Okta Fireside Chat Reveals Plan to Secure the Coming Wave of AI Agents

by · The Markets Daily

Okta (NASDAQ:OKTA) executives outlined the company’s strategy for securing artificial intelligence agents during a technical session focused on product direction, identity governance and emerging enterprise risks tied to agentic AI.

David Bradbury, Okta’s chief security officer, opened the event by noting that the discussion would focus on technology and that the company would not take financially related questions. Ely Kahn, Okta’s chief product officer, and Harish Peri, senior vice president and general manager for AI Security, then described how Okta is extending its identity platform to support AI agents as first-class identities.

Okta Frames Identity Platform Around Pre-, During- and Post-Authorization Controls

Kahn said Okta has spent the last three to four years building what he described as a complete identity platform spanning pre-authorization, authorization and post-authorization use cases. He highlighted products including Identity Security Posture Management, Identity Governance, Okta Privileged Access, Okta Access Management, Okta Device Access and Identity Threat Protection.

Kahn said Identity Governance has become one of the fastest-growing products in Okta’s portfolio and recently crossed 2,000 customers. He said the product helps customers manage access requests and certifications to ensure users retain appropriate privileges over time. He also positioned Okta Privileged Access as a complement to governance for high-risk resources such as databases and Amazon EC2 instances.

On reliability, Kahn said Okta has a four-nines official service-level agreement and has recorded 100% uptime so far this year. He said that over the past three years, Okta has had roughly 69 minutes of downtime, contrasting that with “over 2,000 minutes of reported uptime” for Microsoft.

Company Emphasizes Platform Consolidation

Kahn said Okta is working with large customers on what he called “identity platformization,” in which companies consolidate legacy identity tools into a single Okta-based platform. He cited one Fortune 2000-type customer using separate legacy tools for identity management, access management and privileged access management. According to Kahn, that customer is expected to complete its re-platforming this year and estimates roughly 40% “economies of scope” in the form of cost savings.

For 2026 product strategy, Kahn listed five major areas of focus:

  • Okta for AI Agents;
  • Maturing Identity Governance Administration capabilities;
  • Maturing privileged access management capabilities;
  • Building an identity security fabric across products;
  • Using AI-native product development internally.

Kahn said Okta is using coding agents across product teams and is seeing 50% gains in product life cycle development while maintaining standards around uptime, resiliency and security.

Executives Detail AI Agent Taxonomy and Security Model

Kahn said Okta classifies AI agents into four broad categories: embedded agents, standalone SaaS agents, agents associated with automation platforms and homegrown agents. He said embedded agents, such as Zoom companion agents, are generally hard-coded into SaaS applications and are not the type of agents Okta seeks to protect. By contrast, he said standalone SaaS agents, automation-platform agents and custom-built agents can be onboarded into Okta’s platform for governance and protection.

Okta’s AI agent framework centers on three questions, Kahn said: where agents are, what they can connect to and what they can do. He described a reference architecture that includes agent discovery, registration into an agent registry, assignment of a human owner or autonomous identity, application of entitlements and access reviews, and enforcement of coarse- and fine-grained access controls.

Kahn said Okta has delivered some of these capabilities and is building others over the next six to 12 months. He said the platform can discover known agents through direct integrations with tools such as Amazon Bedrock and Salesforce Control Tower, while homegrown agents can be imported through an SDK. Okta also supports browser-based discovery of unknown agents using its browser extension, he said.

Kahn said Okta’s platform can monitor AI agent behavior, produce logs for security information and event management systems and provide a “kill switch” to revoke tokens if an agent begins acting suspiciously or maliciously.

Okta Says Enterprises Need Centralized Control for Agentic AI

Peri said Okta’s goal is to help customers become “secure agentic enterprises,” arguing that agents will increasingly be embedded across product development, employee workflows, customer interactions and partner or supplier connections. He said many customers are already rolling out agents and now face the challenge of discovering where those agents are operating.

“The cat is out of the bag,” Peri said. “The question is, where did the cat go?”

Peri said customers are asking how to control development assistants such as Claude Code, OpenAI tools and Cursor, and how to prevent agents from making harmful decisions without human oversight. He described AI agent security as involving three layers: the model, the identity and authorization layer, and the data layer. Okta is starting with control of identity, authorization and access for enterprise agents, he said.

Peri also argued that traditional Zero Trust frameworks were built for human users and need to evolve for autonomous, nondeterministic agents. He said regulators and auditors will require companies to prove whether a resource was accessed by a user, an agent or an agent acting on behalf of a user through a multi-agent chain.

Executives Address Market Adoption and Differentiation

During the question-and-answer portion, Kahn said the most prevalent AI agents among customers today are coding agents. He cited one large financial services customer that said it had more than 2,000 production agents, compared with Okta’s earlier assumption of roughly 20 production agents at a large customer.

On discovery, Peri said merely listing agents on a dashboard is not sufficient. He said the key is registering agents in a central identity directory and routing tool calls through Okta for authorization. Kahn said Okta currently supports browser-based discovery for unknown agents and direct imports for known agents, and said Okta Verify gives the company broader endpoint visibility that could support future discovery capabilities.

Kahn said Okta has “caught up” with legacy identity governance vendors, pointing to more than 2,000 Okta IGA customers. However, he said IGA is only one component of securing AI agents, with the more central requirement being least-privileged agent identities and small blast radiuses.

The executives also discussed Okta’s agent gateway, which Kahn described as both an access point for agentic tools and a policy enforcement point. He said it enforces whether agents can access specific tools based on the agent’s permissions and, where applicable, the permissions of the human user on whose behalf the agent is acting.

Looking ahead, Kahn said static permissions and periodic access reviews may not be sufficient for increasingly autonomous AI agents. He said Okta is investing in dynamic, just-in-time permissions that account for agent intent, anomalous behavior and guardrails.

Peri said Okta is working as an ecosystem player, citing Anthropic as one example of a partner supporting Cross-App Access. He said Okta also has integrations with cybersecurity vendors and agentic platforms, and he described the company’s role as helping customers bring together the reference architecture for securing AI agent deployments.

About Okta (NASDAQ:OKTA)

Okta, Inc is a publicly traded provider of identity and access management solutions, headquartered in San Francisco, California. Founded in 2009 by Todd McKinnon and Frederic Kerrest, the company completed its initial public offering in April 2017. Under the leadership of McKinnon as chief executive officer and Kerrest as chief operating officer, Okta has grown into a leading vendor in the cybersecurity space, focusing on secure user authentication, single sign-on and lifecycle management for digital identities.

At the core of Okta’s offering is the Okta Identity Cloud, a suite of cloud-native services that enable organizations to manage user access across web and mobile applications, on-premises systems and APIs.