broken access control is the #1 API security risk — and most organizations still treat authorization as application logic, not infrastructure. A practical guide for security leaders evaluating fine-grained authorization.
How to Evaluate Authorization Infrastructure: A Buyer's Checklist
Choosing authorization infrastructure locks you in for years. Here's a structured evaluation framework covering performance, security, compliance, pricing, and lock-in risk — the questions to ask and what good answers look like.
Migrating from Home-Grown RBAC to InferaDB
You started with a user_roles table. Now you have a maze of role matrices, permission overrides, and sharing logic nobody can reason about. Here's the concrete migration path from home-grown RBAC to InferaDB — step by step, with a rollback plan.
Google Zanzibar: The Authorization Model Behind Every Google Product
Google's Zanzibar handles 10 million permission checks per second across every Google product. Every open-source implementation since has hit the same ceiling: general-purpose databases. Here's how Zanzibar works and why InferaDB removes that ceiling.
InferaDB: Why We're Building a Purpose-Built Authorization Database
Authorization is a hidden crisis in modern software. We helped build OpenFGA and saw the architectural limits firsthand. InferaDB is what we wished existed — purpose-built authorization infrastructure, delivered as a managed service.
How AI Agents Are Breaking Traditional Authorization
Traditional authorization handles 1-2 checks per request. AI agent workflows need dozens — and at 5-50ms each, that's seconds of latency before any work happens. The agent era needs authorization infrastructure built for machine-speed decisions.
How InferaDB Achieves 1,000x Faster Permission Checks
Authorization checks through general-purpose databases take 5-50ms. InferaDB's purpose-built storage engine delivers 2.8 microsecond p99 reads. Here's the architecture that makes it possible.
Why Eventual Consistency in Authorization Is a Security Vulnerability
If Alice revokes Bob's access at 10:00:00 and Bob's request at 10:00:01 hits a stale replica, he retains access. This is the 'new enemy problem.' InferaDB uses Raft consensus with revision tokens to solve it.
WebAssembly Policy Modules: Custom Authorization Logic in Any Language
Not everything fits into declarative rules. IP geofencing, subscription tier checks, time-window restrictions — these need real code. InferaDB lets you write that logic in any language, compile to WebAssembly, and run it inside the authorization engine with full sandboxing.
The Infera Policy Language: One Schema for Every Authorization Model
Most teams stitch together RBAC, ReBAC, and ABAC with application code. IPL unifies all three in a single declarative language — statically analyzed at deploy time, evaluated in parallel at query time. One schema, one evaluation, one audit trail.
Authorization Market: $3.32B and No Dominant Player
The fine-grained authorization market is $3.32B and growing at 19.3% CAGR — significantly outpacing the broader IAM market. Yet total VC investment is modest, there's no dominant player, and the category leader position is wide open.
NIS2, DORA, and the EU AI Act: Why Authorization Is Now a Compliance Requirement
NIS2, DORA, and the EU AI Act all mandate fine-grained, auditable access control — with enforcement deadlines already passing. Here's what each regulation requires and why most authorization systems can't deliver it.
Why We Chose Rust for InferaDB
An authorization service has a brutal performance contract: sub-microsecond reads, zero latency spikes, memory safety without compromise. We evaluated Go, Java, and C# seriously. Here's why Rust was the only language that met all three requirements.
Cryptographic Tenant Isolation: Why Application-Level Multi-Tenancy Isn't Enough
Every multi-tenant authorization system promises tenant isolation. Most enforce it with WHERE clauses. One missing filter and data leaks across tenant boundaries. InferaDB enforces isolation with cryptography — cross-tenant access isn't prevented, it's architecturally impossible.
Securing RAG Pipelines: Per-User Document Authorization for AI
Your RAG pipeline has a security hole. When an LLM retrieves documents to answer a question, it pulls everything the vector search returns — including documents the requesting user shouldn't see. InferaDB enforces per-user authorization before retrieval, not after.