Okta Moves to Rein In Shadow AI Agents Inside the Enterprise

Okta is moving to provide enterprise IT teams with clearer visibility into the AI agents operating within their organizations—especially those not officially approved. With its new Agent Discovery capability inside its Identity Security Posture Management (ISPM) offering, the company aims to shed light on so-called shadow AI, flagging emerging risks before they escalate, and help security teams with rapid remediation.

“Identity is the control plane for the agentic enterprise,” Harish Peri, Okta’s senior vice president and general manager of AI security, says in a statement. “AI agents don’t operate at the network, endpoint, or device layer—they live in the application layer and use multiple non-human identities with broad, long-lived privileges. By discovering and mapping every agent and its permissions, [ISPM] within Okta for AI Agents gives organizations the visibility and governance they need to secure both sanctioned and shadow AI at scale.”

Gotta Catch Them All

The phrase “shadow AI” may suggest something clandestine, conjuring images of bots quietly working in the dark. In reality, it generally refers to AI tools and agents being adopted without formal recognition and approval by IT leaders. The reason has less to do with maintaining strict control over which technology an organization uses. Rather, it’s about protecting its “crown jewel data.”

Managing “shadow” apps is hardly a new challenge. Peri notes that the issue dates back to the early days of SaaS, when employees used not only IT-provisioned tools, but also downloaded their own applications without formal approval. It was the height of IT’s consumerization—a shift that empowered workers with more choice, while eroding centralized visibility and control. These programs may be worker-friendly, but they created IT risks, accessing “really sensitive, critical customer data.”

“You had an entire ecosystem of applications that may have access to financial, sales, marketing data, whatever, to help you with some workflow that you or your team had, that IT had no idea existed,” Peri explains in an interview with The AI Economy. It shouldn’t be surprising that companies want to know who has access to their data, which access tokens are being used, where they are stored, and more.

AI is exacerbating this problem, especially as we move into the agentic era, where traditional app interfaces are replaced by bots trained on enterprise workflows. To give them context, these agents will need to connect to critical app infrastructure, including NetSuite, Workday, Oracle, SAP, Salesforce, Anaplan, and Lattice. “How do you know if that plumbing between the agent and the application is secure?” Peri asks.

Before AI, “it was all code. You knew deterministically what would happen—if this happens, then go access this. You could still control it.” But now with AI agents, “You give it a prompt. It’s been trained on a million prompts like that before, but there’s no guarantee which systems it’s going to access in response—that’s the beauty of large language models. You don’t know if it’s going to use a higher level of access to go to a system that you didn’t even anticipate happening. How do you control that? You need identity security.”

Peri goes on to say, “Shadow AI is an even bigger problem because you have this non-deterministic entity called an agent that will decide to do whatever the effort wants to do in response to a prompt.” Agent Discovery in Okta’s ISPM gives IT teams the resources they need to monitor the digital labor force and ensure they’re following the right rules.

How Agent Discovery in IPSM Works

Agent Discovery is powered by Okta’s browser plugin and leverages OAuth consent events—the authorization prompts users see when an app requests access to their data through an identity provider—to identify AI agents operating inside an organization. It doesn’t matter whether an employee vibes codes an agent or starts using a third-party bot. As soon as it reaches the consent screen, Okta’s Agent Discovery will notify IT teams about an unknown program. From there, the technician can vet the unsanctioned agent and avoid any potentially dangerous activity.

Peri states that “in an enterprise, you cannot leave anything to chance. You need to [have] control at a fine-grained level. Who is it acting on behalf of? What permission is it carrying? What actions is it allowed to take on the back end?” He adds that IT must ensure not only that these unsanctioned agents respect user permissions, but also that hallucinations are prevented.

Another risk comes from prompt injection, a security vulnerability in AI systems in which hackers embed malicious instructions in input text, causing the model to override its intended behavior. Peri cites a possible scenario in which an attacker uses this technique to infiltrate a company’s customer service agent to siphon sensitive data.

“The key thing is that you’re dealing not with code, but you’re dealing with probability,” he declares. “You’re dealing with the fact that this agent most likely will execute a certain set of actions in response to a prompt, but not always. How do you set it up for that situation where it’s ‘but not always, you’re on top of’? There are going to be bad guys that will manipulate that probability to access the data and steal it.”

Protecting IDs in the Agentic Enterprise Era

Agent Discovery is the latest addition to Okta’s ISPM platform, which launched in 2024 to help reduce an organization’s identity attack surface. It’s a product designed to proactively surface vulnerabilities, flag misconfigurations, and detect emerging identity threats before they escalate.

The update builds on Okta’s broader push into agent governance. Last September, the company introduced a security fabric to manage AI agents and reduce fraud, alongside an enterprise-focused agentic security protocol. And in Q1 2027, Okta is expanding ISPM to support Microsoft Copilot Studio, Salesforce’s Agentforce, and other platforms.

The urgency stems from the pace of adoption.

“What we’re seeing with agents is that there’s such a mad rush to deploy agents everywhere,” Peri remarks. “Every SaaS vendor is salivating at the prospect of saying, ‘Oh, I can push an agent to my customers, and they will use my agent more than they would my app because it’s interesting.’”

That said, he cautions organizations to pay close attention to new digital entrants to the workforce. “All that stuff that happened over the last ten years that should have been ported over into AI is not happening. That’s the reason we’re sounding the alarm. We stand to lose the last ten years of identity controls in an instant if companies are just rolling out agents across the board.”

Peri claims it’s not about growing the IT bureaucracy. Rather, it’s about going from no controls to having a baseline so organizations don’t find themselves facing a disaster.

As large enterprises continue to embrace AI agents as digital employees, Okta already has its sights set on the next-generation of bots, such as OpenClaw and Moonshot’s Kimi 2.5. “If a parent agent can spawn a bunch of task agents that are ephemeral, they don’t necessarily have an identity, but what they need is authorization. For us, we already have fined-grained authorization, but we’re making investments in intent-driven authorization and context-driven authorization. To be able to say, if this agent that’s only going to live for one minute suddenly decides that it needs to access the system, we are building a layer that says, ‘Who are you? Why are you asking for this access? Can you get this access? Does something smell fishy?’ If it does, the answer is, ‘sorry, no, go away.’”

Agent Discovery in ISPM is available today in early access.

Featured Image: An AI-generated image of an IT worker being alerted about an unknown AI agent being detected on his company's network. Credit: ChatGPT