Okta has introduced new identity security capabilities designed to help organisations safeguard AI-driven environments and fight fraud. The updates add stronger protections to its Okta Platform and Auth0 Platform, enabling companies to integrate artificial intelligence agents into a secure, standards-based identity security fabric.
Strengthening AI identity security
AI agents are now widely used across enterprises, with 91 per cent of organisations adopting them to boost productivity. However, many lack proper governance. Only 10 per cent have a clear strategy for managing non-human identities, leaving systems open to misconfiguration and attacks. Recent security breaches, such as an AI hiring bot leaking applicant data, show the dangers of weak controls.
Okta’s new approach centres on an identity security fabric — a unified layer to manage all types of identities, including AI agents. This fabric gives businesses end-to-end oversight, reducing security gaps and legacy complexity. Kristen Swanson, Senior Vice President of Design and Research at Okta, said: “AI is changing the workplace faster than organisations can adapt. Our latest innovations weave agents into that fabric to manage their entire identity lifecycle, leveraging open standards like Cross App Access that help elevate the entire industry and create a more secure AI-powered ecosystem.”
New capabilities for AI agents
The new Okta for AI Agents feature helps companies manage AI agent identities from creation to retirement. It discovers risky agents, controls access, and enforces security policies automatically. Capabilities include Identity Security Posture Management for risk detection, Universal Directory for identity ownership and classification, and Okta Privileged Access for least-privilege enforcement. Cross App Access (XAA), a new open protocol, secures how AI agents and applications connect, while Okta Identity Governance and Identity Threat Protection with Okta AI monitor activities and respond to suspicious behaviour.
XAA also simplifies safe integration between apps and AI tools. It moves access control to the identity layer, reducing hidden connections and blind trust. Technology providers such as Salesforce, Google Cloud, Glean, and AWS support the protocol. Developers can use Auth0 for AI Agents to embed identity-first security directly into AI-driven applications.
Combating AI-powered fraud
Okta is also addressing fraud risks with its Verifiable Digital Credentials (VDC) platform, planned for release in financial year 2027. VDCs allow organisations to issue and verify tamper-proof identity data such as government IDs or work certifications. This technology is designed to prevent deepfake-driven impersonation and reduce onboarding friction by giving users a simple way to prove their identity online. Early features, including digital ID verification for mobile driving licences, will be available from late financial year 2026.
Okta said these innovations aim to give enterprises control over AI security at scale, improving trust and reducing exposure to identity-based attacks. The company believes this integrated approach will help organisations keep pace with the rapid growth of AI while maintaining robust protection.
