APJ | Launch Week Showcase Edition
Enterprises across Asia-Pacific are building extraordinary things with autonomous agents. But the identity layer underneath hasn’t caught up yet, and in this region, that matters more than most.
If you’re leading a technology or security team in Asia-Pacific right now, chances are your organization is already putting autonomous agents to work. They’re connecting to your SaaS apps, pulling data from your APIs, and making decisions at a speed no human team could match.
That’s a good thing. It’s exactly the kind of progress enterprises should be making.
But here’s the part that hasn’t kept pace: most of these agents don’t have an identity. Not in any meaningful, governed sense. A recent survey of 150 IT and security decision-makers found that 86% view AI agent workflows as mission-critical, yet only 27% believe their identity systems are equipped to govern them. That’s not a failure of ambition. It’s a gap in the infrastructure underneath it.
What we’re seeing across the region
The pattern is consistent across Asia-Pacific: enterprises are moving fast on agent adoption, but identity governance hasn’t moved with them. The specifics vary by market, but the underlying challenge is the same.
In Korea, 55% of enterprises1 are actively using AI-powered applications, above the global average, but formal governance guardrails only took effect in January 2026. And in India, 85% of executives rate agents as high-potential, 67% are concerned about shadow AI risks2. Regulators are now asking for proof of control.
In Japan, about 60% of enterprises have AI governance policies on paper, but audit rates sit at roughly 20%3. For regulated industries with strict data sovereignty requirements, the question isn’t just what agents are doing, it’s:
Where is the data they touch being stored?
In India, the Digital personal Data Protection (DPDP) Act has raised the bar for organizations managing personal data at scale. For Banking, Financial Services, and Insurance (BFSI) sectors where Reserve Bank of India (RBI) and Securities and Exchange Board of India (SEBI) mandates are already stringent, unmanaged agents accessing customer records could be a compliance exposure.
Across Singapore 64% of enterprises have access controls for agents, yet 52% still cite unchecked agentic AI as a top concern.4 And 41% of executives reported no single owner for AI security risk.5 Controls without clear ownership don’t close the gap.
This is an identity problem
Every one of these challenges - shadow agents, ungoverned access, data residency risks - comes back to identity. When a human joins your organization, they get an identity with defined access, lifecycle governance, and accountability. Most agents don’t have any of that. They’re often provisioned with broad tokens, connected to sensitive resources, and left to operate without anyone tracking what they can do or who’s responsible for them.
That’s why at Showcase, we shared the blueprint for the secure agentic enterprise: a practical framework for moving from “unknown and uncontrolled” to verified, governed access. It comes down to three questions:
Where are my agents? What can they connect to? What can they do?
Across APJ, leaders are focused on investing in AI to drive business growth, but many still view security as a constraint on that momentum. With the right identity foundation, it doesn't have to be. Governed identity can help organizations bring AI initiatives into production with greater confidence, run multiple agent workloads in a more controlled way, and reduce the time from pilot to business value. That's the shift Okta is designed to enable: helping turn identity security into an accelerator for AI adoption, rather than a barrier to it.
What we’re doing about it
Okta for AI Agents, currently available in EA, brings autonomous agents into your identity security fabric. It gives security teams the ability to discover shadow agents, register them as identities with human ownership, manage privileged credentials through a secure vault, and govern agent lifecycles through certification workflows.6
For teams building customer-facing agentic experiences, Auth0 for AI Agents provides the identity foundation from day one, including Auth for MCP, which applies proven identity principles to authenticate and authorize every MCP client call as the protocol becomes the standard for connecting products to the AI ecosystem.
But product innovation alone may not be enough to close the gap in a region where data sovereignty and local infrastructure matter this much.
That’s why we’ve launched a dedicated India data center on AWS: enabling Indian enterprises to store identity data in-country while maintaining Okta’s global security standards. And in Japan, we’ve deepened our footprint with a dedicated Privileged Access production cell, Enhanced Disaster Recovery, and regional expansion of Identity Security Posture Management.
What this means for you
According to the enterprise buyer survey, 98% of SaaS decision-makers will factor AI agent controls into their renewal decisions. 83% cite data leakage7 as their top agent-related concern. These aren’t future concerns, they’re shaping procurement decisions right now.
If you’re already building with agents, and most of you are, the question is whether the identity layer underneath your new agents can keep up. The enterprises that get that layer right will be the ones in the best position to scale fastest, reduce risk, and keep the trust of their customers and regulators.
The identity gap is real. But it’s closable. And we’re here to help you close it.
Go deeper
These materials are intended for general informational purposes only and are not intended to be legal, privacy, security, compliance, or business advice. You are responsible for obtaining security, privacy, compliance, or business advice from your own professional advisors.ps do not represent a commitment, obligation or promise to deliver any product, feature, functionality, certification or attestation and you should not rely on them to make your purchase decisions. © Okta, Inc. and its affiliates. 2026.
