The short version: Arcade is an agent authorization runtime — a "secure action layer" that lets your agent take real actions on behalf of a specific user (send the Gmail, update the Salesforce record) while the language model never sees the OAuth token. It just raised a $60M Series A and its team wrote the MCP authorization spec Anthropic adopted. If you're building agents that do things for many users, this is the plumbing you were about to build yourself.
The problem it solves#
The solved problem in agent tool-use is the function call. The unsolved one is auth: how does an agent act as you — with your Gmail, your GitHub, your CRM — without you ever handing a probabilistic model your credentials? MCP standardized the tool call and said almost nothing about this. That gap is the whole product.
You cannot let an LLM perform an OAuth exchange or hold a refresh token; one bad turn and the secret is in a log, a prompt, or a screenshot. So the credential has to live somewhere the model can't reach.
How it works#
Arcade's architecture is the pitch. The flow, for any action:
- Your agent sends a high-level request ("email this summary to the customer").
- Arcade checks whether that specific user has granted the needed scopes.
- If not, it runs the OAuth consent flow with the provider and stores the scoped, revocable token in its runtime.
- At call time it injects the credential server-side, executes the action, and returns only the result to the model.
The token never enters the context window. The agent gets the outcome, not the key — which is the only arrangement a security team will actually sign off on.
That's the difference between a demo where you paste a personal access token into an env var, and a product where a thousand different users each authorize your agent against their own accounts.
Who's behind it, and why it's credible#
Agent-auth is a crowded category of demos, so provenance matters. Arcade's team authored the MCP tool authorization specification that Anthropic adopted, and the company says it's running in production at a top US bank, Prosus, and LangChain. The $60M Series A on June 15, 2026 (SYN Ventures, with strategic money from Morgan Stanley and Wipro) brings total funding to $72M. Investors betting on the boring, load-bearing layer — not another chatbot — is the tell that this is picks-and-shovels infrastructure.
How to start#
Two commands gets you a working setup. Install a client SDK and point it at Arcade's engine:
pip install arcadepy # Python
# or
npm i @arcadeai/arcadejs # JS / TS
To expose Arcade-managed, per-user-authorized tools to any MCP client (Claude, your own agent), add the MCP server framework:
uv tool install arcade-mcp
Framework adapters exist for the OpenAI Agents SDK, LangChain, and CrewAI, so you can graft it onto an agent you already have rather than rebuilding. The framework and SDKs are MIT-licensed, and the engine is self-hostable — so if you'd rather not put your users' tokens in a vendor's vault, you can run the whole thing in your own infrastructure.
Pricing#
There's a free Hobby tier to build on, usage-based paid plans (a Growth tier and Enterprise), and Arcade-hosted MCP servers billed by the hour. Because the core is open-source and self-hostable, the pricing decision is really a where do the tokens live decision. Check the current numbers on Arcade's pricing page before you budget — this space moves fast.
Where it sits#
If your agent only reads public data or calls your own API with one service key, you don't need this yet. The moment it needs to act as many different humans in Google, Slack, GitHub, or Salesforce, you've got two options: hand-roll per-user OAuth storage, refresh, and scoped injection — or install Arcade. For how it stacks up against the other players in this lane, we compared Composio vs Arcade vs Toolhouse; and if you're wiring auth into MCP directly, start with MCP's 2026-07-28 auth rewrite and how to authenticate a remote MCP server.
The function call was always the easy part. Arcade is selling the hard part, and it just got $60M to keep selling it.



