Skip to content
Auth infrastructure for agent platforms

Some doors only your user should open.Build on that.

When your agent hits a login wall, your user resolves it on their own device — in seconds. You never hold the password.

Request access

We onboard every platform personally — usually within 48 hours.

The relay stores nothing · Your users' credentials never touch our infrastructure · MIT SDK

Playwright·Browser Use·Stagehand·Puppeteer·Claude MCP·Browserbase·Any Chromium

You’ve seen this before.

Your agent is 80% through a workflow. It’s booked the flight, filled the form, navigated three redirects. Then the bank sends an SMS OTP to a phone sitting on a desk two rooms away. The agent stops. The log says “timeout.” The workflow dies.

SMS OTP·Behavioral CAPTCHA·Security question·Session re-auth·Any wall it’s never seen

There is no prompt trick, no vault, no CAPTCHA solver that gets you through. You need the real user, in the moment, without making them open a laptop. That’s what human-in-the-loop authentication is for — and it’s what AuthLoop ships.

The choice

Where does the credential live?

1 of 4 options
01

A synced browser profile

02

A cloud-browser provider

03

A credential vault

04

Your user’s device

Three put it on someone’s infrastructure. One leaves it with the user.

See the framework
Process

Pause. Deliver. Resume.

Wall to back-on-task, typically under 30 seconds.

Step1

Pause

Your agent hits a wall and calls AuthLoop. A session opens with a link and 6-digit PIN.

Step2

Deliver

Your platform sends the link on the channel it already runs — push, SMS, email, in-app.

Step3

Resume

Your user resolves it on their own device over an E2EE stream. The agent picks up mid-task — clean state, no restart.

Integration

Three lines. One tool call. The agent ships.

One SDK. One method. Works with Playwright, Browser Use, Stagehand, MCP, and any CDP-compatible runtime.

agent.ts
import { chromium } from "@playwright/test";
import { AuthLoop } from "@authloop-ai/sdk";

// Connect to a Chrome launched with --remote-debugging-port=9222
const cdpUrl = "http://localhost:9222";
const browser = await chromium.connectOverCDP(cdpUrl);

const authloop = new AuthLoop({ apiKey: "al_live_..." });

// When your agent hits a login wall:
const session = await authloop.toHuman({
  service: "Bank Login",
  cdpUrl,
  context: { wallType: "sms_otp", hint: "OTP sent to ****1234" }
});

const result = await authloop.waitForResolution(session.sessionId);
// result.status === "RESOLVED" → agent continues
Coverage

Every wall a human can solve, AuthLoop gets through.

No classifiers to train. No vaults to configure. No solver credits to buy.

SMS OTP to a real phone
Email OTP
TOTP / authenticator codes
Password prompts
Behavioral CAPTCHAs
Security questions
Session re-auth
Any wall your agent has never seen
Framework

There are exactly four places the credential can live.

Every agent platform has made a choice — explicitly or by default — about where user credentials get stored and typed. Only one of them is the user's own device.

1

Profile sync / BYO vault

Works for solo developers building agents for themselves. Breaks when the agent operates on behalf of your end users — their credentials aren't yours to sync.

Browser profile sync

2

Cloud-browser handoff

The user types into the vendor's cloud browser over remote control. The password enters the vendor's infrastructure — even if only for a moment. Cookies persist on vendor systems.

Cloud-browser remote control

3

Server-side vault

The vendor holds encrypted credentials and injects them at runtime. Strong crypto hygiene, but the operator is now custodian of every customer's password — legally, contractually, and in terms of breach blast radius.

Server-side credential injection

This is AuthLoop
4

End-user-device handoff

The user authenticates on their own device. The password never enters your stack or ours — only the resulting session reaches your agent. No vendor ever sees the credential.

AuthLoop

“Browser Use and Browserbase solve ‘my agent logs in.’ AuthLoop solves ‘my user logs in, for my agent.’”

Complementary, not competitive. AuthLoop runs on top of Browser Use, Browserbase, Steel.dev, or any CDP-compatible runtime you already pay for.

SDR agents·Healthcare bots·Job application agents·Accounting automation

Your users are logging into their banks, payroll providers, and healthcare portals. You can’t ask for those passwords, store them, or inject them — and now you don’t have to.

Read the full four-quadrants frameworkNew to human-in-the-loop authentication? Start with the pillar
Security

We built AuthLoop the way we’d want to integrate it ourselves.

End-to-end encrypted

ECDH P-256 key exchange + AES-256-GCM. The relay never sees what you type.

Zero credential storage

By architecture, not policy. Keystrokes go directly from your user's device to the agent's browser.

Open source

SDK and MCP server are MIT licensed. Inspect what runs on your machine.

3 more security properties

Short session TTL

Default 10 minutes (up to 60 on Enterprise). Sessions expire automatically — no persistent access, no recordings, nothing left behind.

Relay sees nothing

AuthLoop's server relays encrypted bytes. It cannot decrypt, log, or replay your input.

One viewer, one agent

At most one agent and one viewer per session. A new connection evicts the stale one.

Pricing

Infrastructure pricing. No per-seat drag.

Pay for sessions, not seats.

Early access — we onboard every platform personally. Founding member rate, guaranteed for 12 months.

Free

Evaluation and prototypes.

$0/mo
  • 100 sessions / month
  • Managed relay, MIT SDK
  • Community support
  • Hard cap at 100
Request access

Starter

Small platforms launching.

$149$299/mo
  • 3,000 sessions included
  • $0.20 / session overage
  • Soft cap at 10,000
  • 99.5% uptime, 24h email
Request access
RECOMMENDED

Growth

Scaling platforms, SSO-ready.

$449$899/mo
  • 10,000 sessions included
  • $0.18 / session overage
  • SSO, 15-day audit log
  • 99.7% uptime, priority email
Request access

Scale

High-volume platforms.

$999$1,999/mo
  • 25,000 sessions included
  • $0.15 / session overage
  • SSO, 30-day audit log
  • 99.9% uptime, Slack Connect
Request access
Enterprise

200k+ sessions, BAA, SOC 2 Type II, GDPR DPA, SIEM export, named CSM.

Talk to sales

Soft cap means we email you before overage billing or any service change — no surprise throttling, no surprise invoices. Hard cap (Free tier only) means the SDK returns a quota error above the limit.

FAQ

Common questions.

What is human-in-the-loop authentication for AI agents?

Human-in-the-loop authentication is the pattern where an AI agent, upon hitting an auth wall it cannot pass on its own — SMS OTP, CAPTCHA, security question, password prompt — pauses and hands the challenge to the real user. The user resolves it on their own device; the agent resumes. The credential never transits the operator's infrastructure.

How does AuthLoop handle SMS OTP for browser agents?

When your agent hits an SMS OTP wall, the AuthLoop SDK pauses it and returns a session link to your platform. Your platform delivers the link to your user via push, SMS, email, or in-app. The user taps the link, their device opens a live encrypted browser stream, they enter the OTP on their real phone, and the agent resumes — typically in under 30 seconds.

What browser automation frameworks does AuthLoop support?

AuthLoop works with any CDP-compatible runtime: Playwright, Browser Use, Stagehand, Puppeteer, Browserbase, Steel.dev, Hyperbrowser, and any Chromium instance launched with --remote-debugging-port=9222. For Claude Desktop, it ships as an MCP server — one line in mcp.json.

Can AuthLoop be self-hosted?

Reach out to us — we work with regulated and air-gapped deployments on a case by case basis. Email support@authloop.ai and we'll discuss the right shape for your environment.

What types of auth walls can AuthLoop handle?

Any challenge a human can solve: SMS OTP, email OTP, TOTP/authenticator codes, password prompts, behavioral CAPTCHAs (reCAPTCHA v3, Turnstile, Arkose), security questions, session re-auth on expired logins, and any wall your agent has never seen before. No classifiers to train, no solver credits to buy.

Your next auth wall is already scheduled.

Install the SDK, paste three lines, and the next time your agent hits a wall, your user gets a link on the channel you already use — instead of your on-call channel getting paged.

Request accessStar us on GitHub

We onboard every platform personally — usually within 48 hours.