Okta, Inc. has introduced new capabilities across its Okta and Auth0 platforms, designed to help organisations build secure, standards-compliant AI agents.
The enhancements allow AI systems to be seamlessly integrated into an organisation’s identity security framework, supporting end-to-end lifecycle management.
In addition, the update enables organisations to issue and verify tamper-proof digital credentials, strengthening trust and addressing the growing threat of AI-powered fraud.
AI Agents Boost Productivity but Pose Growing Security Risks
AI agents are rapidly becoming mainstream, with 91% of organisations already deploying them, promising significant productivity gains. However, experts caution that these tools also amplify existing security gaps and create entirely new risks.
Despite the widespread adoption, AI governance is lagging: only 10% of organisations currently have a strategy for managing non-human identities.
The risks are tangible, as demonstrated by a recent incident in which an AI hiring bot exposed millions of applicants’ data to hackers, who attempted access using the common password “123456.”
Security specialists emphasise that AI agents must be “secure by design,” with dedicated controls for identity, access, and authorisation.
When built on next-generation standards, these agents can integrate into an identity security fabric, providing holistic visibility, control, and governance for all identities across an organization’s ecosystem.
As AI agents operate at machine speed with high privileges and short lifecycles—and as AI-driven deepfakes increasingly blur the line between legitimate users and imposters—traditional, fragmented security architectures are proving inadequate.
According to Gartner, by the year 2027, widespread adoption of identity fabric principles could play a critical role in cybersecurity, potentially preventing as much as 85% of new attacks before they even occur.
“AI is changing the workplace faster than organisations can adapt. We’re starting to see poorly built, deployed, or managed agents expose the risks of using a traditional patchwork of identity solutions,” said Kristen Swanson, SVP of Design and Research, Okta.
“The modern enterprise requires an identity security fabric that can unify silos and reduce the attack surface,” said Swanson
“Our latest innovations weave agents into that fabric to manage their entire identity lifecycle, leveraging open standards like Cross App Access that help elevate the entire industry and create a more secure AI-powered ecosystem.” she said.
End-to-End Security for the AI Agent Lifecycle with Okta for AI Agents
Okta for AI Agents seamlessly integrates AI agents into the identity security fabric for end-to-end security.
It provides visibility to discover and identify risky agents, centralised control to manage their access, and automated governance to enforce security policies and manage their entire identity lifecycle. Planned to be available with Phase 1 in EA, FY27 Q1 and Phase 2 in GA, FY27.
- Detect and discover: With Identity Security Posture Management (ISPM), organisations can discover AI agents and identify potential security risks with service accounts, API keys, and OAuth tokens.
- Provision and register: Universal Directory helps establish and manage AI agent identities, attributing risk classification and ownership to every non-human identity.
- Authorise and protect dynamically: Enforce security policies to apply the principle of least privilege, providing AI agents with the access they need only for the time they need it.
Cross App Access (XAA), a new open protocol, standardizes how AI agents and applications connect securely, while Okta Privileged Access (OPA) will enforce security policies to provide the right level of access for agents that use static credentials like service accounts or API keys. - Govern, monitor, and respond: Okta Identity Governance (OIG) provides comprehensive audit trails and activity logging for all agent actions and decisions.
Identity Threat Protection with Okta AI (ITP) continuously monitors user activity and employs behavioral analytics to identify anomalous behavior and trigger automated remediations to maintain security posture throughout active sessions.

Securing Agent & App Interactions With Cross App Access
Cross App Access (XAA) extends OAuth to secure agent-driven and app-to-app interactions across the enterprise.
With support from industry leaders like Automation Anywhere, AWS, Boomi, Box, Glean, Grammarly, Miro, and WRITER, XAA shifts control from individual applications to the identity layer, enabling real-time visibility, policy-driven security, and safer integrations.
XAA will soon be available with out-of-the-box support in Auth0, enabling B2B SaaS developers to build applications and AI tools that can natively participate in the protocol.
It also complements Auth0 for AI Agents to simplify how developers embed identity-first security into AI-driven applications.
Together, XAA and Auth0 for AI Agents make it easier to deliver secure, “fabric-ready” applications, where each agent identity is governed and every connection is protected — at scale and with minimal developer effort.
For enterprises, XAA is now available within the Okta Platform in EA, enabling customers to experience it and benefit from the below as more organisations adopt the protocol:
- Centralised policy-based access management: IT and security teams control what data apps or agents can access, allowing for consistent enforcement and real-time visibility.
- Enhanced security and auditability: Unauthorized requests can be audited or blocked. This reduces hidden connections and blind trust while providing the ability to immediately revoke access in case of an incident.
- Reduced user friction: By pre-approving agent-to-app or app-to-app connections, XAA reduces the number of consent prompts a user encounters, leading to a more seamless experience.
“Enterprises everywhere are grappling with how to safely harness AI with company data. Our customers rely on Glean to unify that knowledge and empower AI agents to take meaningful action,” said Sunil Agrawal, Chief Information Security Officer, Glean.
“Glean agents act strictly on behalf of the user – with no extra privileges. Cross App Access takes that principle even further and represents the next step toward making it more secure and seamless for AI agents to connect across systems.
“We’re excited to support this emerging protocol and to help guide the industry toward standards-based agent interactions.” Agrawal said.
Preventing AI Fraud with Verifiable Digital Credentials
Woven into the identity security fabric, the Okta Verifiable Digital Credentials (VDC) platform, planned to be available in FY27, enables organizations to issue and verify tamper-proof, reusable identity data – like government IDs, employment records, or certifications.
It reduces AI-powered fraud and friction during onboarding by providing a way for people to digitally prove their identity and eligibility.
End users will also gain a simplified, streamlined experience when interacting with consumer apps and websites, eliminating tedious manual verification.
Built on open standards for maximum control and future interoperability, VDCs will help establish trust in a world of AI agents, enabling secure, privacy-preserving credentials that help prove who someone is, what they’ve done, or what they’re allowed to do.
Beginning with a new Digital ID verification feature, planned to be available in EA Q4 FY26, businesses will be able to natively verify government-issued IDs, initially supporting mobile driver’s licenses with plans to expand to more forms of identification in the future.
