Infinite Curiosity
Passwords Are Broken: AI Agents Need Identity | Rishi Bhargava, CEO of Descope
Infinite Curiosity
•December 12, 2025•37 min
0
Infinite Curiosity•Dec 12, 2025
Key Takeaways
- •Passwords remain legacy; passwordless adoption is accelerating.
- •Passkeys use biometric‑locked cryptographic secrets, eliminating shared passwords.
- •Descope enables developers to add passwordless login with minimal code.
- •AI agents need distinct machine identities combined with user context.
- •Support ticket reduction measures success of identity‑as‑a‑service platforms.
Pulse Analysis
Passwords have been the cornerstone of digital identity since the 1970s, but their inherent weakness—shared secrets that can be stolen—has made them a liability for both consumers and enterprises. Rishi Bhargava explains that new applications, especially those built in the last three years, are abandoning passwords in favor of OTPs, social logins, and, increasingly, passkey technology. Descope positions itself as a developer‑first identity platform that lets SaaS products replace traditional login screens with passwordless flows using just a few lines of code. By handling the complex backend of authentication and authorization, Descope frees engineering teams to focus on core product features.
Passkeys combine a large cryptographic secret with biometric or device‑based unlocking, so the user never knows or shares the secret. This eliminates credential reuse and dramatically reduces the attack surface exploited by credential‑stuffing and dark‑web sales. Major providers such as Google and Amazon have demonstrated seamless passkey experiences, allowing users to authenticate on a new device without typing a password. The result is higher conversion rates, lower friction, and a measurable drop in support tickets related to password resets. For enterprises, the shift also means compliance‑friendly authentication that meets modern security standards without sacrificing usability.
The next frontier, according to Bhargava, is identity for AI agents. An agentic identity merges a machine’s OAuth client credentials with the user who authorizes it, enabling both fully autonomous processes and on‑behalf‑of actions. Descope’s platform assigns unique identities to each agent, tracks permissions, and integrates with existing user directories, ensuring that good bots can operate securely while malicious actors are blocked. This future‑proof approach aligns with the broader industry move toward zero‑trust architectures. Companies that adopt such granular identity controls report up to a 70 % reduction in support tickets and faster time‑to‑value for new authentication features.
Episode Description
Rishi Bhargava is CEO of Descope, an identity management platform for customers and AI agents. They've raised $88M in funding from investors such as Notable Capital, Lightspeed, Unusual Ventures. The two previous he founded were acquired by Palo Alto Networks and McAfee.
(00:01) Introduction
(00:08) Origin story: why identity and passwords needed a rethink
(02:59) Passwords vs passkeys explained in plain English
(05:06) Why logging in is still painful (and why passwords persist)
(09:06) Account takeovers explained: how hacks actually happen
(11:59) Building security products: philosophy vs regular software
(14:24) The ideal login experience: from frustration to seamless access
(16:40) What is an AI agent? Defining agent identity simply
(21:54) Good bots vs bad bots: trust, access, and control in an agent world
(25:03) Breaches and blast radius: security before vs after Descope
(27:55) Company building lessons from Demisto to Descope
(30:15) AI trends that matter most for enterprise products
(32:40) Rapid Fire Round
Where to find Rishi Bhargava:
LinkedIn: https://www.linkedin.com/in/bhargavarishi/
Where to find Prateek Joshi:
Website: https://prateekj.com
Research Column: https://www.infrastartups.com
LinkedIn: https://www.linkedin.com/in/prateek-joshi-infinite
X: https://x.com/prateekj
Show Notes
0
Comments
Want to join the conversation?
Loading comments...