In the conversation with Shiv Ramji, the main barrier to profitable enterprise AI adoption is identified as the complex challenges of identity and access management, with security concerns preventing AI projects from moving beyond prototypes. Shiv highlights the need for robust AI governance, fine-grained authorization, and secure verification methods—solutions that Okta’s Ozero platform addresses—to enable safe, scalable, and productive deployment of AI agents across industries.
In this insightful conversation with Shiv Ramji, president of Ozero at Okta, the challenges businesses face in successfully implementing AI are explored in depth. Despite the widespread enthusiasm for generative AI, a striking 95% of companies attempting to deploy AI solutions fail to do so profitably. Shiv highlights that while many organizations experiment with AI prototypes, very few move these projects into production due to significant security concerns. Unlike traditional deterministic applications, AI agents operate in a non-deterministic manner, accessing various internal systems and data sources, which raises fears among CIOs and CISOs about potential data breaches and unauthorized access.
Shiv emphasizes that the core issue is not the AI technology itself but the complexities around identity and access management. AI agents must be authenticated and authorized with fine-grained permissions to ensure they only access data and systems that the user is permitted to interact with. This is a challenging problem because modern enterprises have a vast and dynamic web of permissions across numerous applications, documents, APIs, and internal databases. Without robust AI governance and data governance frameworks, companies risk exposing sensitive information, as seen in real-world incidents like the McDonald’s chatbot breach and unauthorized access to CEO emails.
The conversation also touches on the organizational dynamics of AI adoption. Often, AI initiatives start from bottom-up efforts by technically savvy employees but quickly encounter roadblocks without buy-in from security leadership. CISOs and security teams are tasked with securing a sprawling and often undocumented IT landscape, making it difficult to confidently deploy AI agents at scale. Shiv notes that only about 10% of companies currently have formal AI governance processes, which are crucial for classifying sensitive data and managing access policies centrally to prevent leaks and misuse.
Despite these challenges, Shiv is optimistic about the transformative potential of AI agents, particularly in software engineering, healthcare, retail, and travel. AI agents can significantly boost productivity by automating coding tasks, processing medical information, and managing complex itineraries, among other use cases. He also highlights the evolving nature of AI interfaces, including asynchronous and long-running tasks, which allow agents to operate independently over extended periods and adapt dynamically to user feedback. This flexibility and autonomy make AI agents a powerful tool for enhancing efficiency and innovation across industries.
Finally, Shiv explains how Okta’s Ozero platform helps companies securely deploy AI agents by verifying both users and agents, securing API communications, enabling human-in-the-loop workflows, and managing fine-grained authorization for data access. He underscores the importance of robust verification methods to distinguish between humans and AI agents, as well as the need for digital credentials and content watermarking to combat fraud and ensure trust. As AI continues to evolve, Shiv believes that improved security frameworks and governance will enable more companies to realize the full benefits of AI, moving beyond experimentation to profitable, scalable production deployments.