Security and Agent Readiness: Why Bearer Tokens Beat API Keys (D7 = 12%)
D7 Security carries a 0.12 weight in the Agent Readiness Score — tied for third-highest of the 9 dimensions. Agents need predictable auth patterns they can handle programmatically, and a predictable auth pattern is a security pattern. This is the deep dive: what AgentHermes scans for, why Bearer beats API keys, why OAuth 2.0 is the gold standard, and why a 401+JSON response scores 87% of a 200.
Why Security Is 12% of the Agent Readiness Score
AI agents handle credentials, user data, and payment tokens on behalf of humans. They cannot responsibly interact with an endpoint that exposes them — or their user — to security risk. Every modern agent runtime enforces minimum security requirements at the HTTP client layer: TLS is required, insecure patterns are blocked, and unpredictable auth flows are abandoned.
D7 Security measures all of this. At 0.12 weight, it is tied with D1 Discovery for third-highest of the 9 dimensions, behind only D2 API Quality (0.15) and D8 Reliability (0.13). A business that fails D7 loses 12 points from the ceiling before any other check runs.
The top scorers in our 500-business dataset all share the same security pattern: TLS 1.3, HSTS, CSP, Bearer token or OAuth auth, structured 401 errors, security.txt published, bug bounty listed. Resend (75), Vercel (70), Stripe (68) — every Silver-plus business checks nearly every box.
The Auth Pattern Hierarchy
D7 rewards predictable, standardized auth patterns. Agents are trained on common patterns and handle them reliably. Proprietary or deprecated patterns force the agent to special-case your business, which costs you D7 credit and D9 Agent Experience credit simultaneously.
OAuth 2.0 Client Credentials
Agent-to-API authentication with scoped tokens, refresh rotation, and standardized discovery. The RFC 6749 client_credentials grant type is purpose-built for service-to-service auth.
Authorization: Bearer eyJhbGc... (scoped, rotatable, revocable)Bearer Tokens
Static token passed in the Authorization header. Predictable placement, easy to handle, well-supported across every HTTP client. The industry-standard pattern agents are trained on.
Authorization: Bearer sk_live_abc123...API Keys in Query String
Key as a URL parameter. Works but leaks into logs, referrer headers, browser history. Harder for agents to handle safely, penalized in D7.
GET /api/resource?api_key=abc123Custom Auth Headers
Proprietary header like X-Your-Company-Auth. Agents can handle it but must read your docs to know the header name exists. Adds friction, reduces D9 Agent Experience.
X-Custom-Auth: your-token-formatSession Cookies for APIs
Cookie-based auth designed for browser sessions. Agents can persist cookies but it is not what they are optimized for — they prefer stateless token auth. Penalized in D7.
Cookie: session=abc; Set-Cookie: session=...Basic Auth in URLs
Username and password in the URL (user:pass@host). Deprecated by modern browsers, insecure, and heavily penalized. Do not ship this.
https://user:pass@api.example.com/resourceThe ranking is not arbitrary — it reflects how agent runtimes actually behave. Claude, ChatGPT, and other agent platforms have native handlers for OAuth 2.0 and Bearer tokens built into their HTTP tooling. API keys in query strings require the agent to special-case URL construction. Custom headers require the agent to read your docs before every request. Session cookies require the agent to manage state across calls. Each step down the hierarchy adds friction the agent has to overcome, and that friction shows up as lost D7 credit.
Eight Signals AgentHermes Scans For
D7 is not a single check — it is the aggregate of eight individual signals. Each signal contributes a fraction of the D7 score. A business hitting all eight gets near-full D7 credit; a business hitting two or three gets the fraction those two or three represent.
TLS 1.3 or higher
Modern TLS version. TLS 1.2 acceptable, below that penalized. TLS 1.0/1.1 heavily penalized.
HSTS header
Strict-Transport-Security with max-age >= 1 year. Signals permanent HTTPS commitment.
CSP header
Content-Security-Policy present. Even a basic policy beats no CSP.
Bearer token auth
Authorization: Bearer pattern used across the API. Predictable and agent-friendly.
OAuth 2.0 support
OAuth discovery at /.well-known/oauth-authorization-server or documented OAuth flows.
security.txt
RFC 9116 file at /.well-known/security.txt with contact and disclosure policy.
Bug bounty program
Listed on HackerOne, Bugcrowd, Intigriti, or self-hosted. Signals security maturity.
Structured 401 errors
401 responses return JSON error bodies, not HTML. Scores 87% of 200 response value.
Four of the eight signals are free and take under an hour to implement: HSTS header, CSP header, security.txt at /.well-known/security.txt, and structured JSON error responses on 4xx status codes. Those four alone cover roughly half of D7 credit. Adding Bearer auth if you do not have it, and upgrading to TLS 1.3 if you are on an older version, gets you most of the rest. Bug bounty is the final polish — meaningful for Silver-to-Gold progression, not required to leave Bronze.
The Auth-Aware Rule: 401+JSON = 87% of 200
One of the most important nuances in the Agent Readiness scoring model: protected endpoints are not penalized for being protected. A 401 Unauthorized response with a structured JSON error body scores 87% of what a 200 OK response scores. This is by design.
The signal an agent needs is not “can I access this data without authentication.” The signal is “do I understand how to access this data.” A structured 401 answers that question — it tells the agent the endpoint exists, the auth scheme expected, and the error format the endpoint uses. All the agent has to do is obtain credentials through your onboarding flow and retry.
What the model actually penalizes is unstructured failure. A 404, a blank response, an HTML error page, a timeout, or a 200 with an error message inside the body — these all score near zero. The agent cannot interpret them programmatically. The difference between 87% credit and near-zero credit is literally the difference between “protected-but-structured” and “unstructured-failure.”
Good 401 response (scores 87% of 200):
HTTP/1.1 401 Unauthorized
Content-Type: application/json
WWW-Authenticate: Bearer realm="api"
{
"error": "unauthorized",
"message": "Missing or invalid Bearer token",
"request_id": "req_abc123",
"docs": "https://example.com/docs/auth"
}Bad 401 response (scores near zero):
HTTP/1.1 401 Unauthorized
Content-Type: text/html
<html><body><h1>Unauthorized</h1>
<p>Please log in to continue.</p></body></html>What the Top Scorers Do
The three highest-scoring businesses in our 500-business dataset all use Bearer or OAuth 2.0 auth. Their D7 implementations are remarkably similar — and easy to copy.
Stripe
Bearer token auth everywhere (sk_live_ and sk_test_ prefixes). Published OAuth 2.0 Connect flow. TLS 1.3, full HSTS, strict CSP. security.txt published. Bug bounty on HackerOne. D7: near-maximum.
Resend
Bearer token auth with re_ prefix. TLS 1.3, HSTS preload list, security.txt. Bug bounty program. Structured 401+JSON on every protected route. D7: full credit, the primary reason they became the only Gold.
Vercel
Bearer token auth with scoped tokens via /account/tokens. TLS 1.3, HSTS, CSP. security.txt published. Bug bounty on HackerOne. JSON error responses on every 4xx. D7: near-maximum.
See the Stripe deep-dive for a dimension-by-dimension breakdown. The D7 section is nearly identical across all three: TLS 1.3, HSTS with preload, CSP, Bearer tokens with predictable prefixes (sk_, re_, pk_), structured JSON errors, security.txt, bug bounty. This is the Silver-plus security pattern, and it is portable to any business.
What NOT to Do
Basic auth in URLs
Username and password embedded in the URL (user:pass@host). Deprecated by browsers, flagged by security tools, and near-zero D7 credit. Never ship this.
Session cookies for APIs
Cookie-based auth is designed for browser sessions. Agents prefer stateless token auth. Use Bearer or OAuth for API endpoints, save cookies for browser-only flows.
Proprietary signed requests
Custom request signing with your own hashing scheme. Even if cryptographically sound, agents cannot handle it without custom code. AWS SigV4 is the rare exception — it has enough adoption that agent runtimes special-case it.
HTML error pages on 4xx
Returning an HTML error page for a 401, 403, or 404 on an API endpoint. The agent cannot parse HTML error formats. Always return JSON for API responses, even on errors.
Frequently Asked Questions
Why is D7 Security weighted so high at 12%?
AI agents handle user data, credentials, and payment tokens. They cannot use a business that exposes them to security risk — or a business whose auth they cannot handle programmatically. D7 Security measures both: is the transport secure (TLS 1.3, HSTS, CSP) and is the auth pattern something agents are trained to work with (Bearer, OAuth). At 0.12 weight, D7 is tied with D1 Discovery for third-highest of the 9 dimensions, behind only D2 API Quality (0.15) and D8 Reliability (0.13). Security failures cascade — they affect discovery (Agents skip insecure sites), trust (agents will not persist tokens against untrusted endpoints), and reliability (agents give up on unpredictable auth).
Why do Bearer tokens score higher than API keys?
Bearer tokens follow RFC 6750 — a published standard that every HTTP client library handles natively. Agents are trained on the Bearer pattern and expect the Authorization header. API keys in query strings, by contrast, leak into server logs, referrer headers, and browser history. They are also less predictable — some APIs call them api_key, others apikey, others token. Bearer is one pattern, documented in one place, handled consistently. That predictability is what D7 rewards.
What does auth-aware scoring mean?
Auth-aware scoring means AgentHermes credits protected endpoints almost as highly as public ones. A 401 response with a structured JSON error body scores 87% of what a 200 response scores. This is intentional. A public API exposes data; a protected API exposes a contract. Both are usable by agents — the protected one just requires credential negotiation. The model rewards protected-but-structured over public-but-unstructured. A business exposing /api/quote behind Bearer auth with structured 401 errors is more agent-ready than a business exposing the same data publicly through unpredictable HTML scraping.
Does my business need a bug bounty to score well on D7?
No, but it helps. A bug bounty program signals security maturity and adds credit to D7. Listing on HackerOne, Bugcrowd, or Intigriti is the most visible option, but self-hosted policies counted at /.well-known/security.txt also score. The larger D7 signals are TLS 1.3, HSTS, CSP, Bearer or OAuth auth, and structured 401 errors — those four alone will get you most of the D7 credit. Bug bounty is a smaller increment that pushes Silver-tier businesses toward Gold.
What is security.txt and should I publish one?
security.txt is RFC 9116 — a plain-text file at /.well-known/security.txt that lists your security contact, disclosure policy, and optional bug bounty program URL. It takes 5 minutes to publish and scores a small bump on D7. More importantly, it is the standard way researchers and agents discover how to report security issues. Yes, publish one. Minimum fields: Contact (email or URL), Expires (ISO 8601 date). Recommended: Policy, Acknowledgments, Preferred-Languages. Sign it with PGP if you want to go further.
See how you score on D7 Security
Get your free Agent Readiness Score in 60 seconds. Includes a full D7 breakdown across all eight security signals — TLS version, HSTS, CSP, auth pattern, security.txt, and more.