Okta writes its own license to kill rogue AI agents

Rogue agents are dangerous, but eliminating them is never easy. Jason Bourne, Ethan Hunt, and James Bond have each run afoul of their governance at various junctures, yet stopping them takes sequel after sequel until all the loose ends are tied up and they eventually die or retire, only to get rebooted. It's not so different in the world of AI agents. Okta leaders, citing the company's own research, say enterprises are deploying AI agents faster than they are securing them, with 92 percent of executives reporting moderate or widespread use of autonomous AI agents, but only 22 percent saying their organizations have identities tied to those agents. That is a real problem," Okta president and chief operating officer Eric Kelleher said during the company's earnings call on Thursday. It's a measurable, quantifiable exposure customers have right now within their companies, and they need to invest to fix it." In short, when agents go sideways, someone has to handle the dirty work. Okta CEO Todd McKinnon told investors that's what ServiceNow was asking for when the ITSM market leader came calling. What they were really interested with Okta was this kill switch capability," McKinnon said during earnings. When agents go awry and agents aren't following the policy, how do you shut them down? ... The one thing we do really well, and that they wanted from us, is the ability to sever the connections, the access tokens, the actual logical connection at the authorization layer to the backend resources, and we're really good at that." ServiceNow has previously said its acquisition of Veza could provide that capability. In a statement to The Register, a ServiceNow spokesperson said Okta serves as the logical connection to backend resources at the identity layer, while Veza gives ServiceNow visibility and control over the permissions graph. "To clarify how the pieces fit together: ServiceNow's AI Control Tower is the orchestration and governance layer that monitors risk and detects when an agent is behaving outside policy. When that happens, the platform can trigger remediation actions across multiple identity and access systems, including Okta, which handles token revocation at the authorization layer," the spokesperson said. Veza, which ServiceNow acquired earlier this year, operates at a different layer, the spokesperson said, mapping permissions across human, machine, and AI identities at scale, and it lets ServiceNow revoke agent permissions directly within the ServiceNow platform, which is its own "kill switch." McKinnon said that he has spent the past six months meeting Okta's largest customers in person, reaching roughly 75 of the company's top 100 accounts. The pattern he saw across those conversations was that agents are widely deployed, but the controls around them are immature. You'll have a development team that's using Claude Code, but it's connected to GitHub and their Jira system with static tokens in the local developer box," he said. So that company is using agents, but they've really done it in a haphazard, non-secure way." He said the company's two leading products for controlling AI agents - Okta for AI Agents and Auth0 for AI Agents - are not yet contributing substantially to the company's revenue, but Okta sees an industry in need just over the horizon. It's going to be big. We're pouring a lot of R&D effort into this and focused on it. The interest is super high and unlike anything we've ever seen," he said. McKinnon said that there are several ways to control rogue agents, whether it's stopping them from running or quarantining them at a network level, but all of that relies on observability and permissions that need to be set from the beginning. Okta's proposed answer is to apply the model it already uses for employee and customer access to the AI agents themselves. McKinnon said Okta can identify the agents operating inside an organization, maintain a record of them, and set rules governing what systems each agent may reach. "We tell you who your agents are. There's a directory of agents," he said. "We can scan multiple platforms and multiple systems and give you that source of truth of where your agents are, and we can help you set a policy on what they can connect to." For large enterprises running thousands of applications, he said, rewiring each one to accommodate agents is not practical, so Okta instead places an authorization layer around the agents to control their permissions and connections. Rival identity platform Microsoft Entra also boasts that it has similar capabilities. Autonomous agents authenticate directly with the Microsoft Entra ID platform using their agent identity and the client credentials flow, Microsoft says. Entra assigns identities to agents, autodiscovers them across an organization, applies Conditional Access rules and permissions, and lets customers disable entire classes of agents in a single operation, Redmond says. McKinnon said that, while the market is busy hunting for winners and losers in the AI agent race, customers want a secure experience regardless of the vendor. In addition to its work with ServiceNow, Okta partnered with Salesforce last year and AWS this month. Okta for AI Agents integrates with Amazon Bedrock AgentCore, a fully managed AI service from AWS to provide identity governance for agents, including ownership assignment, lifecycle management, and "the ability to deactivate rogue agents." I think there's going to be way more working together than people think," McKinnon said. We're really excited about our conversations with Amazon and their AgentCore, Agentforce from Salesforce, and the message from customers is clear. They want this identity layer and this connectivity layer to be independent to give them more flexibility, and I think the industry is coalescing around that." (R)