LAS VEGAS — Securing AI agents is essential to the future of cybersecurity, Okta co-founder and CEO Todd McKinnon said in a keynote address at the Oktane conference here Thursday (Sept. 25). In fact, he said, the current unsecure state of AI agents and LLMs threatens to undo a decade of cybersecurity efforts.
"If we don't do something differently, we're at risk of taking a step backwards 10 years," McKinnon said. "All the security progress we've made — you've done such a great job with phishing and cross-site scripting and building more secure web apps — this is the potential to throw it all away, and we can't let that happen. The next decade will be defined by how we secure AI."
As an example of the AI-related threats that organizations currently face, McKinnon pointed to the recent rash of Salesforce compromises by the
Shiny Hunters group, which involved the compromise of an internal AI agent. Companies as diverse as Chanel, Google and and Qantas were affected, with employee and customer data stolen.
"Because of the work we've done to harden our corporate infrastructure, we [at Okta] were not impacted by this breach," McKinnon said. But he clarified that that was not a boast, but instead a warning to companies that had not implemented the proper safeguards. "This is an example of what can happen in our industry without the right security for AI agents. We have to fix this problem. We have to elevate the industry. We have to show the industry a better way."
Upgrading AI agents to near-human status
That better way, he explained, is raising AI agents to the highest level of identity protection and controls — a first-class identity, in Okta terms, on the same tier as user groups and human users. Within Okta's products and platforms, this means incorporating several new features.
The first is
Cross App Access, Okta's name for an addition to the open-source OAuth authorization standard. Cross App Access extends the OAuth mechanisms that control human users to AI agents, limiting their access to resources and implementing read-write-delete controls over files.
At the moment, most AI agents ask their human controllers to grant permission for every potentially risky action the agents take, creating request overload. Cross App Access shifts the control of permissions and authorizations from individual users to company-wide policies, resulting in a more cohesive security posture and a less disruptive experience for the human supervisor of an AI agent.
This is necessary because, as McKinnon explained, AI agents are not regular non-human identities. Instead, they combine the unpredictability of human users with the speed of deterministic algorithms and machine-learning models, and they need to be treated as a third type of user separate from the other two.
"These AI agents are a powerful new identity type," he said. "They can act independently on their own, or on behalf of a user or a team or a company. They can access tools, applications, and data. They can plan and complete tasks on their own. They're kind of like a piece of software, kind of like a system account, kind of like a person — somewhere in between."
McKinnon went on to quote a friend's characterization of AI agents: "It's like you take an insider threat and you just put it in your company and give it all the access it needs."
Another major new innovation is
Auth0 for AI, letting developers using Okta's Auth0 authorization model to quickly and easily institute Cross App Access to AI agents within their own organizations.
Along with the addition of AI agents as top-tier identities to Okta Identity Governance, Okta's identity governance and administration service, McKinnon said it all combines to create what he called an "identity security fabric" embodied in the Okta Platform.
"Without identity security, AI security collapses," McKinnon said, "AI security is identity security. You can't be successful in one without the other."
Finding and corralling rogue AI agents
To illustrate McKinnon's point, Harish Chakravarthy, Okta Senior Technical Marketing Manager, and Mallory Sword Glenn, Okta Product Marketing and Strategy Leader, demonstrated how the Okta administrator interface listed AI agents alongside human users and groups, showing which humans had responsibility for each agent.
"Agents are now in the Okta platform," said Chakravarthy, "which means your IT teams, your security teams, they can move from being reactive to breaches and move into a place where they're proactive and staying one step ahead of threat actors and take care of their organization's security."
However, what about when overprivileged agents are spun up, used for a time, and then left alone and forgotten? Chakravarthy called that "agentic sprawl."
"One of the big problems with agents moving really fast into production is the risk of agentic sprawl," he added. "But again, agents are in the Okta platform, which means Okta identity governance can fix that."
Glenn showed how the Okta Platform could also discover unauthorized AI agents, such as those spun up by a sales group, and bring the agents under the identity-control umbrella, limiting their access to sensitive areas and assigning each a human supervisor without blocking or deactivating the agents.
"Companies that invest in an identity security fabric and that invest in securing every identity type across every use case, integrated to every resource," aid Chakravarthy, "those are the ones that are going to get ahead and stay ahead in our AI future."
Not limited to just one company
Overall, McKinnon stressed, Okta's efforts to secure AI agents are just part of the company's goal of making identity secure safer for the entire tech industry.
"Our core priority is incredibly clear," he said. "It starts with this
Okta Secure Identity Commitment, which is our long-term commitment to lead the industry in the fight against identity-based attacks."
As an open standard, Cross App Access can be used by any identity provider that works with the OAuth standard, McKinnon said, and he hopes that even Okta's competitors will embrace it.
"It's bigger than just Okta. It will require the whole industry to work together to make this a reality," he said. "This is absolutely critical to our overall vision as a company, which is to free everyone to safely use any technology."
