AI agents are entering the enterprise faster than companies can control them, and the hybrid workforce era is only raising the stakes, creating new security risks. To help organizations adapt, Okta is announcing updates to its Okta and Auth0 platforms that integrate new capabilities into a security fabric designed to govern AI agents, enforce trust, and mitigate the impact of fraud.
“We’re starting to see poorly built, deployed, or managed agents expose the risks of using a traditional patchwork of identity solutions,” Okta’s Senior Vice President of Design and Research, Kristen Swanson, said in a press release. “The modern enterprise requires an identity security fabric that can unify silos and reduce the attack surface.”
With the rapid growth of AI, businesses must consider the best ways to protect their employees, infrastructure, and data. The introduction of agents in the workforce compounds matters—if executives want workers to delegate more to these bots, they must provide the proper security measures to prevent any dire consequences.
Make no mistake: Companies are already seeing what happens. Researchers this summer disclosed what they called the first known “zero-click” attack on an AI agent when it was revealed that Microsoft’s 365 Copilot harbored a critical security flaw. Additionally, hackers exploited a security flaw in McDonald’s AI hiring bot, causing it to expose the data of millions of applicants.
But the threat doesn’t have to come from human hackers—cybersecurity experts such as Okta’s Chief Security Officer, David Bradbury, warn about agents going rogue. “You can’t treat them like a human identity and think that multifactor authentication applies in the same way because humans click things, they can type things in, they can type codes,” he told Axios.
With this context in mind, Okta has developed new capabilities to address these burgeoning threats and provide a more secure, controlled environment for the modern enterprise.
Disclosure: I attended Okta’s Oktane conference as a guest of the company, with my flights and hotel costs covered. Okta did not dictate the contents of this post. These words are my own.Subscribe to The AI Economy
Okta’s Third Chapter
“We are an identity company. We secure identity as a company,” Eric Kelleher, Okta’s president and chief operating officer, reminded a room of analysts and reporters ahead of the company’s Oktane customer conference this week. He characterizes Okta’s evolution as having undergone three eras of transformation. The migration from on-premise computing to the cloud was its first in which it helped businesses provision employee user accounts in a world filled with hybrid on-prem and cloud apps. Kelleher described the second as a transformation from “identity being a function to identity being security.”
Now begins its third age, one brought about by AI. He cites an Okta-commissioned study showing 91 percent of organizations are deploying AI agents. However, only 10 percent are reporting that they have “an adequate governance system in place.” This creates massive exposure risks for these companies. This is Okta’s new mission: to provide necessary governance for the agentic identity, one that’s properly managed and stored in a directory that is authenticated and authorized when required.
Okta for AI Agents
It starts with Okta for AI Agents, a service that IT teams can utilize to identify “risky” agents, centralize control to manage all bots (almost like a control tower), and automate governance to enforce security policies and manage identity access.
This packaged offering comes with multiple features, including:
- Identity Security Posture Management (ISPM): A tool developed from Okta’s acquisition of Spera Security, ISPM proactively identifies and remediates security risks within Okta’s identity ecosystem. It scans not only bots, but also service accounts, API keys, and OAuth tokens.
- Universal Directory: This creates a comprehensive list of all AI agent identities, providing IT teams with a clear view of all non-human entities operating on the platform. It also assesses risk classification and ownership of each bot.
- Cross-App Access (XAA) Support: This is Okta’s open protocol for standardizing secure connections between AI agents and applications. We’ll dive deeper into XAA later on in this article.
- Okta Privileged Access (OPA): First introduced in 2021, OPA became generally available in 2023. It enforces security policies by ensuring that agents using service accounts or API keys for credentialing are granted the appropriate level of access.
- Okta Identity Governance and Identity Threat Protection with Okta AI (ITP): IT teams can utilize these two tools to facilitate effective governance and monitoring. The former provides detailed auditing and activity logging for all actions taken by an agent. On the other hand, the latter tracks user activity, utilizing behavioral analytics to identify anomalous behavior. If any are found, automated steps are triggered to fix the security problems.
Customers could expect the first parts of Okta for AI Agents to be available in the first quarter of FY2027 through the company’s early access program. More will be rolled out later in the year.
Cross App Access
XAA is also being cast front and center at the company’s customer conference. It’s an open protocol that Okta introduced last June, bringing OAuth access management to AI agents. Today, the tech firm is announcing XAA is supported by prominent companies such as Automation Anywhere, Amazon Web Services (AWS), Boomi, Box, Glean, Grammarly, Miro, and Writer.
Okta boasts that XAA “shifts control from individual applications to the identity layer.” This is significant because currently, every application has its own user database, access controls, and its own way of handling authentication. When applications “spoke” to each other, it would be done through point-to-point connections, using a static API key or service accounts. However, this results in its own problems, with IT teams being unable to see who or what is accessing data, managing access control being challenging, and response times being slow.
As Kelleher put it: “If you are using Google Gemini and you want Gemini to have access to your email so [it] can help you with your email, it will prompt you, ‘Can I have access to your email?’ You’ll say yes. And then, if you wanted to have access to your documents, it’ll ask you if you can have access to Google Drive, and you will say yes. And as a user in those use cases, you are just giving agents access to [your] stuff. If you’re an employee of a company that’s doing that, agents built by a third-party now have access to your corporate email and corporate documents. By default, your company doesn’t know. Your security team doesn’t know. Your IT team doesn’t know. There’s no way for them to know that you have given those agents access to all those corporate assets. It’s huge exposure right now.”
The rise of agentic interoperability standards, such as the Model Context Protocol (MCP) and Agent2Agent (A2A), further complicates matters, allowing bots to move between environments, access data across multiple systems, and create autonomous workflows that could be challenging to track and manage. As Arnab Bose, Okta’s now-former chief product officer for its Okta Platform, noted earlier this year, “While we’re actively working with the MCP and A2A communities to improve AI agents’ functionality, their increased access to data and the explosion of app-to-app connections will create new identity security challenges. With Cross App Access, Okta is excited to bring oversight and control to how agents interact across the enterprise. Since protocols are only as powerful as the ecosystem that supports them, we’re also committed to collaborating across the software industry to help provide agents with secure, standardized access to all apps.”
With XAA, the work is delegated to Okta’s platform. It promises real-time visibility, policy-driven security, and much safer integrations. The company announced that soon, enterprise developers will be able to build XAA-compliant apps and tools with out-of-the-box support in Okta’s Auth0 platform.
“As autonomous AI agents take on increasingly complex tasks across mission-critical operations, from finance and compliance to customer service, enterprises need full visibility and governance over every interaction between agents, models, and tools,” Adi Kuruganti, Automation Anywhere’s Chief Product Officer, stated. “Cross App Access provides a critical new standard for building the trust required to securely scale these powerful capabilities across the enterprise.”
Okta said XAA will first be open to its early access program customers. This creates an opportunity for organizations to give it a try while Okta awaits more adoption from software vendors. And Kelleher had a message for ISV, saying that those that allow developers to build agents that “can be governed and administered in an identity security fabric” will have a “leg up” on those agentic platforms that don’t.
Verifiable Digital Credentials
The final update Okta is making aims to tackle AI fraud. It’s called the Okta Verifiable Digital Credentials (VDC) platform. When it’s launched in FY2027, it will enable companies to issue and verify tamper-proof, reusable credentials, such as government IDs, employment records, or certifications. The goal is to prevent malicious actors from using fraudulent identities to open fraudulent accounts, bypass security controls, or engage in more severe activities.
Okta explained that end users will have a “simplified, streamlined experience” when authenticating on a consumer app or website. It’s a welcome change from the tedious manual verification process currently in place.
VDC is built on open standards. When Okta makes it available through its early access program in the fourth quarter of FY2026, government-issued IDs, such as mobile driver’s licenses, will be the first types of identification businesses can verify.
As AI agents proliferate in the enterprise, companies are struggling to keep up with the new security risks they introduce. Okta’s updates aim to provide IT teams with more visibility and control, from monitoring agent behavior to managing access across various apps. The moves reflect a broader challenge for businesses: adopting AI tools quickly without leaving themselves exposed to fraud, data leaks, or rogue software.
Featured Image: Okta signage hangs on a wall at the company's Oktane conference on Sept. 24, 2025. Credit: Ken Yeung
Subscribe to “The AI Economy”
Exploring AI’s impact on business, work, society, and technology.
Leave a Reply
You must be logged in to post a comment.