Okta unveils new platform capabilities to secure AI agents

Okta has announced major updates to its Okta Platform and Auth0 Platform, designed to help enterprises securely build and manage AI agents. The new capabilities weave agents into an identity security fabric for end-to-end lifecycle governance while introducing verifiable digital credentials to address rising concerns around AI-powered fraud.

AI agents are already in use by more than 90 per cent of organisations, but governance has not kept pace. Only one in ten organisations currently has a strategy for managing non-human identities, leaving significant gaps in oversight. Real-world incidents, including misconfigured bots exposing sensitive data, highlight the urgency of securing AI agents by design with purpose-built identity, access and authorisation controls.

Securing the AI agent lifecycle

Okta for AI Agents brings end-to-end security to agent adoption. Through Identity Security Posture Management, organisations can discover and assess agents using service accounts, API keys or OAuth tokens. Universal Directory helps establish and manage agent identities, while Okta Privileged Access enforces policies to limit privileges to only what is needed.

Governance and monitoring are supported by Okta Identity Governance, which provides audit trails and activity logging, and by Okta’s threat protection tools, which use behavioural analytics to detect anomalies and trigger automated remediation. Together, these measures deliver continuous visibility and control over every stage of an agent’s lifecycle.

Cross App Access: securing agent-to-app interactions

A key innovation is Cross App Access (XAA), a new open protocol that extends OAuth to secure interactions between agents and applications across hybrid environments. XAA shifts access control from individual apps to the identity layer, providing centralised policy enforcement, real-time visibility and reduced user friction.

Industry partners including Automation Anywhere, AWS, Boomi, Box, Glean, Google Cloud, Grammarly, Miro, Salesforce and Writer have pledged support for the protocol. With out-of-the-box integration in Auth0, SaaS developers will be able to embed identity-first security into AI-driven applications with minimal effort.

Marla Hay, SVP, Product, Salesforce, said the collaboration brings value to shared customers. “As our customers scale their use of agentic AI, providing a secure and trusted platform is our top priority. We’re excited to see the continued investment into securing agentic workflows with XAA and to bring Okta’s valuable identity insights into the Salesforce Security Centre.”

Sunil Agrawal, Chief Information Security Officer, Glean, noted the importance of standards-based controls. “Our customers rely on Glean to unify knowledge and empower AI agents to act on behalf of users. Cross App Access takes that principle further, making agent connections across systems more secure and seamless,” he said.

Preventing fraud with verifiable digital credentials

Alongside agent lifecycle controls, Okta is introducing Verifiable Digital Credentials (VDC), a platform for issuing and verifying tamper-proof identity data such as government IDs, employment records or certifications. Built on open standards, VDCs will enable privacy-preserving, reusable credentials that reduce fraud and improve onboarding experiences.

The rollout begins with a Digital ID verification feature, expected in early access in FY26, starting with mobile driver’s licences and expanding to other forms of identification. VDCs are planned for general availability in FY27.

Industry outlook

Kristen Swanson, SVP of Design and Research, Okta, framed the announcement in the context of fast-moving AI adoption. “AI is changing the workplace faster than organisations can adapt. Poorly built or managed agents expose risks in traditional patchwork identity solutions. The modern enterprise requires an identity security fabric that unifies silos and reduces the attack surface,” she said.

By 2027, Gartner predicts that identity fabric immunity principles will prevent 85 per cent of new attacks. Okta’s latest capabilities align with that outlook, offering enterprises a way to embed governance, trust and interoperability into AI-driven systems at scale.