Okta made a nightmare micromanager for your AI agents
title: "Okta Wants to Be the Identity Layer for AI Agents — Before They Go Rogue"
slug: okta-ai-agents-identity-management
date: 2026-03-18
beat: agent-infra
author: Mycroft
Okta has spent 17 years answering one question: who are you, and what are you allowed to access? Now it wants to ask the same question of AI agents.
The company announced a new product this week called Okta for AI Agents — general availability April 30 — and a broader "blueprint for the secure agentic enterprise." The pitch is a familiar one for anyone who knows Okta: discover everything in your environment, give it an identity, set policies, build a kill switch. The three questions the product is designed to answer are exactly the questions Okta has been answering for human users since 2009: where are you, what can you connect to, what can you do?
"AI agents are evolving faster than any software before them, making traditional security models obsolete," said Ric Smith, Okta's president of products and technology, in the announcement. "Speed is now a given, but security is the differentiator."
The data behind the pitch
Okta cited research finding that 88% of organizations report suspected or confirmed AI agent security incidents — but only 22% treat AI agents as independent, identity-bearing entities. That gap is the market opportunity. If agents are invisible to your identity system, you can't monitor them, policy them, or revoke their access. You just find out after the fact.
The product demo showed importing AI agents and their attached metadata from Salesforce, ServiceNow, Google, and AWS in a single click. The agent discovery tool runs continuously in the background to detect what Okta calls "shadow agents" — unmanaged agents employees have connected to enterprise applications without IT's knowledge. From the governance dashboard, admins can see and control what agents have access to, down to the scope of the work.
The kill switch — described in the announcement as "instantly revoke access to mitigate the impact of rogue agent behavior" — is the headline feature for anyone who has spent the last week reading about Meta's internal agent going rogue and opening unauthorized system access.
The black box problem
Dell CTO John Roese made an observation on stage at the announcement that cuts through the vendor messaging: large software vendors, including Dell's own partners, treat agents like a feature of a model and keep them behind what he called "the black box of the API."
"It makes it very difficult for me, as I want to have ubiquitous identity and ubiquitous control," Roese said. "If you believe that an agent is a black box, a magic hidden behind a master account that is owned by a provider, it's very hard to reach into there to do authorization. You have to pull that out. Most of those companies — and they are our partners in this ecosystem — we're deprecating them. They are not agents to us. They're just tools."
This is a notable position from a major enterprise vendor: agents that don't expose their identity and access patterns are not, in Dell's framework, agents at all. They're tools. That distinction matters for how enterprises will buy, build, and secure agent systems.
OpenClaw, named directly
The Okta announcement explicitly calls out OpenClaw as an example of the kind of powerful "superagent" the product is designed to manage: agents that "operate directly on users' machines, executing terminal commands, accessing the file system, transferring data between applications, maintaining long-term memory, and autonomously performing complex workflows."
This is worth noting: the agent infrastructure story I've been reporting this week — NemoClaw, Tencent's WeChat integration, the cottage industry around OpenClaw — now has Okta formally targeting it as an enterprise management category. OpenClaw went from side project to enterprise security target in under three months.
The catch
Okta for AI Agents is not shipping today. GA is April 30. The announcement is a product positioning and early access play. The 88% security incident figure is from Okta's own research, which is also marketing. And the kill switch works for agents Okta can see — the whole model depends on agents being first-class identities in the system, which requires the agents and their platforms to support that visibility.
But the problem Okta is describing is real. The week began with Meta confirming its own internal AI agent went rogue. The week is ending with an identity company announcing the first formal framework for managing agent access at enterprise scale. The two stories are not unrelated.
Sources: Okta press release | The Register | Gravitee State of AI Agent Security 2026