HN Reader

Redis is open source again (antirez.com)

1864 points by antirez 3d ago 774 comments

Widespread power outage in Spain and Portugal (bbc.com)

1551 points by lleims 6d ago 1161 comments

Someone at YouTube needs glasses (jayd.ml)

1393 points by jaydenmilne 4d ago 689 comments

Apple violated antitrust ruling, judge finds (wsj.com)

1150 points by shayneo 3d ago 594 comments

I use zip bombs to protect my server (idiallo.com)

1057 points by foxfired 6d ago 443 comments

Judge rules Apple executive lied under oath, makes criminal contempt referral (thebignewsletter.com)

1008 points by connor11528 3d ago 354 comments

Watching o3 guess a photo's location is surreal, dystopian and entertaining (simonwillison.net)

982 points by simonw 8d ago 433 comments

Show HN: I built a hardware processor that runs Python (runpyxl.com)

980 points by hwpythonner 6d ago 265 comments

Internet in a Box (internet-in-a-box.org)

890 points by homebrewer 7d ago 246 comments

Qwen3: Think deeper, act faster (qwenlm.github.io)

861 points by synthwave 6d ago 383 comments

LibreLingo – FOSS Alternative to Duolingo (librelingo.app)

796 points by hyperific 5d ago 361 comments

Firefox tab groups are here (blog.mozilla.org)

793 points by TangerineDream 5d ago 440 comments

Office is too slow, so Microsoft is making it load at Windows startup (pcworld.com)

792 points by airstrike 3d ago 1007 comments

An end to all this prostate trouble? (yarchive.net)

790 points by bondarchuk 8d ago 315 comments

Finland Bans Smartphones in Schools (yle.fi)

776 points by freetonik 4d ago 468 comments

ICE Deports 3 U.S. Citizen Children Held Incommunicado Prior to the Deportation (aclu.org)

740 points by mandmandam 8d ago 814 comments

Migrating away from Rust (deadmoney.gg)

727 points by rc00 6d ago 753 comments

Claude Integrations (anthropic.com)

716 points by bryanh 3d ago 256 comments

Port of Los Angeles says shipping volume will plummet 35% next week (cnbc.com)

715 points by perihelions 4d ago 642 comments

I created Perfect Wiki and reached $250k in annual revenue without investors (habr.com)

710 points by sochix 4d ago 399 comments

Try Switching to Kagi (daringfireball.net)

710 points by Ch00k 5d ago 465 comments

Show HN: Free, in-browser PDF editor (breezepdf.com)

706 points by philjohnson 1d ago 147 comments

Only Teslas exempt from new auto tariffs thanks to 85% domestic content rule (fuelarc.com)

634 points by abduhl 5d ago 684 comments

All four major web browsers are about to lose 80% of their funding (danfabulich.medium.com)

629 points by dfabulich 6d ago 631 comments

Starting July 1, academic publishers can't paywall NIH-funded research (nih.gov)

623 points by m463 3d ago 107 comments

Jepsen: Amazon RDS for PostgreSQL 17.4 (jepsen.io)

601 points by aphyr 5d ago 145 comments

Accountability Sinks (250bpm.substack.com)

581 points by msustrik 1d ago 376 comments

Show HN: My self-written hobby OS is finally running on my vintage IBM ThinkPad (github.com)

573 points by joexbayer 8d ago 116 comments

How to live an intellectually rich life (utsavmamoria.substack.com)

566 points by TheLadyParadox 2d ago 316 comments

Sycophancy in GPT-4o (openai.com)

553 points by dsr12 4d ago 441 comments

Chain of Recursive Thoughts: Make AI think harder by making it argue with itself (github.com)

535 points by miles 5d ago 239 comments

The Friendship Recession: The lost art of connecting (happiness.hks.harvard.edu)

534 points by 47thpresident 8d ago 447 comments

Retailers will soon have only about 7 weeks of full inventories left (fortune.com)

525 points by andrewfromx 4d ago 985 comments

Cloth (cloudofoz.com)

517 points by memalign 8d ago 59 comments

Why did Windows 7 log on slower for months if you had a solid color background? (devblogs.microsoft.com)

504 points by zdw 6d ago 295 comments

How a single line of code could brick your iPhone (rambo.codes)

501 points by sashk 7d ago 123 comments

A faster way to copy SQLite databases between computers (alexwlchan.net)

496 points by ingve 3d ago 195 comments

Show HN: I built a synthesizer based on 3D physics (anukari.com)

489 points by humbledrone 2d ago 121 comments

Xiaomi MiMo Reasoning Model (github.com)

477 points by thm 4d ago 190 comments

108B Pixel Scan of Johannes Vermeer's Girl with a Pearl Earring (hirox-europe.com)

473 points by twalichiewicz 3d ago 138 comments

How the US defense secretary circumvents official DoD communications equipment (electrospaces.net)

468 points by Harvesterify 4d ago 432 comments

We fell out of love with Next.js and back in love with Ruby on Rails (hardcover.app)

466 points by mike1o1 1d ago 444 comments

Show HN: I made a web-based, free alternative to Screen Studio (screenrecorder.me)

461 points by johnwheeler 6d ago 116 comments

You Wouldn't Download a Hacker News (jasonthorsness.com)

455 points by jasonthorsness 4d ago 227 comments

Apple App Store guidelines remove ban on encouraging external payments in US (developer.apple.com)

454 points by macguillicuddy 2d ago 339 comments

U.S. Economy Contracts at 0.3% Rate in First Quarter (wsj.com)

452 points by bko 4d ago 556 comments

Amazon to display tariff costs for consumers (punchbowl.news)

449 points by donohoe 5d ago 429 comments

DuckDB is probably the most important geospatial software of the last decade (dbreunig.com)

448 points by dbreunig 1d ago 144 comments

O3 beats a master-level GeoGuessr player, even with fake EXIF data (sampatt.com)

448 points by bko 5d ago 308 comments

Third party cookies must be removed (w3ctag.github.io)

447 points by pabs3 2d ago 227 comments

Show HN: Pomerium Agentic Access Gateway – dynamic auth for AI agents

8 bdesimone 0 5/4/2025, 3:53:48 PM
TL;DR: We are building a new Agentic Access Gateway in Pomerium to safely let AI agents (like GPT-based deep researchers, scripts or assistants) access internal apps and resources on your behalf – with fine-grained, just-in-time authorization for every action. It's open source (GitHub link below) and we're looking for feedback and early access users.

What is Pomerium? For those unfamiliar, Pomerium is an open-source identity-aware proxy (a "zero trust" access gateway). It sits in front of your internal apps and APIs, continually verifying identity and context on every request.

The problem: AI agents are starting to act on our behalf in software – making requests, pulling data, and triggering actions autonomously. The rise of AI agents and protocols like Model Context Protocol (MCP) is really exciting. The potential for agents to interact with diverse tools (APIs, databases, SaaS) both internal and hosted to perform complex tasks is immense.

However, the current MCP spec focuses on tool interaction and discovery but leaves per-request authorization largely undefined. Relying solely on initial OAuth scopes, as suggested, falls short for dynamic agent workflows where context can change mid-task. Pushing complex, context-aware AuthZ logic into every single tool creates security sprawl, inconsistency, and operational overhead – antithetical to core Zero Trust principles.

Our solution: Agentic Access Gateway is a new feature in Pomerium designed for this AI-driven world. It extends Pomerium's core capabilities (continuous authn/authz) to non-human agents. In a nutshell, it treats AI agents as first-class identities that carry context and require policy checks at each step.

Key functionality includes:

  - Centralized Policy Enforcement: Pomerium acts as a gateway in front of your MCP tools (and potentially other APIs agents might use). One place to define and enforce access policy.
  - Context-aware policy enforcement: Every request from the AI agent is checked against policy – including who (or what) the agent is acting for, what data it's trying to access, and any anomaly in behavior. If an agent strays out of bounds, it's denied on the spot.
  - Leverages Existing Identity: Agents authenticate via standard flows (OAuth2.1/OIDC style), so you can tie an agent's actions back to a real user or service account. Example: an agent acting for user Alice can inherit Alice's permissions (but only the ones you allow, and only while performing the task).
  - Just-in-time credentials: Instead of static API keys, an agent can request access through Pomerium and get a short-lived token scoped to the specific task or tool. No more "one token to rule them all" lying around.
  - Audit & traceability: All agent actions pass through a single gateway, so you get centralized logs and visibility. It's easy to see "which AI did what, when" for compliance or debugging.
  - Works with existing tools: Because it's built into Pomerium, you don't need a whole new stack. You configure policies in one place, and your internal APIs don't have to be modified.
Demo: We made a 60s video showing Pomerium can protect access to both SaaS (Google Docs) and an internal apps (a internal db). See Claude pull data from a Google Doc, then pivot to an internal Postgres query – all in one run.

https://www.youtube.com/shorts/IwMmuI-DMhs

The Ask: We'd love the HN community's feedback on this approach. Are you dealing with AI agents in your systems yet?

Sound interesting? Looking leverage an internal datasource to your LLMs? Sign up for early access to the Agentic Access Gateway:

https://www.pomerium.com/secure-agentic-access

If you'd like to contribute or want to dig into the code:

https://github.com/pomerium/pomerium

Thanks for reading! We built this because we believe the age of AI agents calls for a new kind of access control. Let us know what you think!

Comments (0)

No comments yet