AI Security as Identity Security
Okta CEO Todd McKinnon frames the central challenge facing organizations today: balancing rapid AI innovation with security requirements. He introduces the concept that AI agents represent a powerful new identity type that requires the same governance, visibility, and control as human identities. McKinnon reveals how a recent industry-wide breach of an AI marketing agent compromised hundreds of companies — but not Okta, thanks to hardened corporate infrastructure. This incident demonstrates why AI security fundamentally depends on identity security, as agents increasingly access sensitive data and systems autonomously. The keynote positions Okta's Secure Identity Commitment as the unlock for innovating with AI without compromise.
Identity Security Fabric for AI Agents
The presentation introduces Okta's identity security fabric, which treats AI agents as first-class identities alongside people and groups in the Universal Directory. This approach provides complete visibility into all agents across the organization, regardless of where they were built or deployed. Okta demonstrates how managed connections enable fine-grained control over agent access to applications and data, similar to single sign-on for human users. The company announces support for cross-app access standards in the Auth0 platform, allowing developers to build fabric-ready agents with security and visibility built in from the start. This architecture aims to prevent agentic sprawl and close accountability loops by linking agents to their owners.
Industry Leadership and Customer Partnership
McKinnon emphasizes Okta's role in elevating industry standards for AI security, noting that without proper security frameworks, AI adoption will stall due to fear and risk aversion. The keynote features a conversation with Lattice CEO Sarah Franklin, who discusses the intersection of HR, IT, and security in managing AI agents as new workforce entities. Franklin stresses the importance of balancing efficiency with effectiveness, and warns against repeating the mistakes of social and mobile technology adoption by proactively addressing how AI can harm as well as help. The session concludes with a call to action for the collective industry to lead the next chapter of identity security, working toward the goal of zero identity-based attacks.
