The Problem
In February 2026, a developer using a single valid credential discovered he could access over 6,700 DJI robot vacuums across 24 countries.¹
No passwords were stolen. No systems were breached. The platform simply had no boundary between one customer's data and another's.
This brief examines why that gap exists in most enterprise API architectures today, how the risk compounds when AI agents inherit those same credentials, and how to close it.
What Happened
A developer was building a side project with Claude—trying to control his DJI robot vacuum with a PlayStation controller. While connecting his app to DJI's network using his own legitimate credentials, he stumbled onto something unexpected: he could see and access every other vacuum on the platform. Over 6,700 devices across 24 countries.
He hadn't hacked anything. He hadn't stolen anyone's password. He used the product the way it was designed, and the system had no fence between one customer's device and another's.
What was exposed: live camera feeds from inside homes, microphone audio, and detailed floor plans built by the vacuum's sensors.
The developer reported it responsibly. He never misused the access. But a malicious actor with the same credential could have.
The breach required no stolen passwords, no hacking tools, no inside access. A valid credential was enough. No one had defined what that credential was actually allowed to do.
It was a missing fence, not a broken lock.
Your Exposure
This wasn't a niche IoT problem. The same structural flaw — Broken Object-Level Authorization — has ranked #1 in the OWASP API Security Top 10 since 2019,² making it the most prevalent API vulnerability class across industries.
Two Exposure Vectors Every Business Faces
1. Every API you publish has this boundary problem
When a user or system logs in successfully, most APIs default to allowing that credential to access any record it can reach. Without explicit authorization limits, a valid credential unlocks everything.
2. Regulatory surface area
Under GDPR and CCPA, unauthorized access to personal data (including home video or audio) is a reportable breach even when no data was deliberately exfiltrated. A system flaw that permits access is treated the same as an active theft.
The question isn't whether your credentials can be stolen. It's whether a stolen credential gives an attacker your whole system.
The DJI breach sits at one end of the spectrum: one credential, no limits, 7,000 homes exposed. At the other end, every credential is scoped to exactly what it needs, access is enforced at the resource level, and a stolen token is useless without the device that created it.
The remedy isn't better passwords. It's closing the gap between those two ends.
The AI Risk
Your AI tools—internal copilots, customer-facing assistants, automated workflow agents—work by calling APIs to get things done. Every one of those calls uses a credential. If that credential has no limit on what it can access, one bad prompt or one compromised vendor pipeline can expose everything the AI can reach.
The vacuum breach took nine minutes. An AI agent making hundreds of API calls per minute, with no access limits, could replicate the same exposure in milliseconds across every system it touches.
IoT Breach vs Agentic AI: Same Gap, Different Scale
Dimension | Smart Vacuum Fleet | AI Agent |
Time to expose | 9 minutes | Milliseconds |
Systems affected | One device fleet | Every API the agent can reach |
Attack trigger | Valid credential required | One manipulated instruction |
Human oversight | Detectable in logs | Often fully automated, no review |
Every AI integration you deploy today inherits the same credential architecture that made this breach possible—unless you explicitly design it out.
How Okta helps
Okta helps close this gap for your existing workforce, your customer-facing applications, and your AI agents. Four capabilities:
1. Credentials that expire the moment they leave the device
Okta issues credentials that are cryptographically tied to a specific device. If they're copied or intercepted, they're worthless. Think of a hotel key card that only works in the room it was programmed for.
2. AI Agents that can only access what they were explicitly permitted to access
Every AI tool, workflow agent, or integration gets a credential scoped to exactly the resources it needs. If an agent is supposed to summarize support tickets, it can't accidentally (or intentionally) reach your financial records.
3. A delegation model where sub-tasks get sub-permissions
When an AI agent hands off work to another process, it passes only the access that the task requires. Delegation chains don't accumulate permissions—they constrain them.
4. One place to audit every access decision
Every access request, whether from an employee, a mobile app, or an autonomous AI agent, flows through the same policy engine and audit log. Security and compliance teams have a single pane of glass.
The DJI breach was preventable by defining what a valid credential was actually allowed to do. Okta does exactly that—for every human, application, and AI agent in your environment.
The credential gap exists in most organizations today. The good news: Okta helps ensure the path from the current state to the secured state is well-defined. Most teams are closer than they think.
Learn more about how Okta secures AI here.
¹ Hollister, Sean. "A hacker found a way to remotely access thousands of DJI robot vacuums." The Verge, 2026. theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt
² OWASP API Security Top 10 2023 — owasp.org/API-Security/editions/2023/en/0xa1-broken-object-level-authorization/
