AI agents are simultaneously becoming more numerous and more powerful, with companies across the world racing to implement agents without realizing the true scope of the risks that they entail.
Agents are being deployed without adequate guardrails, human supervision, or proper restrictions, and it's a problem that affects firms of all sizes. A very large technology company may have discovered this recently when an agent reportedly deleted a live production environment. Just one mistake by a lightly supervised AI agent can have serious results.The rates of adoption and of increasing capabilities are only accelerating."Something happened over the holidays," Okta Chief Product Officer Ely Kahn said in an interview at an Okta showcase event in New York March 16. "The capability of the agents, starting around December or January, just really improved.""Last fall, there were some assumptions made that a large enterprise would probably have something like 25 agents on average," Kahn added, but those assumptions are already out of date."I was sitting with a large financial-services customer a few weeks ago," Kahn said. "They have 2,500 agents in production right now, and these agents are spawning sub-agents now. A single agent might be managing a fleet of sub-agents. There's this exponential rise happening in the number of agents."How can an organization's security team keep up with this unprecedented growth? Okta thinks that the answer lies in taming AI agents through identity management."Okta wants to build the secure agentic enterprise," said Okta Co-Founder and CEO Todd McKinnon during the New York event.Available to general customers on April 30, the platform promises to answer what McKinnon calls the three basic questions of agentic AI management:To answer the first question, Okta has expanded its system of registering and governing all known AI agents. The platform can now detect, register and govern the "shadow AI" instances that your employees may be using to make themselves more productive."We use a browser extension that integrates into Chrome browsers, and we're essentially looking for OAuth claims," Kahn explained to us. "We're really looking for any interaction, any API call associated with an AI or an agentic software application. But then we're also zeroing in on specific OAuth claims."To spot AI agents locally installed on user machines, Okta is building integrations with SASE, network-security and EDR tools to provide visibility beyond browsers, he added. And once the agents are registered, they are then added to Okta's Universal Directory of identities so that they can be properly managed and monitored."We're going to give folks the ability to self-host this gateway or use it as a full SaaS offering," Kahn told us. "What we're allowing folks to do is essentially mix and match the tools associated with different MCP servers into a single virtual MCP server and then assign that agent permissions against that virtual MCP server.""This just sort of simplifies how you create permissions for your AI agents," he added. "Instead of trying to map it to dozens, you have one virtual one that is already set up with the least-privilege permissions, which makes things easy."The Agent Gateway, Kahn added, gives ephemeral access tokens to AI agents so that they can connect to resources — but only for a short time. These short-lived tokens mitigate the conditions that created the Salesloft Drift series of compromises in the summer of 2025, when long-lived OAuth tokens were stolen and reused to break into hundreds of Salesforce instances worldwide.Through Agent Gateway, Kahn said, Okta is managing the access capabilities of AI agents in the same way that it already controls human identities and regular non-human identities (NHIs) like service accounts and APIs — but AI agents are very different from regular NHIs."We're putting AI agents on the same trajectory that human and other types of non-human identities are already on in terms of zero standing privileges, least-privilege access, ephemeral tokens, scoping down permissions to decrease blast radius," he said. "These are all things that now we can do for AI agents, just like the rest of the other identities, ultimately giving you a one-stop shop to manage all of your identities in a secure way."The credentials of AI agents are also being added to Okta's Privileged Credential Management, where the credentials can be vaulting and periodically rotated.That leaves the question of controlling what AI agents can do once they have access. Because Okta monitors and manages that access, it has a feature called Universal Logout for AI Agents, or more bluntly, a "kill switch" that revokes all access if an agent deviates from its mission.Okta's platform also assigns a human "owner" to each AI agent who can supervise and take responsibility for the agent's actions, just as a dog owner is responsible for the animal's actions. Each agent has no more privileges or permissions, and sometimes less, than its human does. It is also subject to automated access reviews and audits.Kahn hinted that Okta might be moving into other areas of securing AI agents that won't necessarily have their roots in identity management."We're not going to stop at just the identity play," he told us. "You'll see us start moving into adjacent capabilities when it comes to AI security as well, because we want to offer folks a complete platform of capabilities across the full security life cycle."For McKinnon's part, he said that "Okta for AI Agents is probably the most important product we've ever made.""Agentic AI is the future of all of technology," he said during Okta's event. "In five years, it's going to be called just 'technology.'"
Agents are being deployed without adequate guardrails, human supervision, or proper restrictions, and it's a problem that affects firms of all sizes. A very large technology company may have discovered this recently when an agent reportedly deleted a live production environment. Just one mistake by a lightly supervised AI agent can have serious results.Getting ahead of our skis
Not enough companies have taken steps to mitigate this. A recent survey conducted by Gravitee found that only 22% of enterprises surveyed had integrated their AI agents into their identity-management systems. As for the remaining 88%, they had already perceived security issues with their agents.The rates of adoption and of increasing capabilities are only accelerating."Something happened over the holidays," Okta Chief Product Officer Ely Kahn said in an interview at an Okta showcase event in New York March 16. "The capability of the agents, starting around December or January, just really improved.""Last fall, there were some assumptions made that a large enterprise would probably have something like 25 agents on average," Kahn added, but those assumptions are already out of date."I was sitting with a large financial-services customer a few weeks ago," Kahn said. "They have 2,500 agents in production right now, and these agents are spawning sub-agents now. A single agent might be managing a fleet of sub-agents. There's this exponential rise happening in the number of agents."How can an organization's security team keep up with this unprecedented growth? Okta thinks that the answer lies in taming AI agents through identity management."Okta wants to build the secure agentic enterprise," said Okta Co-Founder and CEO Todd McKinnon during the New York event.Applying controls
To that end, Okta has just unveiled what it calls "the blueprint" for that enterprise: its Okta for AI Agents platform.Available to general customers on April 30, the platform promises to answer what McKinnon calls the three basic questions of agentic AI management:- Where are my agents?
- What can they connect to?
- What can they do?
"We use a browser extension that integrates into Chrome browsers, and we're essentially looking for OAuth claims," Kahn explained to us. "We're really looking for any interaction, any API call associated with an AI or an agentic software application. But then we're also zeroing in on specific OAuth claims."To spot AI agents locally installed on user machines, Okta is building integrations with SASE, network-security and EDR tools to provide visibility beyond browsers, he added. And once the agents are registered, they are then added to Okta's Universal Directory of identities so that they can be properly managed and monitored.A monitored gateway
As for what AI agents can connect to, Okta is introducing what it calls its Agent Gateway, a central hub that controls and monitors agentic access to resources. The gateway has its own virtual Model Context Protocol (MCP) server that can function as a proxy for other MCP servers, again creating a central nexus of control."We're going to give folks the ability to self-host this gateway or use it as a full SaaS offering," Kahn told us. "What we're allowing folks to do is essentially mix and match the tools associated with different MCP servers into a single virtual MCP server and then assign that agent permissions against that virtual MCP server.""This just sort of simplifies how you create permissions for your AI agents," he added. "Instead of trying to map it to dozens, you have one virtual one that is already set up with the least-privilege permissions, which makes things easy."The Agent Gateway, Kahn added, gives ephemeral access tokens to AI agents so that they can connect to resources — but only for a short time. These short-lived tokens mitigate the conditions that created the Salesloft Drift series of compromises in the summer of 2025, when long-lived OAuth tokens were stolen and reused to break into hundreds of Salesforce instances worldwide.Through Agent Gateway, Kahn said, Okta is managing the access capabilities of AI agents in the same way that it already controls human identities and regular non-human identities (NHIs) like service accounts and APIs — but AI agents are very different from regular NHIs."We're putting AI agents on the same trajectory that human and other types of non-human identities are already on in terms of zero standing privileges, least-privilege access, ephemeral tokens, scoping down permissions to decrease blast radius," he said. "These are all things that now we can do for AI agents, just like the rest of the other identities, ultimately giving you a one-stop shop to manage all of your identities in a secure way."The credentials of AI agents are also being added to Okta's Privileged Credential Management, where the credentials can be vaulting and periodically rotated.The future is already here
"If you do need to use a service account to integrate into one of these downstream resources, you can also vault that credential through our Okta Privileged Access capability," said Kahn.That leaves the question of controlling what AI agents can do once they have access. Because Okta monitors and manages that access, it has a feature called Universal Logout for AI Agents, or more bluntly, a "kill switch" that revokes all access if an agent deviates from its mission.Okta's platform also assigns a human "owner" to each AI agent who can supervise and take responsibility for the agent's actions, just as a dog owner is responsible for the animal's actions. Each agent has no more privileges or permissions, and sometimes less, than its human does. It is also subject to automated access reviews and audits.Kahn hinted that Okta might be moving into other areas of securing AI agents that won't necessarily have their roots in identity management."We're not going to stop at just the identity play," he told us. "You'll see us start moving into adjacent capabilities when it comes to AI security as well, because we want to offer folks a complete platform of capabilities across the full security life cycle."For McKinnon's part, he said that "Okta for AI Agents is probably the most important product we've ever made.""Agentic AI is the future of all of technology," he said during Okta's event. "In five years, it's going to be called just 'technology.'"
