SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Story 301609
#
Robots
#
Data Protection
#
SIEM

Okta unveils blueprint to lock down AI agents at work

Mon, 16th Mar 2026
Author image
By Sofiah Nichole Salivio, News Editor

Okta has published a security blueprint for organisations deploying AI agents in the workplace, along with a product suite designed to bring discovery, access control, and rapid revocation into a single identity framework.

Okta positions the approach as a response to growing concern that AI agents can act beyond user intent, including connecting to corporate applications without oversight, deleting data, and disclosing confidential information. The blueprint centres on three questions security teams face as agents become more common: where agents are operating, what systems they can connect to, and what actions they can perform.

Okta for AI Agents, the product line aligned with the blueprint, is scheduled for general availability on 30 April 2026. It includes tools to register AI agents as non-human identities, manage credentials and tokens, and use logs and logout controls to cut off access when behaviour appears risky.

Agents and identity

AI agents differ from conventional user accounts and service identities because they can operate autonomously and trigger workflows across multiple systems. Some can run commands on user machines, interact with file systems, and pass data between applications. They may also run as short-lived, "ephemeral" agents created for specific tasks. These patterns complicate standard identity and access management, which has historically assumed predictable, human-led behaviour.

Okta cited research suggesting many organisations suspect or have confirmed AI-agent security incidents, while fewer treat agents as identity-bearing entities in their security model. The blueprint argues for giving agents explicit identities so their activity can be tracked, governed, and revoked with the same discipline applied to employees and contractors.

Discovery and registration

A central element of the plan is discovering both sanctioned and unsanctioned agents. Organisations may approve certain agent platforms through IT, while employees can also connect tools independently, creating "shadow" deployments that security teams may not know about.

Okta's approach uses a universal directory model that treats AI agents as first-class, non-human identities. The directory is designed to provide a searchable inventory and lifecycle management, from onboarding to decommissioning. It is also positioned as the place to assign clear human ownership for each agent-an increasingly important requirement when autonomous systems act on behalf of staff.

Okta is also extending its Okta Integration Network, which already includes more than 8,200 integrations, with support for AI agent platforms including Boomi, DataRobot, and Google Vertex AI. The integrations are intended to help teams import agents and register them under governance controls.

The company also plans to offer automated detection when employees connect AI agents to enterprise applications. The tooling is intended to show what permissions an agent has been granted and how broadly systems could be affected if an agent account is compromised or behaves unexpectedly.

Controlling connections

The second theme is centralised control over the resources agents can access, including applications, APIs, and databases. The blueprint frames this as a token-and-policy challenge, where each interaction needs to be evaluated and logged.

Okta for AI Agents includes an Agent Gateway, described as a control plane for securing agent access to resources. It supports a virtual MCP server model and uses an MCP registry concept to organise the tools agents can use. Okta also plans to record interactions between agents and resources for audit and observability.

Privileged Credential Management is another planned element. Okta plans to vault and rotate agent credentials to reduce exposure of secrets in plain text and in logs. API Access Management is also part of the offering, using an authorisation server to enforce least-privilege access based on identity, context, and risk signals.

Revocation and audit

The third part of the blueprint focuses on stopping agent actions quickly and reviewing what happened. Okta is introducing Universal Logout for AI Agents, intended to revoke access tokens across systems if an agent deviates from expected behaviour or accesses sensitive data unexpectedly.

Okta is also positioning governance workflows for agents, including certification and access reviews. These are designed to cover agents acting on behalf of users and to maintain records of permissions, ownership, and audit trails. System logs are intended to capture tool calls, authorisation decisions, and access attempts, with support for forwarding data to security information and event management platforms.

Partners referenced in the launch are linking their agent platforms with Okta's identity controls. "Securing the agentic enterprise will require industry-wide collaboration," said Carl Siva, Chief Information Security Officer at Boomi. "By combining Boomi's expertise in agentic connectivity and modern integration with Okta's identity leadership, we are delivering a unified security and governance layer that helps organizations harden their security posture while maintaining auditable visibility into every agent's actions. Together, Boomi's Agentstudio and Agent Control Tower with Okta for AI Agents enable teams to build and deploy agents faster-without compromising governed security controls."

DataRobot also highlighted identity as a prerequisite for scaling agent deployments.

"If an AI agent has the power to act, it must have an identity. DataRobot has always been built for the enterprise that can't afford to get AI wrong," said Venky Veeraraghavan, Chief Product Officer at DataRobot. "This integration brings together the DataRobot Agent Workforce Platform and Okta for AI Agents, allowing our customers to build an agentic workforce with the rigorous identity standards that Okta is known for, and the confidence to scale from the lab to the front lines."

Okta for AI Agents is scheduled to reach general availability on 30 April 2026. The blueprint is intended to help organisations assess their exposure to agent deployments and map required controls across discovery, access, and rapid shutdown.

Related stories
BlackBox Hosting partners Everpure for sovereign cloud
Vodafone & Google Cloud launch AI & security tools
Locai Labs deploys AI coding assistant at First Light Fusion
Infosecurity Europe adds AI summit amid cyber defence shift
ISACA launches AI risk certification amid governance gap

Top stories

Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Black Box Automation vs. Engineer Control: The partnership redefining Kubernetes FinOps
Automotive microcontroller market set to hit USD $15.1bn