This talk explores securing AI agent workflows through a combination of modern authentication and authorization. It demonstrates how OAuth 2.1 and the Model Context Protocol (MCP) provide identity mechanisms, while explaining why these alone are insufficient for safety. The presentation shows how to apply Zero Trust principles to agent workflows and includes a practical demonstration of an MCP server secured with Pomerium, an open source identity-aware proxy, covering per-request policy evaluation, token management, and controlling tool access within agent systems.