Governing AI agents for innovation and security inside the boundary you already trust

The recent Executive Order on “Promoting Advanced Artificial Intelligence Innovation and Security” makes the federal stance on AI unmistakable. The US policy is to promote AI innovation and security together, working with the private sector to modernize and harden government systems against external threats and to prioritize the cyber defense of civilian, defense, and national security systems. 

The order goes further, directing the Attorney General to prioritize enforcement against anyone who employs AI agents to unlawfully access data or further a crime. This order isn't theoretical; it's directing federal agencies to deploy AI agents immediately while simultaneously mandating that they secure them. 

For organizations caught between the pressure to innovate and the requirement to comply, this creates an urgent need for identity-first AI governance. While the executive order sets policy direction, the coming binding operational directives will establish specific implementation requirements for federal agencies, underscoring why identity governance for AI agents isn't a future concern—it's an immediate priority.

The message to agencies is clear: Adopt AI aggressively, but secure it as you go. That puts identity at the center of the mission. Okta recently achieved significant compliance milestones with its agentic capabilities, securing FedRAMP authorization for Okta for AI Agents - Core. This milestone brings secure agent governance to Okta for Government High and eligible Okta for Government Moderate customers, marking a new era for federal cybersecurity.

AI agents are the newest non-person entity—and the least governed

Zero Trust has always insisted on one principle: It must apply to all identities. Agencies already know they need visibility into and automated governance of non-human identities (NHIs), because that is a well-understood security gap. 

AI agents are the fastest-growing class of NHI yet, and the hardest to see. Anyone can spin one up, agents can create more agents, and each connects across apps, APIs, software as a service (SaaS) tools, Model Context Protocol (MCP) servers, and data systems.

For organizations under the new mandate to harden systems and defend against AI-enabled criminal access, an unmanaged agent is not just an operational gap—it is an unguarded door.

The gap is real—and specific

Government agencies are under pressure to deploy AI agents now. But running AI agents on regulated data outside a FedRAMP-authorized environment is more than just a compliance gap—it’s a significant security threat. 

That gap comes with concrete risks:

• Compliance violations: This occurs when AI agents touch data from environments that aren't FedRAMP-authorized. The moment an agent reaches regulated data outside an authorized boundary, the organization is exposed.
• Compounding breach risk: This happens when ungoverned agents operate at machine speed across apps, APIs, SaaS tools, and data systems with no consistent security controls. A single compromised credential doesn't grant access to one system; it grants access to everything an agent can reach before a human can intervene.
• Failed audits: This is common when agents run as orphaned accounts with no unique identity, no human owner, and no evidence trail.
• Stalled AI adoption: This occurs when the only "compliant" option is to delay deployment, putting agencies at odds with an executive order that calls for promoting innovation.

Leaders are left with an impossible trade-off: Move fast and risk a violation or breach, or stay compliant by putting AI initiatives on hold. The executive order asks for both speed and security, and identity is how agencies deliver them together.

Same federal boundary, new identity class

Our newly launched Okta for AI Agents - Core offering closes the gap by managing the full agent lifecycle inside the same FedRAMP environments you already trust Okta to run for human identity. Same boundary. Same assurances. New coverage for a new identity class.

This builds on the milestones Okta has already achieved in the federal market. Okta Identity Governance became FedRAMP High authorized earlier this year, extending modern governance and identity and access management (IAM) to federal government agencies. Bringing agents into that same identity fabric is the natural next step, not a parallel system to build and defend.

To achieve this, we’ve built a blueprint for the secure agentic enterprise that leverages your existing infrastructure and sets out to answer three key questions that any agentic organization must be able to answer: 

1. Where are my agents? 
2. What can they connect to? 
3. And what can they do?

1. Discover and onboard: Where are my agents?

You can't govern what you can't see, but you are accountable for your agents' actions. Every agent becomes a known, owned, first-class identity inside your environment, whether it came from a third-party platform or your own developers.

To achieve this, Okta for AI Agents delivers two primary onboarding capabilities designed to bring both third-party and custom-built agents under a single, unified control plane:

• AI agent import: Import known agents from leading third-party platforms using pre-built integrations within the Okta Integration Network (OIN), reducing manual setup and accelerating onboarding.
• AI agent registry: Bring custom-built, homegrown agents into Universal Directory as first-class identities. Assign human owners, apply the identity controls you already use, and manage every agent from one source of truth.

Each agent is onboarded with a clear human owner assigned—the accountability foundation auditors expect—with an emphasis on hardened, defensible systems.

2. Protect: What can they connect to?

Once agents are known and owned, you control exactly what they can reach. Admins define which resources an agent can access, how it authenticates, and what permissions it receives, with runtime enforcement on every connection. This replaces long-lived static keys and standing access with scoped, short-lived credentials issued only for what the agent needs. 

Protection extends across a variety of resource types:

• Authorization servers: Set up defined and enforced access for homegrown agents.
• Applications: Connect through brokered consent for secure, user-authorized access to third-party apps, enforced at runtime.
• MCP servers: Connect directly as managed resources with admin-defined controls and runtime enforcement.

The principle is least privilege, applied consistently, which is also the most direct defense against the over-scoped or hijacked agent the order is concerned with.

3. Govern: What can they do?

Agents enter the same governance lifecycle you already use for your workforce, so oversight is continuous rather than a one-time setup. This mirrors the modern identity governance and administration capabilities federal agencies already rely on: Streamlined, context-aware certifications to defend against privilege creep, and a complete audit trail for every access decision.

To enforce this continuous oversight, Okta for AI Agents extends our core governance capabilities to autonomous workflows through these key features:

• User Access Requests for AI Agents: Users request access from their dashboard while admins manage approvals, automate actions, and enforce time-bound permissions.
• User Access Certifications for AI Agents: Agents use the same standardized certification workflows as SaaS apps, so owners, managers, and security admins can review, approve, or revoke access with full auditability and automatic enforcement.
• Agent deactivation: When an agent deviates from its intended mission or accesses sensitive data unexpectedly, security teams have a real-time kill switch to contain the risk before it escalates into a larger incident.
• Audit logs and telemetry: Log all agent activity, including tool calls, authorization decisions, and access attempts, and optionally stream it to your security information and event management (SIEM) platform, providing the complete audit trail that fulfills the rigorous reporting requirements of oversight bodies like the Government Accountability Office (GAO).

What this means for federal agencies

Identity security isn't a compliance checkbox; it's the foundational layer that enables safe AI adoption. As our CEO, Todd McKinnon, notes, "You can't move fast on AI unless you can do it securely." 

The executive order recognizes this. Now organizations need to act on it.

Innovate aggressively. Secure relentlessly.

You don't have to choose between the speed of AI adoption and the strength of your security posture. With Okta for AI Agents - Core, every agent has a clear owner, defined permissions, and transparent oversight, all inside the regulated boundary you already trust Okta to run. Same boundary, same assurances, and full coverage for the fastest-growing identity class in government.

Ready to bring secure, compliant identity governance to your agency's automated pipelines? 

Contact our federal and public sector team to learn how Okta for AI Agents - Core can protect your mission.