A new security architecture is emerging to help enterprises manage and secure a growing wave of non-human identities — many of them created by artificial intelligence (AI).
As companies adopt AI tools and autonomous agents across their operations, the number of entities accessing corporate systems is multiplying. Each one, whether a human employee, service account, or AI agent, represents a potential entry point for attackers. Until recently, there was no systematic framework to effectively manage all of those identities in one central location. The identity security fabric could change that.
At Oktane 2025, Okta CEO and Co-Founder Todd McKinnon described the concept as a centralized control plane for every identity type, every use case, and integrated across every resource. The concept is bigger than any one vendor or product. It must be an industry-wide effort, he said.
For an identity security fabric to be effective, AI agents and apps must adhere to shared standards, according to Okta Chief Operating Officer Eric Kelleher.
“The idea is any identity security fabric, including Okta’s, but not only Okta’s, can manage these agents,” Kelleher said. “That will allow developers to get their agents deployed faster through more companies, because deep visibility requires that all identities follow a similar set of modern authentication standards.”
At Okta, both the Okta and Auth0 Platforms are designed to bring the identity security fabric to life, enabling organizations to secure every identity with a unified approach. The company also introduced Cross App Access (XXA), a new open protocol to help secure AI agents and app-to-app interactions.
XXA gives IT teams control over which applications can connect and what data AI agents can access, addressing a blind spot in enterprise security where app-to-app connections often occurred without oversight.
The push for standardization comes amid mounting concern that AI is outpacing existing security controls. Industry experts say developers sometimes cut corners when adding AI features, introducing vulnerabilities. In one recent breach, a restaurant chain’s AI-driven hiring platform was compromised after attackers discovered a hardcoded password, exposing more than 60 million applicant records.
That kind of lapse, a simple credential buried in code, is precisely what an identity security fabric aims to prevent. By unifying how identities are created, authenticated, and governed, the framework enforces consistent policies across every system, whether the user is a person or a machine. If widely adopted, it could help transform identity from a vulnerability into the cornerstone of enterprise resilience.
