AI Agents Have No Identity System. Okta Does.

Every time an organization deploys an AI agent, it makes a decision about what that agent can access, what it can do, and who is responsible when it does it. In 2026, almost no organizations have made that decision deliberately. That gap — between the speed of agent deployment and the complete absence of governance infrastructure — is the problem Okta is betting $14 billion on solving.

"We are paranoid," Todd McKinnon, Okta's co-founder and chief executive, told investors on the company's most recent earnings call. "We are making sure we are using all the latest technologies to make sure we have something that is resilient and secure." That paranoia has a product roadmap behind it. On April 30, Okta will make generally available Okta for AI Agents, a platform the company describes as the first purpose-built identity layer for autonomous agents. The pitch: organizations need to manage AI agents the same way they manage human employees — with credentials, access policies, and audit trails. Agents are not people, McKinnon told Nilay Patel on The Verge Decoder podcast, but they are not purely systems either. In his framing, agents sit between people and systems — they carry attributes of both a human identity and a system identity, and represent something new. It is, as he put it, a new category.

The adoption curve suggests he is right about the problem existing. Okta's own research, reported by ComputerWeekly, found that 91 percent of organizations were already deploying agentic AI in search of productivity gains — but only 10 percent had any form of cyber governance in place to manage agents. The remaining 81 percent are operating, in effect, without a plan. In the same ComputerWeekly report, McKinnon framed the stakes bluntly: without treating identity security as inseparable from AI security, organizations will fail at both. That governance gap is not a PR problem for Okta — it is the commercial opportunity. The company estimates the total addressable market for identity access today at roughly $20 billion, growing to $80 billion as digital labor and agentic workflows scale. Okta had $2.9 billion in annual revenue for fiscal year 2026, up 12 percent, with net income of $235 million. New products — Okta for AI Agents and Auth0 for AI Agents — represented approximately 30 percent of fourth quarter bookings.

The incidents are arriving faster than the frameworks. Okta cited the breach of a hiring bot built on the Paradox AI platform and used by McDonald's, which exposed the personal data of millions of job applicants after attackers correctly guessed its password was 123456. That is not a sophisticated attack. That is a configuration failure on a production agent given access to sensitive personal data. The State of AI Agent Security 2026 report, published by API management firm Gravitee, found that 88 percent of organizations had reported suspected or confirmed AI agent security incidents in the prior year. More than half of all agents operate without any security oversight or logging. On average, only 47.1 percent of an organization's AI agents are actively monitored or secured. The remaining agents are, in security terms, invisible.

The governance gap is structural, not incidental. Most organizations still treat agents as tools belonging to a human — extensions of a person's access rather than independent actors. Only 22 percent of organizations treat AI agents as independent, identity-bearing entities, according to Gravitee. The rest are using shared API keys for agent-to-agent authentication: 45.6 percent, a credential-sharing architecture that would be immediately familiar to anyone who has worked with early microservice deployments and universally acknowledged as a problem that scales poorly. Dell Technologies' chief technology officer John Roese put it bluntly to The Register: the industry has no consensus on what an AI agent is, and some large software vendors are deliberately keeping agents hidden behind black-box APIs to avoid the governance question entirely.

McKinnon's answer is Okta for AI Agents, which will handle credential management, access policy, and audit logging for autonomous agents. The company is pricing it two ways: by the number of agents an individual human deploys, or by the number of connections an agent makes into downstream systems. Cross App Access, a protocol extending OAuth that Okta introduced at its March Showcase event, is the technical mechanism — identity providers as the control plane for agent-to-agent and agent-to-application traffic. It is, in architectural terms, an identity provider wearing a new hat. The question is whether that hat fits.

The competitive pressure is not abstract. Palo Alto Networks completed its $25 billion acquisition of CyberArk in February, establishing identity security as a core platform pillar and explicitly naming agent identity as the rationale. CrowdStrike agreed to acquire SGNL for $740 million to handle what it called continuous identity for human, non-human, and AI identities. Three major cybersecurity platforms have independently concluded that the identity layer for autonomous agents is worth acquiring rather than building. That is informative signal about where the market thinks the leverage sits.

The most revealing moment in the Decoder conversation was not McKinnon's pitch for his own product. It was his assessment of how organizations are currently trying to solve the agent security problem. When asked about OpenClaw deployments — specifically the pattern of organizations buying Mac Minis to air-gap agents from production infrastructure — McKinnon's response was direct. I look at that, and I'm like, you've accomplished nothing, he said. You've given it all the access over here, and maybe it just doesn't have your file system with your photos on it, but it still has all the access to the tools. OpenClaw, he argued, represents the ChatGPT moment for agents — but not a security architecture. It is a deployment pattern that transfers the credential problem to a different machine without resolving the underlying governance gap. The kill switch that agent frameworks are adding is necessary but insufficient. You need to know not just whether to stop an agent, but who is responsible for what it did while it was running.

McKinnon's framing of agent identity as a genuinely new category — neither human nor system, but something in between — is architecturally interesting. It is also convenient positioning for a company that needs its existing $3 billion identity business to feel like a platform from which agent identity naturally grows rather than a category that might require a different architectural approach. Okta for AI Agents handles what the company calls the identity problem. Whether it handles the behavior problem — what an agent does once it has legitimate access — is a different question, and one the product does not fully answer.

The identity market McKinnon is competing for is real, and the gap between agent deployment and agent governance is not going to close on its own. The structural problem — that identity systems were designed for humans and are being retrofitted for autonomous software — will require actual architectural work, not just new pricing tiers on existing products. Whether Okta is the company that does that work, or the company that arrives first with a badge that says "agent identity" stapled onto its existing platform, will be determined by what the product actually does when agents start behaving in ways their deployments did not anticipate.