Identity management vendor Okta Thursday launched an “Identity Security Fabric” designed to secure AI agents and replace the patchwork of point security solutions that enterprises currently use to manage users, applications, and AI systems.
“As part of the fabric, organizations will also be able to issue and verify tamper-proof digital credentials, helping establish trust and address rising AI-powered fraud,” Okta said in a statement.
The announcement at Okta’s annual conference in Las Vegas came as organizations struggled to manage AI systems that operated with elevated privileges but often lacked proper oversight.
Research firm Gartner predicted that by 2027, identity fabric immunity principles will prevent 85% of new attacks and reduce the financial impact of breaches by 80%.
While 91% of organizations were already using AI agents, only 10% had developed strategies for managing these non-human identities, Okta research showed. As evidence of the security risks, the company pointed to an incident where “an AI hiring bot that exposed millions of applicants’ data to hackers who tried the password ‘123456.’”
“The modern enterprise requires an identity security fabric that can unify silos and reduce the attack surface,” Kristen Swanson, Okta’s senior vice president of design and research said in the statement. Current fragmented security architectures “can no longer keep up” with AI-driven threats, she said.
The identity fabric concept integrated what were previously separate security functions — user management, application security, and AI oversight — into a single platform. The approach came as enterprises faced mounting complexity from AI agents that operated continuously with elevated privileges alongside traditional human users.
Three main components form the fabric
The platform comprised three main elements, with AI agent lifecycle management as the first key component. Okta called this “Okta for AI Agents,” planned for early access in the first quarter of fiscal 2027. This element would discover existing AI agents within enterprise networks, establish proper identity credentials, enforce access controls, and monitor their activities.
“AI is changing the workplace faster than organizations can adapt,” Swanson added. “We’re starting to see poorly built, deployed, or managed agents expose the risks of using a traditional patchwork of identity solutions.”
The system would “enforce security policies to apply the principle of least privilege, providing AI agents with the access they need only for the time they need it,” the company said in the statement.
The second component was Cross App Access, an extension of OAuth designed to secure communications between AI agents and enterprise applications. The protocol gained backing from major technology vendors, including Amazon Web Services, Google Cloud, Salesforce, Box, and Automation Anywhere.
The protocol shifted security control from individual applications to centralized identity systems, allowing security teams to monitor AI agent behavior across their entire technology stack. Cross App Access will be available in early access within the Okta Platform for enterprise customers, the statement added.
Current AI implementations often rely on static credentials like API keys that create persistent vulnerabilities if compromised. Unlike human users, AI agents typically operate continuously and might require elevated privileges across multiple systems, amplifying potential damage from security breaches.
Digital credentials round out the platform
The third fabric component is digital credentials capabilities through the Okta Verifiable Digital Credentials (VDC) platform, scheduled for fiscal 2027 release.
The system would allow organizations to issue cryptographically secure versions of government IDs, employment records, and professional certifications.
“Built on open standards for maximum control and future interoperability, VDCs will help establish trust in a world of AI agents, enabling secure, privacy-preserving credentials that help prove who someone is, what they’ve done, or what they’re allowed to do,” the company said.
Okta said that it would begin with support for mobile driver’s licenses before expanding to additional identification types.
The focus on identity security challenges extended beyond Okta’s announcements at the Las Vegas event. Data protection company Rubrik also launched Rubrik Okta Recovery, designed to provide automated backups and recovery for Okta environments, highlighting the broader industry recognition of identity infrastructure vulnerabilities, Rubrik announced in a separate statement. The fabric approach addressed what Okta described as challenges where “AI agents operate at machine speed with high privileges and ephemeral lifecycles, and AI-driven deepfakes blur the line between legitimate users and malicious impersonators.”
No Responses