Looker_Studio – stock.adobe.com
At Oktane 2025 in Las Vegas, Okta CEO Todd McKinnon describes AI security and identity security as inseparable as he tees up a series of agentic security innovations
By
-
Alex Scroxton,
Security Editor
Published: 26 Sep 2025 9:45
At its annual Oktane customer conference in Las Vegas, Nevada, identity and access management specialist Okta has been expanding its vision to be a first port of call to securing non-human identities (NHIs) as a swelling wave of artificial intelligence (AI) agents causes their numbers to swell dramatically.
Among the announcements made today are new capabilities within both the Okta and Auth0 platforms that the supplier said will enable users to integrate AI agents seamlessly into their identity security fabrics.
A study released earlier in 2025 by Okta revealed that although 91% of organisations were already deploying agentic AI in search of productivity gains, but also that just 10% of organisations are today putting any form of cyber governance in place to manage agents – so Okta believes the risk is also rising, and fast.
Such risks are no longer theoretical; Okta cited incidents such as the now infamous breach which an AI bot built on the Paradox AI platform and used by fast-food giant McDonalds in its hiring process exposed the personal data of millions of job applicants to hackers who correctly guessed that its password was ‘123456’.
Okta CEO Todd McKInnon compared unleashing AI agents on an organisation’s environment to creating a lot of individual new insider threats.
“AI agents are a powerful new identity type. They can act independently, on their own or on behalf of a user or a team or a company,” said McKinnon. “They can access tools, apps or data, they can plan or complete tasks on their own. The pace here of innovation is absolutely stunning.
“These AI agents and the potential here, are getting very, very powerful and it’s happening very quickly. Without identity security AI security collapses. AI security is identity security, you can’t be successful in one without the other.”
Okta for Agents
Officially launched today, the firm’s Okta for AI Agents concept will integrate AI agents into identity security fabrics to provide an end-to-end security wrap around them.
Among other things, the service provides tools to enable agent discovery and identification of risky – or rogue shadow – agents, centralised controls to manage their access, and automated governance to enforce wider security policies and manage their overall security journeys or “lifecycles”.
Notable among the features of the new package, Okta is talking up Cross App Access (XAA), a protocol which extends OAuth to secure agent-driven and application-to-application interactions. With support from partners such as AWS, Box, Google Cloud, Salesforce and many others, Okta said XAA will shift control from individual apps to the wider identity layer, bringing real-time visibility, policy-driven security and safer agentic integrations.
“Enterprises everywhere are grappling with how to safely harness AI with company data. Our customers rely on Glean to unify that knowledge and empower AI agents to take meaningful action,” said Sunil Agrawal, CISO at AI data platform Glean, which has been working with Okta on XAA.
“Glean agents act strictly on behalf of the user – with no extra privileges. XAA takes that principle even further and represents the next step toward making it more secure and seamless for AI agents to connect across systems. We’re excited to support this emerging protocol and to help guide the industry toward standards-based agent interactions.”
Kristen Swanson, senior vice-president of design and research at Okta, added: “The modern enterprise requires an identity security fabric that can unify silos and reduce the attack surface. Our latest innovations weave agents into that fabric to manage their entire identity lifecycle, leveraging open standards like Cross App Access that help elevate the entire industry and create a more secure AI-powered ecosystem.”
Elsewhere at Oktane, Okta unveiled Verifiable Digital Credentials (VDC), a platform designed to reduce AI-powered fraud and potential friction during employee onboarding or other similar processes by enabling organisations to digitally prove a user’s identity and eligibility, and establish ongoing trust.
Read more on Identity and access management products
-
![]()
Oktane 2025: Okta takes aim at agentic AI governance gap
By: Alex Scroxton
-
![]()
Okta makes AI identity play with Axiom acquisition
By: Alex Scroxton
-
![]()
Okta: AI adoption fuels problems for identity management
By: Brian McKenna
-
![]()
Top identity security themes at Identiverse 2025
By: Todd Thiemann
