Okta Wants to Be the One That Pulls the Plug on Your Rogue AI Agents
Enterprises are deploying AI agents at pace. Securing them is a different story entirely.
Okta's own research puts the scale of the problem in blunt terms: 92 percent of executives report moderate or widespread use of autonomous AI agents inside their organisations, yet only 22 percent have actually tied identities to those agents. The agents are running. Nobody knows who they are.
"That is a real problem," said Okta president and COO Eric Kelleher on the company's latest earnings call. "It's a measurable, quantifiable exposure customers have right now within their companies."
CEO Todd McKinnon was more specific about what customers are actually asking for. When ServiceNow came to Okta, he said, the conversation kept coming back to one thing: a kill switch.
"When agents go awry and aren't following policy, how do you shut them down?" McKinnon told investors. "The one thing we do really well is the ability to sever the connections, the access tokens, the actual logical connection at the authorization layer to the backend resources."
ServiceNow, for its part, is careful to explain how the pieces fit together. A spokesperson told us that Okta handles token revocation at the identity layer, while Veza, the permissions-mapping company ServiceNow acquired earlier this year, provides visibility across human, machine, and AI identities at scale. The orchestration sits in ServiceNow's AI Control Tower, which monitors agent behaviour and fires off remediation actions when something falls outside policy. So there are multiple kill switches depending on which layer you are looking at.
McKinnon spent the past six months visiting around 75 of Okta's top 100 accounts in person. The picture he found was consistent: agents everywhere, governance almost nowhere. His example was pointed. A development team using Claude Code with static tokens sitting in a local developer box, connected to GitHub and Jira, with nobody keeping track. Technically using agents. Technically a mess.
Okta's response is to extend the identity model it already applies to employees and customers outward to cover agents. The pitch is straightforward: a directory of agents, a record of what each one is authorised to touch, and a policy layer sitting between the agents and backend systems. For large enterprises running thousands of applications, McKinnon argues that rewiring everything to accommodate agents individually is not realistic. An authorisation wrapper around the agents themselves is more practical.
Microsoft is making the same argument with Entra. Agents authenticate against Entra ID using client credentials, get assigned identities, and are subject to Conditional Access policies. Microsoft says Entra can also disable entire classes of agents in a single operation. So the category is getting crowded fast.
Okta's two dedicated products here, Okta for AI Agents and Auth0 for AI Agents, are not yet moving the revenue needle in any meaningful way. McKinnon was candid about that. But the company is clearly betting the market is about to get serious.
"It's going to be big. We're pouring a lot of R&D effort into this. The interest is super high and unlike anything we've ever seen," he said.
Partnerships are stacking up. Okta worked with Salesforce last year, and this month added an integration with Amazon Bedrock AgentCore, AWS's managed AI service, covering identity governance, lifecycle management, and agent deactivation. McKinnon's read on the industry direction is that customers want the identity and connectivity layer to be vendor-neutral, giving them flexibility across whichever AI platforms they end up running.
"I think there's going to be way more working together than people think," he said.
Whether that cooperative framing survives contact with actual market competition remains to be seen. But the underlying point stands: someone has to own the off switch, and right now almost nobody does.