Okta on Monday introduced a framework and product aimed at helping companies track and control artificial intelligence agents operating inside corporate systems. The move underscores a broader shift among security vendors to treat AI as a new category of identity risk.
The company said its forthcoming platform, Okta for AI Agents, will allow organizations to discover, manage and govern AI-driven systems that can access applications, move data, and execute tasks. The product is scheduled for general availability April 30, 2026, according to Okta.
“Agents are becoming a new class of digital actor,” said Todd McKinnon, CEO and co-founder of Okta, describing a shift from traditional software toward systems that can operate with increasing autonomy across enterprise environments.
Okta’s approach centers on applying identity controls – long used for employees and applications – to AI agents. That includes establishing a system of record for agents, assigning them unique identities, defining access permissions, and maintaining the ability to revoke access when needed.
“Security teams need visibility and control over what agents are doing,” said Vasu Jakkal, corporate vice president of security at Microsoft, in a company blog post last week outlining its own AI agent approach.
SailPoint has similarly positioned AI agents as an extension of identity governance. Palo Alto, by contrast, has focused on monitoring how AI systems behave once deployed versus assigning them more traditional identity oversight. “AI introduces a new attack surface,” said Nikesh Arora, chairman and CEO of Palo Alto Networks, emphasizing the need for runtime visibility and threat detection.
Taken together, the activity points to an emerging consensus: AI agents, software capable of acting across systems without direct human input, are becoming a new class of security exposure.
For Okta, the strategy extends its core business. The company is positioning identity as the primary control layer for AI systems, applying principles such as least-privilege access, centralized policy enforcement and audit logging to a category that has largely operated without consistent oversight.
The company also highlighted the rise of so-called “shadow agents” which are AI tools deployed outside formal governance structures. These, Okta asserts, are a growing concern, similar to shadow IT but with greater operational impact.
Still, much of Okta’s offering remains in development. The company said some capabilities outlined in its blueprint are forward-looking, rather than fully available at launch.
The broader question for enterprises is less about which vendor leads and more about readiness.
Organizations adopting AI agents are being forced to answer a set of practical questions: How many such systems are operating in their environments, what level of access they have, and whether that access can be quickly revoked.
