For more than a decade, Okta’s Businesses at Work report has charted the course of enterprise technology, revealing how organizations embrace new tools to drive innovation and productivity. This year, we’ve entered a critical inflection point. The rapid rise of agentic AI is fundamentally reshaping the technology landscape, introducing a new class of non-human identity (NHI) that operates at machine speed and unprecedented scale.
Based on Okta Platform data and a survey of more than 200 executives,* our 2026 report reveals a critical insight for leaders: Agentic AI readiness is identity readiness.
While organizations are moving quickly to deploy AI agents, the identity infrastructure required to secure them is struggling to keep pace. This creates both a significant challenge and a defining opportunity. For technology and product leaders, understanding this dynamic is key to executing with precision and building the carrier-grade solutions that will enable customers to innovate safely and lead in the age of AI.
Here are the key AI takeaways from this year’s report.
The agentic era is here, but governance lags behind
The shift to AI is not a future-state scenario; it's happening now. An overwhelming 91% of organizations report they are already using AI agents. However, only 10% report having a well-developed strategy in place to manage them.
This gap between adoption and strategy is particularly concerning, given how organizations are deploying these agents. The top use cases today include automating repetitive tasks (81%), enhancing customer service (65%), and improving internal workflows (60%). While these may seem low-risk, they inherently require access to sensitive systems and data. Without a mature, intentional governance framework, even routine tasks can introduce significant risk when performed by autonomous agents at scale.
Identity is the critical control plane
As enterprises scale their use of AI, they are confronting the reality that identity is the ultimate control plane. Nearly all respondents (99%) indicate that identity and access management is important to the successful adoption and integration of AI within their organizations, with more than half (52%) indicating it’s "very important."
Respondents are clearly aware that agentic AI’s potential benefits cannot be realized unless agents are managed and secured. And you can’t secure what you can’t see. We must be as intentional with our resources as we are with our code to enable visibility across this new landscape.
The surge in non-human identities creates a new attack surface
AI agents don’t operate in a vacuum. They rely on service accounts, API keys, and other NHIs to access applications and data. As these machine identities proliferate, they expand the attack surface, turning any over-privileged account into a potential vector for a high-speed, automated breach.
Our research shows that executives recognize the risk, with 58% citing AI governance and oversight as their top security concern related to AI agents. However, less than a third (32%) secure AI agents with the same rigor they apply to their human employees. This disconnect between priority and practice creates a dangerous security blind spot and a clear need for cutting-edge, unified solutions that bridge the gap.
The market is beginning to respond — we saw 650% year-over-year growth in the number of service accounts being centrally managed — but there is a long way to go to reach true engineering excellence.
Manual governance cannot scale at machine speed
The operational tempo of the agentic era is overwhelming legacy processes. We found that the average number of access requests per company has more than doubled in the past year (up 1140% over the past 2 years).
At this scale, any process still reliant on human reviewers becomes a critical security bottleneck, slowing technical velocity. This operational friction is a major barrier to scaling AI safely. It highlights a pressing customer need for automated, policy-driven orchestration that operates at the same velocity as the agentic systems it controls.
The way forward: Securing the agentic enterprise
The rise of agentic AI is more than just the next technology cycle; it’s a catalyst forcing every organization to reassess its security strategy. The findings from this year’s Businesses at Work report make it clear that identity is no longer just a component of a security strategy — it is the foundation of the modern security framework.
Is your identity strategy ready for the speed and scale of AI? The answer is the difference between standing still and moving faster than the competition. We are committed to helping you innovate securely so you can lead with confidence in the agentic era.
To explore these findings in greater detail, download the full 2026 Businesses at Work report.
* Okta’s 2026 Businesses at Work report analyzes data from the Okta Platform and the applications and services connected to it between November 1, 2024, and October 31, 2025. The report also incorporates findings from Okta’s AI at Work 2025 survey of 261 C-suite and VP-level respondents.
