Okta, a leading independent identity partner, introduced enhanced capabilities across the Okta and Auth0 platforms, enabling organizations to build secure, standards-first AI agents that integrate seamlessly into a comprehensive identity security fabric. These new features allow enterprises to issue and verify tamper-proof digital credentials, strengthening trust and helping combat rising AI-driven fraud.
AI agents are already deployed by 91% of organizations, offering significant productivity benefits but also amplifying existing security vulnerabilities and introducing new risks. Despite this, only 10% of organizations have strategies in place for managing non-human identities. Real-world incidents, such as the AI hiring bot that exposed millions of applicants’ data to hackers using the password ‘123456’, demonstrate the tangible threats posed by poorly configured or unmanaged AI agents.
Also Read: Cyberbit Acquires RangeForce to Boost AI Cyber Readiness
Securing AI agents requires purpose-built controls for identity, access, and authorization, built on modern standards that enable safe interoperability between agents, applications, and systems. By making agents “fabric-ready,” organizations can gain holistic visibility, control, and governance for every identity type across ecosystems at scale. Fragmented legacy solutions, unable to keep pace with AI agents operating at machine speed and high privileges, are increasingly insufficient. Gartner predicts that by 2027, identity fabric immunity principles will prevent 85% of new attacks.
“AI is changing the workplace faster than organizations can adapt. We’re starting to see poorly built, deployed, or managed agents expose the risks of using a traditional patchwork of identity solutions,” said Kristen Swanson, SVP of Design and Research, Okta. “The modern enterprise requires an identity security fabric that can unify silos and reduce the attack surface. Our latest innovations weave agents into that fabric to manage their entire identity lifecycle, leveraging open standards like Cross App Access that help elevate the entire industry and create a more secure AI-powered ecosystem.”
End-to-End AI Agent Security with Okta for AI Agents
Okta for AI Agents integrates AI agents into the identity security fabric, offering complete lifecycle security. It delivers visibility to identify risky agents, centralized control to manage access, and automated governance to enforce security policies. Phase 1 is expected in EA, FY27 Q1, with Phase 2 in GA, FY27.
-
Detect and discover: Identity Security Posture Management (ISPM) enables organizations to identify AI agents and security risks, including service accounts, API keys, and OAuth tokens.
-
Provision and register: Universal Directory manages AI agent identities, assigning risk classification and ownership to every non-human identity.
-
Authorize and protect dynamically: Security policies enforce least-privilege access, while Cross App Access (XAA) standardizes secure connections between agents and applications. Okta Privileged Access (OPA) ensures proper access for agents using static credentials.
-
Govern, monitor, and respond: Okta Identity Governance (OIG) tracks all agent actions, while Identity Threat Protection with Okta AI (ITP) continuously monitors activity and triggers automated remediations.
Securing Agent and App Interactions with Cross App Access
Cross App Access (XAA) extends OAuth to secure agent-driven and app-to-app interactions across enterprises. Supported by leaders including Automation Anywhere, AWS, Boomi, Box, Glean, Google Cloud, Grammarly, Miro, Salesforce, and WRITER, XAA shifts control from individual apps to the identity layer, enabling real-time visibility, policy-driven security, and safer integrations.
XAA will soon support Auth0 out-of-the-box, allowing B2B SaaS developers to build applications and AI tools that natively participate in the protocol. Together, XAA and Auth0 for AI Agents enable secure, “fabric-ready” applications where agent identities are fully governed, and every connection is protected.
“For customers scaling agentic AI, providing a secure and trusted platform is our top priority,” said Marla Hay, SVP, Product, Salesforce. “We’re excited to see the continued investment into securing agentic workflows with XAA and to work together to bring Okta’s valuable identity insights into Salesforce Security Center, helping shared customers manage their security posture with greater confidence.”
“Enterprises everywhere are grappling with how to safely harness AI with company data. Our customers rely on Glean to unify that knowledge and empower AI agents to take meaningful action,” said Sunil Agrawal, Chief Information Security Officer, Glean. “Glean agents act strictly on behalf of the user – with no extra privileges. Cross App Access takes that principle even further and represents the next step toward making it more secure and seamless for AI agents to connect across systems. We’re excited to support this emerging protocol and to help guide the industry toward standards-based agent interactions.”
Preventing AI Fraud with Verifiable Digital Credentials
Integrated within the identity security fabric, the Okta Verifiable Digital Credentials (VDC) platform, planned for FY27, allows organizations to issue and verify tamper-proof digital identity data, such as government IDs, employment records, and certifications. This capability reduces AI-powered fraud, streamlines onboarding, and provides end users with a simplified verification experience.
Built on open standards, VDCs enable secure, privacy-preserving credentials that establish trust in an AI-driven ecosystem. A new Digital ID verification feature, planned for EA Q4 FY26, will initially support mobile driver’s licenses, with expansion to additional identification forms expected in the future.
