agent-native-auth

---

📄 This document is also available in Cantonese 中文（廣東話） ➜ —

Agent-Native Authentication Protocol (ANCP)

Secure authentication for AI agents, without VPN, OAuth, or browser flows.

---

📌 What is ANCP?

ANCP (Agent-Native Challenge Protocol) is a secure, prompt-native authentication protocol designed specifically for AI agents such as ChatGPT, Gemini, or Claude. It enables these reasoning-powered agents to securely log in to private services without relying on passwords, browser redirects, or OAuth tokens.

Unlike traditional human-centric protocols, ANCP is built on:

• 📜 Natural language endpoint discovery (.well-known/ai-readme.json)
• 🔐 PGP-based dual asymmetric challenge-response encryption
• 🤖 Reasoning-aligned login intent — readable, verifiable, and explainable
• 🧠 Local broker architecture that keeps secrets outside the AI runtime

ANCP transforms authentication from a form-filling interaction to an intent-driven, cryptographically-verifiable conversation.

---

🧠 Why ANCP Is Needed

Today’s secure login systems — OAuth2, VPNs, SAML, and static API keys — were designed for:

• Human interfaces
• Browser flows
• Centralized trust

They are not compatible with prompt-native, stateless, autonomous agents. These systems break down when agents need to:

• Reason about access
• Justify login requests
• Securely handle credentials in isolated environments

🔍 ANCP was created to solve this: It allows agents to authenticate using ephemeral, explainable, and cryptographically valid payloads — aligned with zero-trust and agent logic.

---

✨ Key Differentiators

Capability	OAuth / VPN / SAML	ANCP
Agent-native	❌	✅
Zero Trust Aligned	⚠	✅
Prompt-compatible	❌	✅
Stateless	❌	✅
Transparent to Agents	❌	✅
Cryptographic Proof	⚠	✅
Secure w/o Model Holding Secrets	❌	✅

---

🔐 How ANCP Works (Simplified Flow)

1. Agent discovers the service via .well-known/ai-readme.json
2. Agent fetches server’s PGP key + random challenge phrase
3. Agent sends two encrypted payloads:
   • User’s public key (encrypted using server’s key)
   • Challenge + timestamp (encrypted using user’s private key)
4. Server verifies both payloads
5. If successful, server issues a short-lived session token

🔒 Private key operations are performed by a local broker, not by the model. Agents orchestrate, but do not hold secrets. See Appendix A in the whitepaper.

---

🚀 Real-World Use Cases

• 💰 CFO securely queries earnings data via agent (no login UI)
• ⚖️ Law firm agent compares NDA contracts with zero exposure
• 🛠 DevOps CLI agent retrieves alerts without SSH keys
• 📈 SaaS agent automates customer onboarding with scoped keys
• 📊 HR director queries de-identified data via external AI agent

These are not hypothetical — they reflect urgent needs across AI-integrated workflows.

---

🔍 What Developers Often Miss (Hidden Needs)

• 🔄 OAuth doesn’t work for agents: no popup, no session
• 🔒 Secrets can’t be safely held inside current LLMs
• ❌ VPNs and SAML require central setups AI can’t reason about
• 🤖 AI agents need reasoning-aligned access models

ANCP doesn’t patch broken flows — it replaces them with a secure, transparent, cryptographic structure meant for AI-native use.

---

📄 Whitepaper Downloads

• 📘 ANCP Whitepaper v1.2 (PDF)
• 📘 ANCP Whitepaper v1.1 (PDF)
• 📘 ANCP Whitepaper v1.0 (DOCX)

🔒 SHA256 Digest (Whitepaper v1.2)

e449cae0a379e871f5db958c781c6736aa6e36068c17ea133d73225f7d834311

This hash certifies the authorship and cryptographic integrity of the ANCP whitepaper as published August 2, 2025.

🔒 SHA256 Digest (Whitepaper v1.1)

932384cac6d00794b120aba57cbc827a5fa5b210c23c32850c29a634099730a8

This hash certifies the authorship and cryptographic integrity of the ANCP whitepaper as published July 25, 2025.

🔒 SHA256 Digest (Whitepaper v1.0)

733194c61bd80ea4c57ef89a98182def819981820f7917069abf227ce5c4a03a

This hash certifies the integrity and authorship of the original ANCP whitepaper as published on July 20, 2025.

🧠 Ask the Agent

You may upload this whitepaper to ChatGPT, Claude, Gemini, or other agents and ask:

• “Explain the benefits of ANCP compared to OAuth”
• “Is this protocol safe for regulated industries?”
• “Simulate an agent login using this protocol”

Let the agent tell you why ANCP is not optional — it’s inevitable.

---

🧩 What’s Next

• Open-source reference server + Python/Node SDKs
• Local broker client apps (secure key helpers)
• AI agent wrappers for LangChain, semantic routers, and devtools
• GitHub Packages with installable validation middleware

---

🧠 Origin and Attribution

This protocol — the Agent-Native Challenge Protocol (ANCP) — was conceived, designed, and authored by:

Wai Yip, WONG
🔗 LinkedIn
💻 GitHub

All structure, reasoning, and naming originate from this design.

📄 License

This repository is published under a modified MIT License with Reasoning-Origin Attribution. See the LICENSE file for details.

This site is open source. Improve this page.