It answers one question: “Who are you?” That’s different from permissions, which ask, “What are you allowed to do?” Proving identity gets you in the door; it doesn’t decide which doors open.
Think about a hotel front desk. They don’t hand you a room key because you know the room number. They check your name, your ID, and the reservation first. Once they believe you’re the right person, they give you access, and only to your room, not the office or the reservation system.
How it shows up
In normal software, authentication is your login: password, magic link, Face ID, single sign-on, a two-factor code. In API work, it may be an API key, an OAuth flow, or another credential proving one system’s identity to another. This is where secrets matter: a password, key, or token is the thing a system uses to believe you, so if someone else gets it, they can walk up to the front desk as you. AI adds a layer, because you’re not always authenticating a human. Sometimes it’s an agent, script, or background process, which is why OAuth and agent identity matters: the business needs to know whether an action came from you, your agent, or a shared integration.
Why you care
Authentication is where AI work can quietly become unsafe. Wrong credential and the agent fails; too much credential and it does too much; credentials stored badly and you have a security problem that has nothing to do with how smart the model is. The rule is straightforward: know who or what is logging in, keep credentials out of plain sight, and match identity to the job.