Okta, an independent identity provider, has unveiled the latest features for the Okta platform and the Auth0 platform. The features enable companies to develop secure, standards-based AI agents that can be seamlessly integrated into their existing security architecture.

Faced with the growing threat of AI-powered cyberattacks, organizations can now adapt their defenses and strengthen confidence in their infrastructure with consistent lifecycle management and tamper-proof credentials.

Why it matters:

• AI agents are already used by 91% of all companies¹ and promise a wide range of productivity gains, but at the same time create entirely new risks.
• AI governance is lagging far behind: only 10% of companies have a strategy for dealing with non-human identities¹.
• The problem is real: incidents such as the AI recruiting bot that exposed millions of applicant data after hackers tried the password ‘123456’² demonstrate the dangers of inadequately secured AI agents.
• AI agents must be designed to be secure from the ground up – in addition to uniform controls for identity, access, and authorization, this includes standards for the interaction of agents, applications, and system environments.
• This makes agents “fabric-ready” and allows them to be integrated into an existing security architecture – for holistic transparency, control, and governance of all identity types.
• Fragmented architectures and legacy solutions in identity management are no longer adequate to address the potential threat. However, according to Gartner, compliance with current security principles could prevent approximately 85% of all cyberattacks by 2027³.

“AI is changing the world of work faster than companies can adapt. We are already seeing how poorly managed agents expose the risks of traditional patchwork identity management,” explains Kristen Swanson, SVP of Design & Research at Okta.

“Modern enterprises need an identity security fabric that unifies existing silos and reduces the overall attack surface. Our latest features weave AI agents into this fabric and enable complete lifecycle management of all identities, from human employees to AI agents. By leveraging open standards such as Cross App Access, we are supporting the entire industry in developing a secure AI ecosystem.”

Comprehensive security for AI agents with “Okta for AI Agents”

Okta for AI Agents seamlessly integrates AI agents into the security architecture. It provides easy ways to identify security risks and central control functions that also enable comprehensive governance to comply with given security policies throughout the entire lifecycle. Early access will begin between February and April 2026 (Phase 1), with the full version expected to be available in 2026 (Phase 2).

Key features include:

• Detect & Discover: With Identity Security Posture Management (ISPM), organizations can audit AI agents and identify potential security risks in service accounts, API keys, and OAuth tokens.
• Deploy & Register: Universal Directory helps manage AI agents as identities, including risk assessment and ownership determination.
• Authorize & Protect: Enforce security policies based on the least privilege principle so that AI agents only receive the access rights they need. Cross App Access (XAA), a new open protocol, standardizes secure connections between AI agents and applications. Okta Privileged Access (OPA) enforces security policies for agents that work with credentials such as service accounts or API keys.
• Manage, Monitor & Respond: Okta Identity Governance (OIG) provides comprehensive audit logs and activity records for all AI agents. Identity Threat Protection with Okta AI (ITP) continuously monitors all user activity. Continuous behavioral analysis helps identify dangerous patterns and triggers automated alerts and protective measures.

Secure collaboration between agents and apps with Cross App Access

Cross App Access (XAA) extends OAuth to secure agent and app-to-app interactions. With support from industry leaders such as Automation Anywhere, AWS, Boomi, Box, Glean, Google Cloud, Grammarly, Miro, Salesforce, and WRITER, XAA shifts control from agents to a central identity layer, creating transparency and more secure integrations.

XAA will soon be available with out-of-the-box support in Auth0, enabling B2B SaaS developers to build their own applications and AI tools. It also complements Auth0 for AI Agents, making it easier for developers to embed identity-first principles into AI applications. Together, XAA and Auth0 for AI Agents enable secure, fabric-ready applications to be delivered and scaled with minimal developer effort.

For enterprises, XAA is already available on the Okta platform in early access:

• Centralized access management: IT and security teams control which data apps or agents can access.
• Enhanced security and auditing capabilities: Unauthorized requests can be monitored and blocked to prevent uncontrolled data connections and unsupervised access.
• Better user experience: XAA pre-approves connections from agents and apps, reducing the number of security prompts.

“As our customers scale their use of AI agents, providing a secure and trusted platform is our top priority,” said Marla Hay, SVP of Product at Salesforce. “We are excited about the continued expansion of secure agent workflows with XAA and integrating Okta into the Salesforce Security Center. This gives our mutual customers more confidence and better ways to manage their security strategies.”

“Companies around the world are struggling to use AI securely with their own data. Our customers rely on Glean to consolidate this knowledge and empower AI agents to perform the desired tasks,” explains Sunil Agrawal, Chief Information Security Officer at Glean. “Glean agents act strictly on behalf of the user and without additional privileges. Cross App Access goes one step further and enables AI agents to be connected across systems. We welcome the gradual expansion of such protocols to establish industry-wide standards for the use of agents.”

Preventing AI fraud with verifiable digital credentials

As part of the Identity Security Fabric, Okta Verifiable Digital Credentials (VDC) enables the issuance and verification of tamper-proof, reusable identity data such as ID cards, employment records, or certificates. It reduces AI-assisted fraud and friction during the onboarding phase by allowing individuals to digitally prove their identity and authorization. End users benefit from simplified operation of apps and websites—without the hassle of manual verification.

VDCs are based on open standards for maximum control and interoperability. By providing secure credentials, they help build trust in the age of agentic AI.

With a new verification feature scheduled to be available in early access at the end of 2025, companies will also be able to use government-issued identity documents such as driver’s licenses for access authorization in the future.

Further information

• For more information, visit the Okta Secures AI website.
• Visit the Okta Newsroom to learn more about how XAA solves business challenges.
• Read the Cross App Access info page to learn how XAA can be customized and implemented.
• Discover all the new updates in the Okta portfolio in the Launch Week blog post.

YouTube: https://www.youtube.com/watch?v=0vL1tdzvXgk

¹ “AI at Work 2025: Securing the AI-powered workforce,” Okta, August 12, 2025.

² “AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’”, Wired, July 9, 2025.

³ “Gartner Identifies the Top Cybersecurity Trends for 2023”, Gartner, April 12, 2023.