At Oktane 2025, one message was clear: AI is no longer just a tool. It has become a workforce of its own.
Enter the rise of AI agents, autonomous programs capable of accessing data, using applications, and completing tasks without direct human input. Their promise lies in speed, efficiency, and innovation at scale. But their presence also raises a critical question: Who is managing them?
“Ninety percent of organizations have deployed AI agents, but only about 10% have any way to govern or control them,” said Jack Hirsch, Vice President of Product Management at Okta.
That lack of oversight has consequences. In a recent npm malware attack, threat actors reportedly used local large language models, or LLMs, to run prompts that searched for crypto wallets and credit card information.
“We saw that as part of the malware, the threat actor was trying to use installed LLMs on the local machine to actually run ChatGPT-style queries to find crypto wallets and credit card information,” said David Bradbury, Chief Security Officer at Okta.
The challenge for businesses is finding a way to benefit from this technology without deploying agents that act without control or security measures.
Okta is aiming to address that challenge by expanding its identity security platform to include AI agents as first-class identities. The addition gives security teams the ability to track, monitor, and manage them alongside human users. The goal is to provide visibility into the entire IT ecosystem.
“[If] the user logs in in a very weird way, like six services at once. That doesn’t feel like a user. Those are the kinds of things we can pick up with reporting in Okta,” said James Simcox of Equals Money, an Okta customer.
Organizations also need to manage how agents connect to other apps and systems. It has become far too common for agents to retain persistent access from a single authentication. To address that, Okta unveiled Cross App Access, a new protocol that gives IT teams control over how AI agents access and interact with an organization's resources, helping prevent unintended or risky data sharing.
Through new standards and policies, Okta aims to enable teams to define access up front. The goal is to prevent rogue agents from taking unintended or malicious actions while encouraging a new wave of AI adoption and innovation.
Some organizations are already envisioning what that could look like.
“We could use our data and be proactive about [patients’] ALS journey before they’re falling or before it’s a problem,” said Samantha Luke, Senior Director of Technology and Support at the ALS Association.
AI agents are reshaping how work gets done, but they are also reshaping what security means. As companies race to harness their power, the question is no longer whether to use them but how to keep them in check.
