Merge vs Auth0
Side-by-side trajectory, velocity, and editorial themes.
Merge is building an AI-infrastructure stack alongside its unified-API core, with Gateway emerging as a safety/governance layer.
Merge Unified continues a weekly cadence of API maintenance and connector expansion, with Oracle Fusion Cloud ERP launching for Accounting in beta. Merge Agent Handler — the MCP/agent-tools product — is shipping new connectors almost weekly and added Scoped Access Keys for least-privilege agent runtimes. Merge Gateway, the LLM gateway, just shipped Prompt Injection Protection, DLP, RBAC, audit trails, model pinning, and provider-free routing in back-to-back weeks.
Merge is no longer just a unified-API company. Two adjacent products — Agent Handler and Gateway — are getting the heaviest investment, while Unified gets steady connector and reliability work. The Gateway moves into safety and governance target enterprise AI deployments where native provider safety isn't enough. Agent Handler's connector pace suggests Merge wants to be the default tool-pack provider for agent builders.
Expect more Gateway governance features (custom DLP rules, broader vendor support, finer role-based controls) and continued weekly connector drops in Agent Handler — most likely targeting enterprise-SaaS gaps. The Unified roadmap may start incorporating agent-shaped endpoints, blurring lines between Unified and Agent Handler.
Auth0 ships Auth for MCP GA and starts unbundling the rest of identity for AI agents.
Auth0 just made Auth for MCP generally available — a bundle of CIMD client registration, On-Behalf-Of token exchange, and OAuth resource-parameter compatibility purpose-built for AI agents talking to MCP servers. Around it, the team is reworking core identity primitives: non-unique emails reached GA, online refresh tokens entered beta with session binding, and the Account API now supports step-up auth for sensitive scopes. Smaller polish items (CMD+K palette, Resend GA, signing algorithm coverage) round out the release stream.
Auth0 is repositioning from a B2C/B2B login provider to an authorization layer for agent ecosystems. The MCP work is the centerpiece, but the supporting moves — session-bound refresh tokens, step-up auth on the Account API, non-unique emails — all point at use cases where users, agents, and resources have more complex relationships than classic OIDC was designed for. Outbound event streams to AWS EventBridge and Okta Workflows extend the same direction outward.
Expect Auth for MCP to gain a managed catalog of pre-vetted MCP clients and deeper Actions-based policy hooks for OBO token exchange, plus online refresh tokens reaching GA within a quarter.
See more alternatives to Merge →
See more alternatives to Auth0 →