Okta (NASDAQ:OKTA) used its Showcase event to outline how the company is positioning identity as a control layer for “agentic” AI systems, while also announcing a general availability date for its new product, Okta for AI Agents. Chief Executive Officer and co-founder Todd McKinnon framed the shift toward autonomous AI agents as a broad technology transformation and argued that it introduces new security and governance challenges that organizations must address in parallel with adoption.
Okta frames “agentic” as the future of technology—and a growing security risk
McKinnon said Okta introduced Okta for AI Agents in November and called it the company’s “most important product ever,” citing what he described as unusually strong market response. He said Okta has held “hundreds and hundreds” of meetings about the product, that it has been purchased by “dozens of companies,” and that several are already using it in production to secure and manage AI agents.
He pointed to an Anthropic report describing a cyberattack campaign that used Anthropic models and Claude Code. McKinnon said the attackers did not rely on novel exploits, but instead used available tools at scale through an agentic framework and social-engineered the model by posing as a threat research firm. He also said Anthropic observed the model was “overly confident” during execution.
Survey highlights gaps in identity controls for agents
McKinnon also cited a survey conducted by Gravitee of about 1,000 IT leaders. According to McKinnon’s summary, nearly nine out of ten respondents said there had already been a security issue in their agentic systems. He added that only about 20% treated agents with “complete identity control,” while most relied on reused API tokens and shared access across multiple agents, limiting tracking and accountability.
Okta’s stated focus, McKinnon said, is enabling organizations to build not only an “agentic enterprise,” but a secure agentic enterprise—with identity as foundational infrastructure.
A “blueprint” for securing the agentic enterprise
McKinnon said customers have asked Okta for a clearer reference architecture to navigate a fast-moving and sometimes confusing ecosystem. He described feedback from S&P Global CTO Seth Fox, who requested a framework to help place vendors and technologies into a coherent model.
In response, Okta introduced what McKinnon called a blueprint for the secure agentic enterprise. He emphasized it is not a product and not “an Okta thing,” but a proposed industry reference architecture. The blueprint is organized around three questions:
- What agents do I have?
- What can they connect to?
- What can they do?
He said the blueprint outlines capabilities for discovering agents (including integrations with agentic systems and detections across browser, endpoint, and network layers), assessing risk, and managing how agents connect to systems using multiple protocols and approaches. McKinnon also highlighted that agents interact differently than humans—for example, connecting to MCP servers and other agents—while still needing access to SaaS apps and legacy systems that may require service accounts and credential vaulting. For “what can they do,” he said the blueprint covers fine-grained permissions, enforcement approaches, and lifecycle management, noting that agents sit “somewhere in the middle” between a person and a privileged service account.
Product demo: discovery, connectivity controls, and a “kill switch”
Okta executive Shannon Duffy presented a product walkthrough tied to the same three questions. For agent visibility, Duffy said Okta for AI Agents provides an inventory within Universal Directory and extends Okta’s integration approach into what she described as an “agent integration network.” She also highlighted an “AI agent import” feature that can import agents and metadata from existing application integrations with one click.
For unknown agents, Duffy described “agent discovery” that continuously flags OAuth grants when an agent connects to an enterprise application. She said the tool can show scope and “blast radius,” and provides a remediation plan to register the agent, assign a human owner, and baseline security policies.
On controlling what agents can connect to, Duffy said the product starts with MCP servers and introduced Agent Gateway, describing it as a way to manage access to “virtual MCP servers” by selecting which tools and scopes can be accessed. She said Okta for AI Agents can secure third-party coding agents including Claude, Cursor, and Claude Code. Duffy also outlined multiple connection methods, including Okta authorization server, API keys, service accounts, and additional options such as Okta virtual MCP servers, third-party MCP servers, and OIDC accounts/apps.
For governance, Duffy pointed to a dashboard showing agent access down to scope and tool level, and described a “kill switch” capability using universal logout to revoke tokens and deactivate agent access if an agent behaves improperly.
General availability date and Dell discussion on agent identity
McKinnon said Okta for AI Agents will be generally available on April 30. He positioned the release as a step toward helping organizations move from agentic initiatives to “secure agentic enterprises.”
Okta also hosted a conversation with Dell’s John Roese, who said Dell has been an aggressive adopter of AI internally to better understand what customers need. Roese said Dell’s revenue grew dramatically over two years—about $10 billion in the first year and about $20 billion in the second—while costs declined, which he said was unprecedented in Dell’s history. He attributed the shift to redesigning “people, process, technology” for the AI era and decoupling growth from cost as work becomes “an augmented human being or an agent.” Roese noted that despite progress, Dell had not yet deployed many autonomous agents in production.
Roese described Dell’s internal agentic standards, including centralizing MCP servers due to risk, and using a two-tier model of “inner ring” platforms Dell fully operates and “outer ring” platforms run by partners. He said Dell’s “single biggest decision” was that every agent doing work on Dell’s behalf should have a digital identity issued and operated by Dell, including agents running on third-party platforms—enabling authorization and a “kill switch” even when Dell does not control the underlying infrastructure.
McKinnon closed by reiterating the April 30 general availability date and encouraging organizations to engage with Okta on adopting Okta for AI Agents and the secure agentic enterprise blueprint.
About Okta (NASDAQ:OKTA)
Okta, Inc is a publicly traded provider of identity and access management solutions, headquartered in San Francisco, California. Founded in 2009 by Todd McKinnon and Frederic Kerrest, the company completed its initial public offering in April 2017. Under the leadership of McKinnon as chief executive officer and Kerrest as chief operating officer, Okta has grown into a leading vendor in the cybersecurity space, focusing on secure user authentication, single sign-on and lifecycle management for digital identities.
At the core of Okta’s offering is the Okta Identity Cloud, a suite of cloud-native services that enable organizations to manage user access across web and mobile applications, on-premises systems and APIs.
