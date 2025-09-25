Looker_Studio - stock.adobe.com
Okta CEO: AI security and identity security are one and the same
At Oktane 2025 in Las Vegas, Okta CEO Todd McKinnon describes AI security and identity security as inseparable as he tees up a series of new agentic security innovations.
At its annual Oktane customer conference in Las Vegas, Nevada, identity and access management specialist Okta has been expanding its vision to be a first-port-of-call when it comes to securing non-human identities (NHIs) as a swelling wave of artificial intelligence (AI) agents causes their numbers to swell dramatically.
Among the announcements made today are new capabilities within both the Okta and Auth0 platforms that the supplier said will enable users to integrate AI agents seamlessly into their identity security fabrics.
A study released earlier in 2025 by Okta revealed that although 91% of organisations were already deploying agentic AI in search of productivity gains, but also that just 10% of organisations are today putting any form of cyber governance in place to manage agents – so Okta believes the risk is also rising, and fast.
Such risks are no longer theoretical; Okta cited incidents such as the now infamous breach which an AI bot built on the Paradox AI platform and used by fast-food giant McDonalds in its hiring process exposed the personal data of millions of job applicants to hackers who correctly guessed that its password was ‘123456’.
Okta CEO Todd McKInnon compared unleashing AI agents on an organisation’s environment to creating a lot of individual new insider threats.
“AI agents are a powerful new identity type. They can act independently, on their own or on behalf of a user or a team or a company,” said McKinnon. “They can access tools, apps or data, they can plan or complete tasks on their own. The pace here of innovation is absolutely stunning.
“These AI agents and the potential here, are getting very, very powerful and it’s happening very quickly.
“Without identity security AI security collapses. AI security is identity security, you can’t be successful in one without the other,” said McKinnon.
Read more from Oktane 2025
Identity specialist Okta is laying the groundwork for a number of incoming announcements designed to help its customers get to grips with the challenge of securing non-human, agentic identities.
Okta for Agents
Officially launched today, the firm’s new Okta for AI Agents concept will integrate AI agents into identity security fabrics to provide an end-to-end security wrap around them.
Among other things, the service provides tools to enable agent discovery and identification of risky – or rogue shadow – agents, centralised controls to manage their access, and automated governance to enforce wider security policies and manage their overall security journeys or ‘lifecycles’.
Notable among the features of the new package, Okta is talking up Cross App Access (XAA), a protocol which extends OAuth to secure agent-driven and application-to-application interactions. With support from partners such as AWS, Box, Google Cloud, Salesforce and many others, Okta said XAA will shift control from individual apps to the wider identity layer, bringing real-time visibility, policy-driven security, and safer agentic integrations.
“Enterprises everywhere are grappling with how to safely harness AI with company data. Our customers rely on Glean to unify that knowledge and empower AI agents to take meaningful action,” said Sunil Agrawal, CISO at AI data platform Glean, which has been working with Okta on XAA.
“Glean agents act strictly on behalf of the user – with no extra privileges. XAA takes that principle even further and represents the next step toward making it more secure and seamless for AI agents to connect across systems. We’re excited to support this emerging protocol and to help guide the industry toward standards-based agent interactions.”
Kristen Swanson, senior vice president of design and research at Okta, added. “The modern enterprise requires an identity security fabric that can unify silos and reduce the attack surface. Our latest innovations weave agents into that fabric to manage their entire identity lifecycle, leveraging open standards like Cross App Access that help elevate the entire industry and create a more secure AI-powered ecosystem.”
Elsewhere at Oktane, Okta unveiled Verifiable Digital Credentials (VDC), a new platform designed to reduce AI-powered fraud and potential friction during employee onboarding or other similar processes by enabling organisations to digitally prove a user’s identity and eligibility, and establish ongoing trust.
Stories of resilience
At the Oktane 2025 opening keynote, actor Jeremy Renner shared his thoughts on resilience, in conversation with Okta chief marketing officer Kerry Ok.
On New Year’s Day 2023, Renner was involved in a serious accident at his home in Washoe, Nevada, in which he was struck by an unmanned vehicle while trying to save his nephew from being hit by a snowplough.
Renner sustained 38 broken bones and blunt chest trauma. It was, in every sense of the word, his worst day.
Of course, the reality of traumatic injury is far removed from being on the receiving end of a cyber attack, but some of the lessons are eerily familiar, and throughout his long recovery, Renner has been thinking about resilience and what he learned from adversity.
“It paved the way for me to share a private experience publicly. There’s a humanisation that came from the experience,” said Renner. “It’s afforded me real connection, real purpose, [and] some of the best times of my life.”
Renner also discussed how his non-profit foundation, RennerVation, which supports children living in foster care and at-risk youth, has itself been targeted by cyber fraudsters using deepfakes of his likeness to cheat potential donors and supporters.
Ok said that non-profits such as RennerVation are among the most targeted organisations that Okta works with, as their slim budgets and tight focus do not afford them the same human or technological expertise when it comes to cyber security.