Okta President and COO Eric Kelleher joined Alex Kantrowitz's Big Technology podcast to discuss the explosive growth of AI agents in the enterprise and the security challenges that have accompanied it. Kelleher stressed that while companies are "racing to innovate," most are falling short on crucial governance guardrails.
Kelleher noted that AI agents represent a major shift because they are “autonomous software that's capable of taking actions on a user's behalf.” This autonomy, which distinguishes the AI wave from prior technological shifts, creates risk when systems are rushed into production too quickly.
Security lags behind deployment
The pressure to deploy AI quickly has created a complex security issue, one that’s highlighted by a recent Okta survey: "Over 90% of [organizations] today have agents that are deployed in production, yet only 10% of them believe that the agents in production are currently being appropriately managed and secured," Kelleher said.
This "stark contrast really illustrates the state of the industry right now," he added. Kelleher pointed to an incident where a major restaurant chain deployed a job application agent that was compromised due to a default password of "123456," exposing data for over 60 million applicants.
Closing the security gap
To help secure AI agents, Kelleher called for new security standards, such as Cross App Access (XAA), which defines a standard protocol for registering and managing agents with an identity provider. The end goal is to help ensure agents can be managed, their credentials vaulted, and access rotated, he said.
Kelleher emphasized that securing this wave of innovation is not about slowing down progress, but providing the correct foundation. The focus must shift to an "identity security fabric that allows companies to control for that risk and to secure themselves and their users and their customers," he said.
