Eric Keller, President and COO of Okta, discusses the widespread adoption of autonomous AI agents in enterprises, highlighting the critical need for robust security, identity management, and governance to mitigate risks such as data breaches. He emphasizes Okta’s role in providing solutions like Cross-App Access to securely manage AI agent identities and advocates for a balanced approach that fosters innovation while ensuring privacy and compliance.
In the video, Eric Keller, President and COO of Okta, discusses the current state and future prospects of AI agents, emphasizing the balance between innovation and security. He explains that AI agents are autonomous software capable of taking actions on behalf of users asynchronously, applying their own judgment to execute tasks. This autonomy distinguishes AI agents from previous automation technologies, which were more about system integrations and synchronous operations. While many companies have enthusiastically deployed AI agents in production, there remains a significant gap in confidence regarding their secure management and governance.
Keller highlights a recent survey revealing that over 90% of enterprises have AI agents deployed in production, yet only about 10% feel confident that these agents are properly secured and managed. This discrepancy underscores the industry’s rush to innovate and deploy AI solutions without fully addressing the associated security risks. He shares a cautionary example of a major restaurant chain that deployed an AI recruiting agent with inadequate security measures, resulting in a data breach affecting millions of job applicants. This incident illustrates the dangers of pushing AI agents into production prematurely without robust security protocols.
Okta’s role in this evolving landscape is to provide identity management solutions that secure not only human identities but also non-human and agentic identities. Keller explains that AI agents require the same level of authentication, authorization, and governance as human users and machine-to-machine accounts. To address the challenges of managing AI agents securely, Okta advocates for an open standard called Cross-App Access, which enables companies to register, manage, and govern agent identities across platforms. This standard helps organizations control agent access, rotate credentials, and provision or deprovision agents as needed, reducing security vulnerabilities.
The conversation also touches on the importance of AI governance, particularly regarding data access and usage by AI agents. Keller stresses that companies must carefully govern what data agents can see and how that data is used, especially when third-party agents are involved. There is concern about data being aggregated or used beyond the original query, which could lead to privacy and compliance issues. Effective governance policies are essential to ensure that AI agents operate within authorized boundaries and protect sensitive corporate information.
Finally, Keller reflects on the rapid pace of AI development, noting that this wave of technological change feels faster and more intense than previous shifts like the internet or cloud computing. While there is genuine excitement and enthusiasm both from top executives and employees to adopt AI, many companies are still figuring out how to measure tangible business value from these investments. He emphasizes the need for a balanced approach that fosters innovation while prioritizing security and governance to mitigate risks. The discussion concludes with a lighthearted note on the idea of uploading one’s brain to AI, underscoring the importance of privacy and security in such futuristic scenarios.