Please visit our Oktane 2025 page for complete coverage of the event.Top executives from Auth0, Okta's identity-management development platform, walked through the latest features added to Auth0 at the
Oktane 2025 conference in Las Vegas last week.
"Today,
identity is mission-critical," Shiv Ramji, President of Auth0, told the keynote audience. "It's how you secure your business. It's how you personalize every digital experience. And most importantly, it's how you earn trust."
Ramji, Auth0 Chief Product Officer Gareth Davies and Auth0 CTO Bhawna Singh gave demonstrations on how Auth0 worked in practice; announced that Auth0 for AI Agents would be generally available in October; unveiled a new feature called Auth (no zero) for Model Context Protocol (MCP) servers; and touted the benefits of the open-source
Cross App Access standard for managing AI agents.
"As MCP becomes the go-to protocol for companies to make their products and internal applications available for AI, Auth for MCP is how we strengthen this AI ecosystem to build trusted, secure integrations," said Singh.
AI without tears
Ramji didn't announce any new developments but recapitulated the importance of securing
AI agents and how Auth0 would let developers do so in their own applications.
"To get AI right, you have to get identity right," he repeated several times. "When AI isn't secure, the risks are real. And we've all heard of customer records being leaked, employees being tricked into exposing data, and infrastructure left vulnerable. The big lesson is this. Security can't be an afterthought even when you need to move fast."
Ramji cited statistics that five times as many people were using Google Gemini AI in September 2025 than during October 2024 and the previous Okta conference.
"From here on, every application you build, whether it's customer-facing or internal, needs to be built with AI in mind," he said. "We believe AI will unlock incredible new opportunities, but it also introduces new risks."
Oversight of AI applications is patchy at best, according to
a recent survey commissioned by Okta that found 91% of organizations using AI agents but only 10% that had implemented robust controls for managing them.
Ramji said that survey indicated that many organizations simply didn't know what their AI agents were connecting to, didn’t know who was connecting to the AI agents, and weren't able to tell, or didn't know what to do, if the AI agents were compromised or delivered erroneous results.
"These aren't hypothetical questions. They are questions of trust, and of identity," he said. "That's where Auth0 comes in. We've always helped builders manage human identities. Now we do the same for AI agents."
Developers now must build AI capabilities into every application they build, Ramji said, both in terms of using AI as an application feature but being able to work with AI agents in other applications. These capabilities need to be built-in from the start, he emphasized.
"Identity can't be bolted on after the fact," he said. "Agents need to be secured by design. And securing agents with identity is fundamentally different from securing traditional apps."
Identity's importance in high-price transactions
Ramji introduced Toby Roberts, Senior Vice President of Engineering and Technology at Zillow, to discuss how Zillow was using Auth0 in its development processes.
"At Zillow, our mission is to make home a reality for more and more people," said Roberts, whose company has long used a machine-learning property-estimating program called Zestimate to gauge home values. "AI can provide huge leaps forward in making that just an easier and more customer-friendly and easier experience."
Roberts explained that Zillow needs to serve and gain the trust of both home renters and buyers and the real-estate agents who list and make commissions on sales and leases.
"In order for us to live up to our mission, all of this is based in a foundation and rooted in the fact that we must have identity at its core," he said. "We must understand who our customers are, who the real estate agents are, in order for us to fulfill that mission."
To that end, Roberts said, Auth0 has provided tremendous benefits in terms of managing identity and authorization with Zillow's software, especially when it comes to deals and arrangements involving many parties. He also stressed the security features provided by Auth0 and their importance to customers.
"Security isn't an option for us. If you think about the transactions that Zillow handles, they are long-running multi-party financial transactions," he said. "They're very expensive transactions, too. Many of them will be the most expensive financial transactions that people make in their lifetimes."
New features for Auth0
It was left to Davies and Singh to provide details about the new features. Auth0 for AI Agents (initially called Auth for GenAI) had already been announced and made available in preview
back in April, but Davies announced that it would become generally available in October.
"How do we secure AI agents?" Davies asked. "Well, after hundreds of conversations with developers and leaders, we fold it down to four requirements: user authentication, secure API access, auditable async interactions, and granular data access.
"Now, if you're a builder, these requirements should sound familiar," he added. "Each of these requirements maps to the features of Auth0 for AI Agents."
Both he and Singh chronicled how fictional companies could use Auth0 for AI Agents to securely include AI capabilities in their applications, along with audit trails if anything were to go wrong.
"With async auth," Singh said, "humans stay in the loop to consent to agent requests for the full audit trail."
Singh detailed the benefits and risks of the Model Context Protocol (MCP), an open standard introduced last fall by Anthropic that has quickly become the leading means of connection between AI agents, LLMs and the applications they seek to interact with.
"If an employee sets up an integration between an AI agent and an app like Slack or Google Drive, it creates an app-to-app connection that lacks IT oversight," Okta Chief Product Office
Arnab Bose told us earlier this year. "That creates serious blind spots for security teams. And because many of these connections bypass traditional identity checks, there's often no easy way to revoke access if something goes wrong."
Because of the risks inherent with MCP, Auth0 is introducing a new feature called Auth for MCP, Singh said at Oktane.
"We have been working with customers and partners to bring identity controls to MCP service, both for internal and external use cases," she said, without providing further details.
Treating AI agents like humans
However, she implied that a lot of its power would come from Cross App Access, the extension to the OAuth open authorization standard that is currently under review by the open-standards board.
Cross App Access, which handles AI agents in much the same way as it handles human users, is slated for general availability in the Okta and Auth0 platforms in 2026.
"Cross App Access transforms how applications and agents request access to data in an enterprise, avoiding the need for end user consent and enforcing access in the identity product," said Singh.
Ramji returned to the stage at the end of the keynote to reinforce how Auth0 prepares developers for secure and seamless integration of AI agents and AI readiness into their applications.
"By building with Auth0," he said, "you get fabric-ready applications and AI agents from day one, whether they're B2B, B2C, or even internal applications, with a platform that's easy to integrate, flexible for your needs, and secure by design."
