TLDR: Okta has launched a new identity security fabric solution, including ‘Okta for AI Agents’ and the ‘Cross App Access’ protocol, designed to address the escalating security challenges posed by the widespread deployment of AI agents within enterprises. The initiative aims to provide comprehensive lifecycle management, centralized control, and verifiable digital credentials for both human and non-human identities, combating AI-powered fraud and unmanaged AI agent risks.
Okta, a global leader in identity and access management (IAM), has introduced a groundbreaking identity security fabric solution aimed at securing the rapidly expanding landscape of AI agents within enterprises. The announcement, made in late September and early October 2025, highlights Okta’s commitment to addressing the critical security gaps and new classes of risk emerging from the accelerated adoption of artificial intelligence.
The core of this innovation is an identity security fabric that offers end-to-end lifecycle management for both human and non-human identities. This is a timely development, as a staggering 91% of organizations are already deploying AI agents, yet only 10% have established comprehensive governance strategies to manage these non-human entities.
Kristen Swanson, SVP of Design and Research at Okta, emphasized the urgency of this shift, stating, “AI is changing the workplace faster than organizations can adapt. We’re starting to see poorly built, deployed, or managed agents expose the risks of using a traditional patchwork of identity solutions.” She added, “Our latest innovations weave agents into a unified identity fabric, reducing the attack surface while elevating industry standards for secure AI ecosystems.”
Key components of Okta’s new offering include:
Okta for AI Agents: This platform provides crucial visibility, centralized control, and automated governance specifically tailored for AI agent identities. It integrates AI agents into the identity security fabric for holistic security.
Cross App Access (XAA): A new open protocol designed to secure agent-to-app and app-to-app interactions. Industry giants such as Salesforce, Google Cloud, Grammarly, and Glean are reportedly backing XAA, signaling a move towards standardized, secure interoperability. Sunil Agrawal of Glean noted, “Cross App Access sets a new benchmark for agent security.”
Verifiable Digital Credentials (VDC): Okta plans to enable organizations to natively issue and verify tamper-proof digital credentials. This feature is crucial for establishing trust in a digital environment increasingly susceptible to AI-driven deepfakes and impersonation.
David Bradbury, Chief Security Officer of Okta, highlighted the importance of a ‘zero-trust’ approach for AI agents. “When you think about the three different key features of zero trust, the fact that you need a secure identity, you want to be able to implement least privilege, you want to be able to continuously monitor what they’re doing, all three of those elements apply equally to all of those identity types,” Bradbury explained. He also warned about the challenge of ‘token proliferation,’ where numerous agents demand access to various applications, creating potential security vulnerabilities.
The need for such a robust solution is underscored by real-world incidents, such as an AI hiring bot exposing millions of applicants’ data due to a weak password. Gartner predicts that by 2027, identity fabric immunity principles will prevent 85% of new cyberattacks, reinforcing the strategic importance of Okta’s new direction.
Okta has also partnered with Accenture PLC to deliver its identity-management services to clients, acknowledging the new problems AI agents pose to enterprise security. Damon McDougald, global cyber protection lead at Accenture, noted a 16% increase in Common Vulnerabilities and Exposures as AI technologies spread.
Jenna Cline, Senior Vice President of Business Technology at Okta, emphasized the company’s design-first approach to creating a unified, user-experience-centric identity security fabric. Okta itself has leveraged AI to automate governance campaigns and detect risks, demonstrating an internal commitment to the principles it advocates.
Also Read:
- The Growing Imperative for Digital Identity in the Age of AI Agents
- 1Password Introduces Secure Agentic Autofill to Fortify AI Browser Agent Security
By embedding identity security, access control, and authorization directly into AI systems, Okta aims to ensure compliance, scalability, and resilience, positioning itself as a critical enabler of trust in the evolving era of enterprise AI.
