Okta made a nightmare micromanager for your AI agents

Where are you? What are you working on? Why are you doing that?

by · The Register

Identity access and management platform Okta announced the general availability of its Okta for AI Agents, which will give customers the ability to do three things: locate agents, see what they’re doing, and shut them down if need be.

“This technology wave has tremendous potential, but we have to make sure we put the right controls and foundational groundwork in place to make it secure as well,” Okta CEO Todd McKinnon said in a video presentation Monday announcing the release.

Over the last 17 years, McKinnon said, Okta’s bet on identity access has paid off, whether it was in securing users in the cloud, during the wave of mobile adoption at work, as work shifted remote during the pandemic, or now at the outset of agentic AI.

“We know what problems you have and what solutions that we need to build for you. They all center around three really important questions: the first one sounds simple, what agents do I have? What can they connect to? What can they do?” McKinnon said. “Some vendors propose to answer some of these questions. Some vendors say they have everything covered. It’s quite daunting.”

McKinnon said the challenge of managing agents prompted Okta to build a reference architecture for securing the agentic enterprise – and a product to answer all three questions. During the presentation, Okta demonstrated importing AI agents and their attached metadata from Salesforce, ServiceNow, Google, and AWS, with one click.

From the same dashboard, Okta’s agent discovery tool lets users find unmanaged agents and assign them owners and governing policies. The tool runs continuously in the background to help admins take inventory of agents.

Through a governance dashboard, admins can see and control what agents have access to down to the scope of the work, and at the tool-level, Duffy said.

“What if an agent goes rogue?” Duffy said. “You need a kill switch. With Okta for AI Agents you can trigger a universal log out if an agent starts accessing things it shouldn’t. It's automatically going to revoke the tokens and deactivate that access.”

Speaking on stage with McKinnon, Dell Technologies CTO John Roese spilled a secret about AI agents: not everyone can agree on what they are.

"Just to give you some industry dirty laundry, we don't have full consensus in the industry on what an agent is," he said.

“Wait. No. Stop, John,” McKinnon said chuckling. “Breaking news.”

Since early 2025, Roese has bullishly said AI agents are coming to work inside businesses, and will deliver AI’s promised productivity gains.

When it comes to securing agents, some large software vendors, including Dell’s partners, treat agents like a feature of a model and keep them hidden behind the “black box of the API.”

“It makes it very difficult for me, as I want to have ubiquitous identity and ubiquitous control. If you believe that an agent is a black box, a magic hidden behind a master account that is owned by a provider, it's very hard to reach into there to do authorization for what appears to be a knowledge graph,” Roese said. “You have to pull that out. Most of those companies, and they are our partners in this ecosystem, we’re deprecating them. They are not agents to us. They’re just tools.”

He said there is a growing agreement in the enterprise AI ecosystem that agents are software systems, with composable architecture that can do autonomous work. He said they may use large language models, but also use knowledge graphs, and other types of data expressions.

“They have a tool-use interface – today, primarily MCP. They have inter-agent communication with protocols like A2A. That is a system,” he said. “And we haven’t quite got consensus. Is it a feature of a model? Or is it a software system that does work? I’m 100 percent confident that the second is the right answer, but that creates tremendous confusion for people.”

Roese said Okta gives customers the power to track and manage both models and whatever agents have become.

“That’s why it's so important in your framework that you don’t assume everything is a first class agent,” he told McKinnon on stage. “Some agents might not be expressible as agents because they’re behind a firewall or unexposed to you. So treat them like a tool and then control the tool-use access.” ®

Okta CEO ‘paranoid’ as vibe coders stir SaaS-pocalypse fears: It’s ok, Todd. You’re only paranoid if you’re wrong.O'Ryan Johnson, 05 Mar 2026Canva among ~100 targets of ShinyHunters Okta identity-theft campaign: Atlassian, RingCentral, ZoomInfo also among tech targetsJessica Lyons, 26 Jan 2026How to answer the door when the AI agents come knocking: Identity management vendors like Okta see an opening to calm CISOs worried about agents running amokO'Ryan Johnson, 09 Dec 2025Why the long name? Okta discloses auth bypass bug affecting 52-character usernamesMondays are for checking months of logs, apparently, if MFA's not enabledConnor Jones, 04 Nov 2024