The pressure to build or adopt AI applications faster than competitors can have a dangerous side effect — security falling by the wayside.
In an interview at Oktane 2025, David Bradbury, Okta's Chief Security Officer, sat down with theCube host Rebecca Knight and analyst Jackie McGuire to discuss the security challenges facing companies as they turn to AI to transform their business.
As people rush to build AI applications and push them out the door, they may cut corners on security, making mistakes such as hardcoding passwords in agents to talk to other services or using static API keys, Bradbury notes. What Okta is looking at as it examines the ecosystem of these agents, he adds, is where the developers who are building agents are having trouble. This approach has led to a focus on authentication, token management, and ensuring access decisions are context-aware, he says.
"Not only is it really important to shine a spotlight on developers building secure agents, but it's time to think about how we are going to manage agents in an enterprise," he says. "As we start to see all of these agents being deployed, how are we going to ensure that we have a secure identity from day one, and that we're governing and managing that identity from day one?"
Effectively managing AI agents is fundamentally an identity management problem, he says.
"I think the most significant evolution of our thinking around agentic AI in the last 12 months is to recognize them as a different type of identity," Bradbury says.
Now that companies have gone from discussing AI adoption to making it a reality, the same challenges they faced in the past with other types of identities have emerged on a "huge scale."
"We've gone from talking about it to seeing it, and now we're actually seeing the incidents that are happening because, well, sadly, people are just not doing the right thing in securing their agents and managing them effectively," he says.
Threat actors are also utilizing — and targeting — AI applications in their attacks, says Bradbury, noting a spike in targeted phishing attacks against Okta customers in the last quarter.
"One of the reasons is that it is now so easy to create a perfect copy of a website using the AI tools that are out there," he explains. "Within seconds, you can create a pixel-perfect representation, and now that you can do this in seconds, we're seeing that threat actors are just moving faster."
Watch the video above for more of Bradbury's thoughts on securing agentic AI, the AI-driven tactics used by threat actors, and how to cultivate a culture of security with internal bug bounties.
