Okta: Securing AI Agents in the Enterprise

Name: Okta: Securing AI Agents in the Enterprise
Uploaded: 2026-06-24T07:44:55-04:00
Duration: 3 min 38 s
Description: TL;DR Nearly 90% of organizations have already experienced security issues with AI agent systems, primarily due to over-provisioning and lack of proper access controls. Leading enterprises like Yahoo and Ramp are implementing security frameworks that t...

Okta

06/24/2026

0 (0%)

Report Like Favorite

Transcript

with them. Almost nine out of 10 people said there was already a security issue in their agentic systems. So this could be something as simple as an agentic system was over-provisioned for access, it didn't have the right visibility and controls about what it could do. The challenge now is how to move fast without losing control. And some companies are already beginning to answer that. We have taken a very firm stance on the things that you can and cannot do with an AI agent. And you would be surprised to see how small that list is. Some already have them on the job. Others are laying the groundwork. We needed to kind of pare back our entire environment because we want AI agents and other non-human identities, frankly, even just your standard traditional headless accounts, we want them all to be able to have that same level of functionality. This is a look at two companies in the midst of their AI journeys and what their early moves reveal about securing AI agents in the enterprise. Brian Meister says Yahoo is rebuilding with a simple goal. Make sure AI agents can follow the same access and approval flows as employees. Being able to have them use similar access request flows, having all of those things work the same way down the road will allow that day one new hire who's coming in and knows nothing about your corporate ecosystem just to say, oh, this is where I request access to everything for everything that I'm going to be owning. So if you're able to manage the effectively the least privilege of these accounts and these agents and identities by ensuring that you're constantly monitoring and revoking access and you're detecting ones that you didn't create, the rest of the paradigm is going to fall into place very, very quickly. And that's what Ramp is working through in real time. We have things that are cloud coding agents. We have internal research agents. At our product level, we have our policy agents. That's actually been up and running for quite a while. And those early rollouts have given the team a clearer picture of how agents behave, what users want to connect and where stronger controls are needed next. We always expected that eventually the guardrails would break. It really is just a matter of identifying the vulnerabilities as they appear. That's why for Ramp, identity stays at the center. The underlying trend that will always be there is associating an agent back to a person. Together, Yahoo and Ramp point to the same reality. AI agents may be new, but the security model can't be an afterthought. It's critical. It's not, oh, we can get to this later. You have to start there. And for companies already putting agents to work, the need isn't just more security. It's security that doesn't add more friction. There is a lot of value in being able to make it a one-click action. That's what Okta delivers for human identities. Even now, through its latest product, Okta for AI Agents, those same controls can be extended to AI agents, too. I don't think anybody has 100% of this answer today in terms of what makes the perfect agentic AI enterprise. But I know that Okta is listening. In our next video, we go inside the making of Okta for AI Agents, how customer pain points shape the product and the technical thinking behind how it was built. Signing off for Okta's Newsroom, I'm Diana Blass.

TL;DR

Nearly 90% of organizations have already experienced security issues with AI agent systems, primarily due to over-provisioning and lack of proper access controls.
Leading enterprises like Yahoo and Ramp are implementing security frameworks that treat AI agents like human employees, using the same access request flows and approval processes.
The key to secure AI agent deployment is establishing least privilege access and continuous monitoring from day one, not as an afterthought to implementation.

Summary

This video examines how enterprises are addressing security challenges as AI agents become operational within their organizations. Through case studies from Yahoo and Ramp, the content explores practical approaches to managing AI agent access, implementing least privilege principles, and extending existing identity controls to non-human identities. The discussion highlights that nearly 90% of organizations have already encountered security issues with agentic systems, primarily related to over-provisioning and inadequate visibility. Both featured companies emphasize the importance of treating AI agents like human employees within access management frameworks, ensuring that security controls are built from the start rather than retrofitted later. The video concludes by introducing Okta for AI Agents as a solution that extends proven identity management capabilities to AI agents without adding operational friction.

Chapters

0:00 - AI Agent Security Challenge
0:32 - Enterprise Approaches to Control
1:10 - Yahoo's Access Management Strategy
1:55 - Ramp's Real-World Agent Deployment
3:03 - Okta for AI Agents Solution

Key Quotes

0:11 "Almost nine out of 10 people said there was already a security issue in their agentic systems."
0:32 "We have taken a very firm stance on the things that you can and cannot do with an AI agent. And you would be surprised to see how small that list is."
2:32 "The underlying trend that will always be there is associating an agent back to a person."

FAQ

What are the most common security issues organizations face with AI agents?

The most common issues include over-provisioning of access rights, insufficient visibility into agent activities, and lack of proper controls around what agents can do within enterprise systems.

How should enterprises approach AI agent security differently from traditional applications?

Rather than treating AI agents as separate systems, enterprises should extend existing identity and access management frameworks to include agents, ensuring they follow the same least privilege principles and approval workflows as human users.

Categories:

» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

06/24/2026

11:00 AM

06/24/2026

Accelerating Insights on AI Innovation and Trends

https://www.truthinit.com/index.php/channel/2012/accelerating-insights-on-ai-innovation-and-trends/
06/25/2026

01:00 PM

06/25/2026

Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier

https://www.truthinit.com/index.php/channel/1998/generative-ai-security-preventing-ai-from-becoming-a-data-breach-multiplier/
06/30/2026

01:00 PM

06/30/2026

Mastering Active Directory Certificate Services for Long-Term Success

https://www.truthinit.com/index.php/channel/2018/mastering-active-directory-certificate-services-for-long-term-success/
07/01/2026

04:00 AM

07/01/2026

Integrating Security in AI: Automated Red Teaming Strategies for Private Models

https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
07/01/2026

04:00 AM

07/01/2026

Schutz von KI in Anwendungen, Agenten und APIs.

https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
07/01/2026

01:00 PM

07/01/2026

Preventing Your AI from Turning Against You: Essential Strategies

https://www.truthinit.com/index.php/channel/2021/preventing-your-ai-from-turning-against-you-essential-strategies/
07/02/2026

10:00 AM

07/02/2026

When the cloud goes dark: Resilience lessons from hybrid threats

https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-when-the-cloud-faces-challenges/
07/09/2026

01:00 PM

07/09/2026

The HUMAN Experience: Implementing AgenticTrust for Transformative Engagement

https://www.truthinit.com/index.php/channel/2026/the-human-experience-implementing-agentictrust-for-transformative-engagement/
07/14/2026

01:00 PM

07/14/2026

Crafting a Championship-Quality Security Team for Unmatched Defense

https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-quality-security-team-for-unmatched-defense/
07/15/2026

12:00 PM

07/15/2026

Discover How Cyera Is Transforming Agent Security Approaches

https://www.truthinit.com/index.php/channel/2036/discover-how-cyera-is-transforming-agent-security-approaches/
07/21/2026

04:00 AM

07/21/2026

Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
07/21/2026

01:00 PM

07/21/2026

HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
07/22/2026

06:30 AM

07/22/2026

Understanding the Dynamics of Data Privacy and Protection Regulations

https://www.truthinit.com/index.php/channel/2000/understanding-the-dynamics-of-data-privacy-and-protection-regulations/
07/28/2026

01:00 PM

07/28/2026

Illumio + Netskope: Zero Trust in the Age of AI Autonomy

https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
07/29/2026

04:00 AM

07/29/2026

Real-Time Strategies for Safeguarding Against Prompt Injections

https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
09/30/2026

04:00 AM

09/30/2026

AI Command Center: Optimizing Visibility and Control in Your Operations

https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/