Beak — Agent Identity & Authentication Platform

Overview

Beak — Agent Identity Platform

Beak gives engineering and security teams complete control over every AI agent running in their organization. From registration and credential issuance to real-time policy enforcement and instant revocation — all on infrastructure you own.

Python SDK

pip install beak-sdk

# Register your first agent
from beak import BeakClient

client = BeakClient(
    api_key="bk_your_org_key",
    base_url="https://beak.thebirdling.com"
)

@client.agent(
    name="data-processor",
    scope=["read:db", "write:reports"]
)
async def process_data(payload):
    return await run_pipeline(payload)

Set up agent identity in my project using Beak.

Install beak-sdk. If I already have a database configured, use that. Register agents with BeakClient, decorate functions with @client.agent(), configure per-org API keys, run migrations, set up the kill-switch webhook.

TypeScript SDK

npm install @beak-ai/sdk

import { BeakClient } from '@beak-ai/sdk';

const beak = new BeakClient({
  apiKey: process.env.BEAK_API_KEY,
});

const { token } = await beak.issueToken({
  agentId: 'my-agent-001',
  scope: ['read:customers'],
  taskContext: 'quarterly-report',
});

MCP-I Level 1 — OIDC Token Exchange

# Exchange your enterprise OIDC token for a Beak ephemeral JWT
POST /v1/auth/token/oidc

{
  "oidc_token": "eyJhbGciOiJSUzI1NiJ9...",
  "oidc_issuer": "https://accounts.google.com",
  "scope": ["read:agents", "execute:tasks"]
}

Built for

Enterprises Scale-ups Platform Teams Security Teams Developers

What Beak does

Identity

Agent registration

Multi-tenant isolation

Shadow AI detection

Blast-radius scoring

Runtime discovery

Credentials

Ephemeral short-lived tokens

Task-scoped access

Enterprise SSO (OIDC)

Per-workspace API keys

Encrypted secret vault

Control

Fine-grained policies

Global kill-switch

Sub-500ms revocation

MFA for operators

Immutable audit log

Platform

Registry

Discover and monitor every AI agent across your organization. Shadow AI detection built in.

Broker

Issue short-lived, task-scoped credentials. Encrypted secret vault. Enterprise SSO via OIDC.

Enforcer

Policy-based authorization evaluated on every request. Configurable Rego rules.

Guardian

Hard-kill or suspend any agent globally in under 500ms. Fail-closed by design.

View all products ↗