What the GenAI paradigm shift means for Identity

Generative AI is the biggest technology paradigm shift of our generation. As a technologist at heart, I couldn’t be more thrilled about its potential. 

Here’s how I’m thinking about identity’s role in the AI future, AI’s impact on the threat landscape, Okta’s AI capabilities, and what’s coming next for Okta and AI at Oktane.

The role of Identity in AI

We’ve all seen the power of technological shifts. The transition to the cloud was an early inflection point for Okta, and identity was a driving force behind the rapid adoption and global scale of the cloud. We’re entering the next major technological shift with AI, which will open the door to more technology, more applications, more connections, and more authentications. Just as was true with cloud computing, identity has a critical role to play in the AI era.

AI will continue to have a profound impact at all levels of the technology stack — it’s paving the way for the development of new software and technologies that will all need secure and frictionless connection points. And in blurring the lines between humans and machines, the role of identity only becomes more important. 

It won’t be long until every company is an AI company, but in the meantime, Okta is supporting over 100 AI companies. We are the identity layer for customers like OpenAI, Character.AI, Browse.AI, and Hypotenuse.AI — they all rely on Okta to create secure user experiences at scale. They’re solving fascinating use cases across all industries, further proving that AI inspires developer creativity and speed.

We’re not stopping there. Okta Ventures also invests in companies supporting AI usage, like Pangea Cyber, which helps developers build secure and compliant application experiences.

Okta is excited to help our customers grow and scale on their AI journeys and we’re proud to work with these innovative leaders to fuel the growth of the AI ecosystem.

The AI-powered threat landscape

I’m clearly excited about the future of AI, but I’m also aware that as with any new technology, it also introduces new risks and avenues for threat actors to exploit a wider range of vulnerabilities. Here are just a few examples:

  • Zscaler told the Washington Post that AI was a factor in their 47% surge in phishing attacks last year. The rest of the article talks about the expectation of increased threats due to AI.
  • The nonprofit Open Source Foundation for Application Security (OWASP), famous for its top 10 threat lists, released a preliminary mapping of the Top 10 for LLMs.
  • AI-driven bots are already faster than humans at solving CAPTCHAs.
  • And this new tech can end up requiring more human involvement. Gartner warns that “Through 2025, attacks leveraging generative AI will force security-conscious organizations to lower thresholds for detecting suspicious activity, generating more false alerts, and thus requiring more — not less — human response.” (Gartner, 4 Ways Generative AI Will Impact CISOs and Their Teams, Jeremy D'Hoinne,  Avivah Litan,  Peter Firstbrook, 29 June 2023) GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S and internationally and is used herein with permission. All rights reserved.  

Okta’s AI capabilities 

We have been using AI in our technology and to fight malicious actors for a while now. It’s long been embedded in what we do and it fuels plenty of products we all use today, including core features across the Workforce and Customer Identity Clouds.

Workforce Identity

AI-driven features

  • ThreatInsight: Leverages data from our customer network, admins, and end-users to protect your workforce from credential-based attacks. Okta’s proprietary machine learning (ML) model detects if an org is under attack, flagging malicious IPs faster than ever before. 

  • Telephony Anti-Toll Fraud System: Provides live evaluation against toll-fraud machine learning model upon voice or SMS request and enforces rate limits to high risk-score transactions with a 20% improvement on effectiveness when compared to a heuristic-based approach.
  • Adaptive Multi-factor Authentication (AMFA): Introduces additional intelligence into Identity flows by taking into account the ever-changing context in which an authentication request is made. By dynamically adapting security and authentication policies, adaptive MFA can simultaneously improve an organization’s security posture and user experience.

Customer Identity

AI-driven features and tools

  • Bot detection: This feature uses a machine learning model that ingests 60+ inputs, detecting up to 79% of bots

  • Identity Threat Level (ITL) Tool: Using aggregate (and anonymized) observations and data patterns across our customer base, we calculate an ITL for different industries and geographies, with the option of introducing additional slicing and dicing on other common attributes. 
  • Adaptive MFA: Provides intelligent access that fits a business’ needs while adapting its customers’ login behaviors. AMFA offers a challenge when a login is deemed risky — and preserves a seamless experience at all other times.

Importantly, I want every Okta customer to know that we rigorously anonymize data according to data privacy regulations as well as contractual obligations. Utilizing this data in a trusted manner enables us to provide an unprecedented layer of security for our customers. 

Investing in AI innovation across Okta

Beyond its use in our existing features and tools, our teams continue to find new ways to innovate with AI. Last year’s hackathon resulted in multiple patent applications, such as voice verification factor in multi-factor authentication (MFA) using deep learning. This year, 25% of hackathon projects focused on AI experimentation — including the consideration of a new LLM model. 

It’s always been important to us to develop new features and products in the right way. To that end, we’ve worked closely with our legal and governance teams to establish clear guidelines for AI usage. These include not using customer or private data and are regularly updated to keep up with emerging technologies. Responsibly accelerating innovation means more possibilities for our customers. 

More AI at Oktane

Each year at Oktane, we gather our community of customers, developers, and partners to share the latest and greatest in identity. It should be no surprise that we’re focusing this year’s Oktane on our innovative path forward with identity and AI. We’re making a series of announcements around the AI features we’re rolling out across the Customer and Workforce Identity Clouds that draw on the reach and depth of our ecosystem of integrations, customers, and developers. 

Find out how Okta is powering the AI era. Tune into Oktane October 3-5 to learn more.