Anthropic recently launched Mythos — a model exceptionally good at finding software vulnerabilities in browsers, operating systems, and cloud infrastructure. It's a powerful demonstration of what advanced AI models can now do: surface zero-day vulnerabilities at a speed and scale that wasn't possible before.
But finding vulnerabilities is only part of the problem. What happens between discovery and fix — before a patch is applied — is where organizations are most exposed. You need layered defense and one of the only things protecting you is identity. Independent, neutral identity that sits across your entire stack, blocking malicious access at the point it matters most.
Who's accessing what? Are they authorized? Can access be revoked instantly?
That's what Okta delivers.
Okta operates at the identity layer
As AI models grow more powerful, the security perimeter shifts toward the identity layer. Models like Mythos will find bugs faster, effectively expanding the potential attack surface until fixes are applied. This makes rigorous identity security across every identity in the enterprise increasingly valuable — and urgent.
More than 80% of breaches involve compromised identity, and the vast majority are carried out by human-based threat actors. Securing workforce and customer identities remains the foundation of what we do.
And the challenge is growing. AI agents are becoming autonomous actors in the enterprise, adding a fast-growing new class of identity to govern. Every one of those agents needs an identity, scoped permissions, and governance. Whether the actor is human or machine, organizations need to answer the same questions: What's acting on your systems? Is it supposed to be there? Can you stop it in seconds?
That's exactly what Okta for AI Agents delivers, and it's shipping* now.
When a vulnerability is weaponized, Okta is the kill switch
Mythos represents a broader shift: AI models are accelerating every phase of the security lifecycle, from discovery to exploitation. As that pace increases, the window between vulnerability and fix becomes a critical battleground in cybersecurity.
Okta provides the unified, vendor-neutral identity control plane organizations need — the kill switch that revokes permissions instantly the moment something goes wrong and helps prevent lateral movement across the enterprise. That's true whether the threat originates from a compromised human credential, a misconfigured service account, or a rogue AI agent.
This is not a future-state argument. This is what Okta delivers today, across every identity, at enterprise scale.
Okta and Anthropic: partnering on what comes next
Okta operates where it matters most: the identity layer that history shows is where breaches succeed or are stopped. We’re actively working with Anthropic on the emerging Cross App Access protocol (XAA) and participating in the Agentic AI Foundation's Model Context Protocol. These efforts reflect a shared understanding that as AI models and agentic systems grow more powerful, identity governance becomes foundational infrastructure.
Mythos just proved why identity — and Okta — has never mattered more. And we’re ready.
*Currently in Early Access; General Availability planned April 30, 2026
