Most enterprises deploy AI agents without basic security controls
Companies are racing to build and deploy AI agents faster than their security teams can manage them. One major technology company recently discovered this the hard way when an AI agent deleted a live production environment - a single mistake that illustrated the stakes of inadequate oversight.
The problem is widespread. A survey by Gravitee found that 88% of enterprises had already identified security issues with their AI agents, yet only 22% had integrated those agents into their identity-management systems.
The scale of deployment is accelerating beyond what most organizations anticipated. A large financial-services firm now runs 2,500 AI agents in production, with individual agents spawning sub-agents beneath them. Last fall, industry estimates assumed large enterprises would have roughly 25 agents on average. Those assumptions are already obsolete.
Identity management becomes the control mechanism
Okta believes the answer to managing this proliferation lies in treating AI agents like any other identity that needs access to corporate resources. The company unveiled its Okta for AI Agents platform on March 16, available to general customers April 30, built around three core questions: Where are your agents? What can they connect to? What can they do?
The platform detects both official and shadow AI instances - the agents employees install themselves to boost productivity. Okta uses a Chrome browser extension to spot API calls and OAuth claims associated with AI applications, then adds detected agents to its Universal Directory for ongoing monitoring and control.
For locally installed agents, Okta integrates with security tools like SASE, network-security platforms, and EDR systems to provide visibility beyond browsers.
A gateway controls what agents access
The Agent Gateway functions as a central hub that mediates all agent access to corporate resources. It works by creating a virtual Model Context Protocol (MCP) server that acts as a proxy, allowing organizations to consolidate permissions across multiple tools into a single point of control.
Instead of mapping permissions to dozens of individual systems, teams configure one virtual MCP server with least-privilege settings. The gateway issues ephemeral access tokens - short-lived credentials that agents can use temporarily but cannot reuse. This design prevents the kind of compromise that occurred in summer 2025, when long-lived OAuth tokens were stolen and used to breach hundreds of Salesforce instances.
Agent credentials are also stored in Okta's Privileged Credential Management system, where they are vaulted and rotated periodically.
Human accountability and emergency shutdown
Each AI agent is assigned a human owner who bears responsibility for the agent's actions, similar to how a dog owner is liable for the animal's behavior. Agents receive no more permissions than their human owner has, and sometimes fewer.
The platform includes a "kill switch" called Universal Logout for AI Agents that revokes all access if an agent deviates from its intended purpose. Agents are subject to automated access reviews and audits that track their activity over time.
Okta's leadership indicated the company plans to expand beyond identity management into adjacent security areas. The platform represents what Okta calls "the blueprint" for the secure agentic enterprise - an approach to managing AI systems that applies the same zero-standing-privileges and least-privilege principles already used for human and service-account identities.
Organizations managing AI Agents & Automation deployments should understand these control mechanisms. The AI for Management perspective emphasizes that oversight and governance must scale alongside agent deployment.
Your membership also unlocks:
