Three startups raised $65.5M to solve AI agent authentication, but hackathon didn't test fix.

Three startups raised $65.5 million to solve the AI agent auth problem. Their own hackathon didn't test whether their fix works.

When Scalekit, Entire.io, and Apify brought developers together in San Francisco on May 23rd to stress-test whether their three stacks could actually compose, the goal was to prove the acting-as-user problem doesn't need custom engineering to solve. The companies have collectively raised $65.5 million on exactly that bet. The hackathon was supposed to validate it.

The judging criteria suggest it didn't. Projects were scored on Innovation (25%), Technical Complexity (25%), Impact (25%), and Presentation and Usability (25%) according to the event brief. None of these dimensions measure whether agents built on Scalekit's auth layer stay within their scoped permissions when the delegation chain runs four hops deep. None test whether the OAuth flow holds when the agent is acting as a specific user in a realistic multi-tenant environment. The $10,000 prize pool, split across three winners, is roughly what a single production security audit costs. Whether the stacks are sufficient for enterprise deployment is not on the rubric.

Scalekit's auth stack handles identity: each agent call carries a verifiable user identity from the enterprise identity provider, scoped to exactly the resources that user is allowed to touch. Ephemeral tokens with time-limited scope. No shared service accounts. Entire.io's git-native session capture handles accountability: every command, file access, and tool call a coding agent executes is replayed from the human's perspective, with git commit metadata and shell history intact. Founded by former GitHub CEO Thomas Dohmke and backed by a $60 million seed round, the company's pitch is direct — existing agent tools give you logs; Entire gives you a reproducible record that survives the session. If an agent deletes a production database, the audit trail shows which developer's context triggered it.

The two stacks address opposite sides of the same problem. Scalekit ensures the right agent reaches the right resource with the right permissions. Entire ensures you know exactly what happened after. Both are genuinely novel infrastructure. The gap between what they claim to be building and how the companies chose to measure success is the actual story.

Apify — founded in 2015 in Prague by Jan Curm and Jakub Balada, launched from the Y Combinator Fellowship, the oldest of the three — provides the execution layer: over 3,000 pre-built "actors" for web scraping, data extraction, lead generation, and competitive intelligence. For an agent built on Scalekit's identity layer and Entire's accountability layer, Apify is the toolbox. The composability story is coherent in principle. The open question is whether it holds in practice.

Hackathons are optimistic by nature. The companies are funding developers to find the seams in their integration before enterprise customers hit them. That is a reasonable bet. But the judging criteria, as written, will not tell you whether the seams hold. They will tell you whether the demo is impressive.

The competitive landscape beyond these three includes MintMCP — a Cursor official security partner for MCP governance via the Cursor hooks program — along with TrueFoundry, IBM's ContextForge, and Microsoft's Azure MCP solutions. Scalekit's specific enterprise identity bet: instead of agents running under shared service accounts, each call carries a verifiable user identity from the enterprise IdP, scoped to exactly what that user is allowed to touch. Auth as the point.

The winners will be the most impressive demos. Whether those demos solve the problem the three companies exist to solve is a separate question — and the one worth answering.