Announcing TAP: the security layer we built to automate our own company

A safer, simpler alternative to both MCP and skills.

At human.tech, as you might know (our AI strategy), we have been investing heavily in having agents run the company with humans in the loop. The first step of this was organizing information and context for agents. Agents could then strategize, make roadmaps, then schedule concrete actions for us to do. But this still left the doing to us, with agents limited as the company "brain" without a central nervous system to act.

We have spent the most time building out the acting layer. Our strategy has always been "Find your biggest blockers that AI cannot automate. Then figure out how to make AI automate it anyway." And in this case, we had to build a lot of software. Software that should be open source and available to other companies. One employee alone has provided approximately $250k of annual value with it in the past month.

What is it?

Tool Authorization Protocol (TAP) is a simple security tool to let your agents run the company. It's the seatbelt and safety mechanisms that you can't run a racecar without. With TAP, we move funds, modify prod deployments, change domain names, and control dozens of external tools. None of our employees have to set up custom skills or MCP servers to access any of these tools, and context pollution has not been an issue. Employees are limited in which actions they can use. E.g., all can access all of our analytics sources but few can view bank accounts or modify production deployments. Sensitive actions, e.g. sending money, require human approval from designated approvers.

Third iteration of MCP and skills

With skills we have stopped using MCP. With TAP, we have stopped using skills. TAP does not pollute the context window or require any installations, and lets agents securely connect to services they couldn't reach with MCP or skills. The skill-free system works via credential isolation with policies, and a concept called Socratic APIs we built for TAP. Socratic APIs teach agents how to use them instead of requiring markdown or upfront documentation. This not only makes them minimally polluting of upfront context but also makes them easy for small models to use when they would typically fail with skills or MCP.

What have we done with it?

With TAP, we have:

• Cut approximately 80% of cloud costs in weeks that would have taken approximately one year of engineer hours.
• Simplified payroll and invoice payments to needing zero external vendors but rather prompts such as "pay all employees for this month" or "check my email and pay outstanding invoices". Any actual payment requires human approval.
• Allowed agents to assist with social media strategy in sensitive ways, without posting AI slop (posts require human approval and are rarely written by agents).
• Allowed agent-friendly, shared credentials to analytics that anybody can access, and that we can easily revoke or provide access control to.
• Deployed websites and experiments autonomously by having credentials to Vercel, Cloudflare, and database hosts.
• Gave team members' agents access to nearly all external tools without having developer experience.

Open source & freely hosted

We open-sourced TAP under the Apache 2.0 license (github.com/holonym-foundation/tap-oss) so independent developers can use it freely and contribute. For companies with security needs such as ours, where we trust our treasury with TAP, we built a secure enclave-hosted version with a free tier. While we built TAP for our own use cases, we made it easy for others to use as well – feel free to get started in five minutes: tap.human.tech.