Does PKCE protect an AI agent after an OAuth access token has been stolen?
The short answer
No. PKCE protects the authorization-code exchange by binding it to the client that initiated the flow. It does not make an already issued bearer access token unusable. Limit stolen-token replay with audience restriction, short lifetime, downstream authorization and sender-constrained tokens such as DPoP or mTLS.
How to think about it
PKCE prevents an attacker who intercepts an authorization code from redeeming it without the verifier. Once a bearer access token has been issued and copied, the code exchange is over. The relevant controls are narrow scope, validated audience, short lifetime, resource-server authorization and sender constraints.