Ahead of the official opening of identity specialist Okta’s annual Oktane customer conference in Las Vegas, Nevada, the cyber security supplier shared a preview of how it aims to help users secure non-human identities (NHIs) such as AI agents, as the security sector faces up to a looming gap in technological capabilities through which threat actors are likely already wriggling.
Okta will flesh out this vision over the coming days, but speaking to reporters ahead of the planned announcements, the firm’s president and chief operating officer Eric Kelleher said this gap is informing Okta’s response as it moves through a new stage in its lifecycle.
Having weathered the transition of identity from on-premise environments to cloud-based ones, and a redefining of the fundamental concept of identity from a functional enabler to a security enabler, the advent of vast numbers of agentic NHIs is forcing a third wave of change.
Kelleher said that deployment of AI agents among users is running way ahead of the cyber sector’s response. He cited a recent Okta-commissioned report, AI at work 2025, that demonstrated this gap; the poll of 260 decision-makers in nine countries found that although 91% of organisations had deployed agentic AI, a mere 10% were backing this up with appropriate governance.
“Companies have a massive exposure right now in that agents are getting from prototype to production without proper governance to make sure that the agentic identity is properly managed, that it’s in a directory, that it’s authenticated when it needs to be, that it’s authorised when it needs to be, and that there’s proper governance in place,” said Kelleher.
Ben King, Okta vice president of security, trust and culture, said: “AI is a great enabling function. There’s a lot of excitement and there’s a lot of fear or concern. Every good CTO will be thinking about security as they think about the possibilities of AI. Likewise every good CSO should be thinking enabling business innovation, and how we use these tools, because we’re not just here to shut things down.
“I think about security in terms of gaining visibility of what’s out there. We can’t secure things if we don’t have visibility,” said King.
“That works well in a traditional model [but] where it’s starting to fray is the sheer size and scale and scope of AI use cases, and the pace of change. There’s work to be done in the world of security to stay on top of this.”
Back it up
Meanwhile, also ahead of the official opening keynote, featuring an appearance from actor Jeremy Renner, Rubrik launched a new backup and data protection service for Okta users, wrapping its identity recovery capabilities around Okta’s tech.
Rubrik Okta Recovery will offer automated, immutable backups and in-place, granular recovery for critical Okta objects and metadata – with the effect being to help users recover quicker from any disruptions.
“While organisations are consolidating their identity systems, many are still operating in complex hybrid and multi-IdP environments that create new blind spots when it comes to complete cyber resilience,” said Anneka Gupta, Rubrik’s chief product officer.
“By protecting the critical configurations and dependencies within Okta, we are empowering our customers to defend identity and data, recover quickly, and build lasting resilience in one simple, yet powerful solution.”
Rubrik said the development means it now offers such a service to cover all three of the major identity providers – Active Directory and Entra ID being the others – and claimed it is the only organisation with a solution capable of this.
