AI Security, Cyber Risk, and Cloud Strategy on ClearTech Loop

Okta’s AI Blueprint: Moving AI Agents from Shadow to Governed

ClearTech Research / Jo Peterson Season 3 Episode 4

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 14:14

AI agents are becoming part of the enterprise workforce, but many organizations still do not know where those agents are, what they can access, or what they are allowed to do. 

In this ClearTech Loop Special Edition sponsored by Okta, Jo Peterson speaks with Matthew Hansen, Regional Chief Security Officer and Head of Customer Audit at Okta, about the identity challenge behind agentic AI. 

They discuss Okta’s AI Blueprint, Okta for AI Agents, and why enterprises need to treat AI agents as first-class, non-human identities with clear ownership, lifecycle management, runtime enforcement, and a way to revoke access fast when something goes wrong. 

EPISODE DESCRIPTION: 
Agentic AI is creating a new security problem: identity sprawl. 

AI agents can connect to systems, access data, trigger workflows, and act on behalf of users. But if organizations cannot see those agents, govern their access, or understand what they are doing, productivity gains can quickly turn into security risk. 

In this episode, Jo Peterson talks with Matthew Hansen from Okta about how organizations can move from Shadow AI and unmanaged agent activity toward verified, governed AI environments. 

The conversation covers: 

  • Why every AI agent needs an identity 
  • How Shadow AI extends beyond employee chatbot use 
  • The three questions organizations need to answer: where agents are, what they connect to, and what they can do 
  • Why static credentials and broad permissions create risk 
  • How runtime enforcement and human-in-the-loop controls help govern agent behavior 
  • Why an AI kill switch may become a critical backstop for enterprise AI 

This ClearTech Loop Special Edition is sponsored by Okta. 

Learn more about Okta for AI Agents platform: https://bit.ly/4dZ5FkU 

🎧 Listen: In Buzzsprout Player
Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
📰 Subscribe to the Newsletter:
https://www.linkedin.com/newsletters/7346174860760416256/  

Jo Peterson:

Hey everyone. Thank you so much for joining. I'm Joe Peterson. I'm the CIO of Clarify360 and the Chief Analyst for ClearTech Research. And I'm here today talking one of my favorite subjects, agentic AI security. I'm with Mr. Matthew Hanson, Okta's Chief Regional Chief Security Officer and head of customer audit. Hi, Matthew.

Matthew Hansen:

Good morning.

Jo Peterson:

Are you as fired up about talking about agentic AI security as I am today?

Matthew Hansen:

I live, breathe, and sleep it every every day, so I feel like I can't say no to that question.

Jo Peterson:

You can't say no. All right, normally we're a three question format, so we're hot and fast on the question, so

here we go. First one:

identity controls turn AI from a hidden liability into a primary business enabler. What are the business outcomes that Okta is helping organizations drive with its identity layer for AI solutions?

Matthew Hansen:

Yeah, it's a good question, and I think you know innovation right now is moving so fast, and it feels like it's changing, but when business units are deploying these autonomous agentic workflows, they're really focusing on entirely on velocity, but for the security leadership side, the workflows really represent the unmapped blast radiuses and complex data exposures, traditional non-human identities outnumbered human users 100 to one in the modern enterprise today, and what we're seeing is actually developers are often defaulting to assigning long-lived API tokens or even stack service accounts with full admin privileges to really avoid those workflow interruptions, and I think for us, this is really it's calling out a critical risk that if an AI agent falls victim to any sort of indirect prompt injection or execution of manipulation via external unstructured data, the attacker inherit inherits those broad and permanent standing permissions, and it's leading to the really the large scale data data exfiltration of intellectual property, even PII and HR data, in some cases, but Octofreya agents is really bringing these workflows into that core enterprise identity fabric and turning those risks into secure business outcomes, and really, I think it breaks down to a few key areas to focus on here, and one of our biggest concerns right now is mitigating sort of the non-human attack surfaces through least privileged and time bound access, so AI agents inherently required deep data access to be operationally useful, turning them really into highly privileged nonhuman identities. But rather than allowing this access to remain static through the process, we've been focusing on the big picture here by integrating the AI agent lifecycle directly into our core identity layer. Okta is actually driving secure business productivity by automatically registering that agent, agents access, and the security teams and can enforce their policies and dynamically issue short-lived ephemeral and tightly scoped tokens instead of the static credentials. So ultimately it's shrinking the threat surface and ensuring that access is validated at the execution, not just at the configuration level, but the business is still getting its data-driven insights without leaving standing admin privileges exposed in the process. The other area of business alignment that we see right now is centralized control and unified compliance reporting. A lot of customers that I speak with, we see these fragmented AI deployments that create these siloed disconnected visibility paths across an organization's architecture, but instead of instead security teams are chasing the disjointed audit logs across isolated those isolated AI vendor silos. Okta actually is aggregating all agent actions into our Okta admin console, and essentially by viewing those agent-specific events directly in the system logs, we can deliver that localized and predictable compliance reporting for auditors, and again, really turning compliance from that frictional bottleneck that we so often see into that standardized automated routine, and then lastly is the platform neutrality, and probably, and probably the biggest one is interoperability, businesses should not be boxed into a single AI ecosystem, and really, through some major strategic partnerships, such as Okta's deep integrations with Google Gemini platform, Okta is allowing organizations to safely deploy agents, various platforms, while still enforcing that single consistent identity architecture.

Jo Peterson:

I love it, because you're prompting organizations to consider where their agents are, what they connect to, and what they can do, and those are bigger things than just security. They're really strategic and integral organizational considerations that are both technical and non-technical. So, how is Octos work in educating the market, making a difference with the organizations you are talking to.

Matthew Hansen:

Yeah, I think that educational shift that Okta has introduced, it's really not just conceptual anymore, it's been really operationalized into our Okta AI blueprint tool, and really what this framework for us is really reframing how organizations transition from blocking shadow. AI to even actively managing it by evaluating that security architecture across three explicit layers, so much as what you just discussed in the discovery layer, operations or organizations are frequently suffering from that visibility deficit. Our research actually shows that while 90% of executives are actually confident in their AI visibility, 52% of the employees actually are using unapproved AI tools, and even 39% have actually pasted confidential company documents into them. So that Okta blueprint is really meant to educate teams to move past that simple chat bot policy and look at the identity driven discovery vectors as part of this. So, integrating directly with your SaaS agentic platforms to map out those hidden agent builders, even leveraging the browser-based signaling to analyze real-time OAuth grants. This really brings unmanaged agents out of the application shadows and registers them directly in Okta's centralized universal directory. But I'll add some context here, because AI agents can be spun up seamlessly by developers, individual and individual departments, but Shadow AI extends so much further beyond the simple web tools. It's including rogue background agents connected to all corporate systems. If an identity, if identity team can't map these integrations, they cannot secure them, which essentially leaves an open endpoint that could leak internal messages, emails, or even intellectual property. But once an agent is discovered, we first, we then must look at its reach. So we're seeing AI agents routinely leverage MCP servers to hook into critical SaaS applications, establish those agent to agent connections, or even inherent broad service accounts. Our approach is really changing that game by training organizations to map out these exact interdependencies and really strip out the insecure shortcuts and transition to securely vaulted automated rotated credentials, and then finally in the enforcement layer, so what can the agents do? This is where the AI blueprint really, really helps us simulate attack scenarios and design of defenses rather than relying on the AI model itself, to just be good, Okta is enforcing that external identity-driven guardrail directly at the enforcement layer, really before an agent's request even hits the back-end resource, and I'll add some context there just to explain. So, when an AI agent operates, they're operating in a non-deterministic fashion, meaning that they can adapt dynamically to changing user prompts or the environments, rather than following that rigid linear code path, and traditional static access controls now have become insufficient, because an AI agent action that was once safe in one context may actually become highly destructive in another, so when that prompt injection attack tricks an agent into modifying any sort of financial data or system configurations, the reputational fallout for an organization could be unbelievably detrimental. And then the final key three takeaways that I have on here on actually how this is mitigated in the first, in the first part, first is agent gateway level policy control, that is where we really mitigate the risk of the hijacked agent sessions by routing all that AI AI interaction through that enforcement checkpoint, and so instead of relying on the static and hard-coded credentials that are stored within the AI infrastructure, the gateway actually delegates real-time authentication and authorization checks back to Okta. So this is ensuring that essentially every API call or cross-domain action is being triggered by an agent, it has some sort of dynamically validated process against those live user permissions, and the context aware security policies before the execution. The second here is probably the next most important one is the human in the loop guardrails. We talk about this quite often, honestly, and it's ultimately designed to stop the AI actions that are that require that human sign off for any sort of high-risk operations, because the AI agents work independently in the background, they really need an out of band way to get that human's permission through secure protocols. We can actually enable that agent's backend code to directly tell Okta to send that authentication request, like a push notification, to a supervisor's device. The agent still remains in that non-privileged state, safely paused until that human hits the approve button, and then the finally, the probably the biggest and most important one is the AI kill switch, which ultimately gives any organization that immediate trigger to issue a global token revocation inside of Okta, instantly halting all system-wide access for that compromised agent at machine speed. This is going to be the paramount backstop for any organization that rolls out agenda capabilities in the organization

Jo Peterson:

that is so good, and you know, makes my little security heart sing, but you nailed it. In true Shadow AI has become the organizational hot potato, right? It really has, and so the security folks are standing with you, and they get it, but if you had to explain to a non-technical executive why it's really important for business leaders to understand how. Um, how much AI security, agent AI security matters to the organization? What would you say to them?

Matthew Hansen:

First and foremost, organizations must treat AI agents as first-class identities, and really, because treating an autonomous agent like a basic script or even a static service account, it is one of the more critical security design flaws that an organization can make today, and traditionally service accounts assume that predictable, hard-coded path, but the AI agents, agents by definition, are probabilistic, so that they meet, that means they operate with autonomy, they maintain state across sessions, and even dynamically select their own tools, but because that boundary between processing instructions and ingesting data really collapses with the large language model. Any data that an agent reads can silently become that new command, and so by asserting that every AI agent must be registered as distinct governed identities within Okta, we introduce that structural accountability across the entire enterprise lifecycle through that verifiable human ownership process. So, when an agent is, when an agent is registered in Okta, this is essentially fundamentally tied back to a designated accountable human owner. Just as humans are onboarded, move departments, or even off boarded, the AI agent still has that dynamic lifespan, and by governing them within the Okta platform, we can automate that entire lifecycle, provisioning them with that with them with the tight scopes when they are deployed, continuous conducting continuous access reviews, and even offboarding them instantly when there's specific operational lifecycle lens. Okta's data is really revealing right now through various conversations that I've had that there's this dangerous double security standard. Only 34% of organizations are actually applying the same level of identity governance and the security controls to their agentic labor force as they do the human workers, which is quite shocking to be honest with you. When the autonomous agents are spun up without a human assigned owner or that explicit life cycle, they really become that orphaned machine account with persistent access. And over time, we've seen this a number, a number of a number of situations before. These unmanaged accounts accumulate those privileged creeps and essentially leaving that invisible door open for attackers long after that initial business pilot has ended, and then the last piece is really that cryptographic lineage through the token vaulting and impersonation defense agents routinely perform tasks on behalf of the human users and often requiring access to the systems that the user controls, Okta, is really ensuring that when that agent is acting on behalf of an employee, the identity of both the human and that specific agent travel together inside the token architecture, and this is really, really ensuring that the agent only performs the actions that on the on that the human user is allowed to take, maintaining really that clear cryptographic record of authorization, and just to give kind of some context to round out the question here, identity-based attacks like session hijacking have risen 127% year over year as bad actors start to target these post-authentication tokens. So, if an AI agent accesses the backend systems by simply mimicking a human user's raw unscoped credentials, those enterprise audit logs lose all fidelity. Security teams cannot verify if a data query was explicitly initiated by that human employee or if it was independently executed by that exploited agent. So, destroying really any sort of compliance audit trail in the process, and leaving a business really exposed to the hijacking and token theft vulnerabilities in the process.

Jo Peterson:

It's so important. I mean, if the, if folks can't see what they have, there's no way they can secure it. That's the bottom line. And, and it's just going to slow down their productivity, any productivity gains that they're going to have with AI. So, such an important conversation. Thank you for taking time today to talk to us about it, and why this matters to both the CISO and the CIO, because it really, really, truly does. So, hope we get to chat again, and thanks for your time.

Matthew Hansen:

Thank you again, Jo.

Unknown:

Bye.