Okta made a nightmare micromanager for your AI agents
(2026/03/19)
- Reference: 1773875131
- News link: https://www.theregister.co.uk/2026/03/18/okta_agent_micromanager/
- Source link:
Identity access and management platform Okta announced the general availability of its Okta for AI Agents, which will give customers the ability to do three things: locate agents, see what they’re doing, and shut them down if need be.
“This technology wave has tremendous potential, but we have to make sure we put the right controls and foundational groundwork in place to make it secure as well,” Okta CEO Todd McKinnon said in a [1]video presentation Monday announcing the release.
Over the last 17 years, McKinnon said, Okta’s bet on identity access has paid off, whether it was in securing users in the cloud, during the wave of mobile adoption at work, as work shifted remote during the pandemic, or now at the outset of agentic AI.
[2]
“We know what problems you have and what solutions that we need to build for you. They all center around three really important questions: the first one sounds simple, what agents do I have? What can they connect to? What can they do?” McKinnon said. “Some vendors propose to answer some of these questions. Some vendors say they have everything covered. It’s quite daunting.”
[3]
[4]
McKinnon said the challenge of managing agents prompted Okta to build a reference architecture for securing the agentic enterprise – and a product to answer all three questions. During the presentation, Okta demonstrated importing AI agents and their attached metadata from Salesforce, ServiceNow, Google, and AWS, with one click.
From the same dashboard, Okta’s agent discovery tool lets users find unmanaged agents and assign them owners and governing policies. The tool runs continuously in the background to help admins take inventory of agents.
[5]
Through a governance dashboard, admins can see and control what agents have access to down to the scope of the work, and at the tool-level, Duffy said.
“What if an agent goes rogue?” Duffy said. “You need a kill switch. With Okta for AI Agents you can trigger a universal log out if an agent starts accessing things it shouldn’t. It's automatically going to revoke the tokens and deactivate that access.”
Speaking on stage with McKinnon, Dell Technologies CTO John Roese spilled a secret about AI agents: not everyone can agree on what they are.
[6]
"Just to give you some industry dirty laundry, we don't have full consensus in the industry on what an agent is," he said.
“Wait. No. Stop, John,” McKinnon said chuckling. “Breaking news.”
[7]Okta CEO ‘paranoid’ as vibe coders stir SaaS-pocalypse fears
[8]Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
[9]How to answer the door when the AI agents come knocking
[10]Why the long name? Okta discloses auth bypass bug affecting 52-character usernames
Since early 2025, Roese has [11]bullishly said AI agents are coming to work inside businesses, and will deliver AI’s promised productivity gains.
When it comes to securing agents, some large software vendors, including Dell’s partners, treat agents like a feature of a model and keep them hidden behind the “black box of the API.”
“It makes it very difficult for me, as I want to have ubiquitous identity and ubiquitous control. If you believe that an agent is a black box, a magic hidden behind a master account that is owned by a provider, it's very hard to reach into there to do authorization for what appears to be a knowledge graph,” Roese said. “You have to pull that out. Most of those companies, and they are our partners in this ecosystem, we’re deprecating them. They are not agents to us. They’re just tools.”
He said there is a growing agreement in the enterprise AI ecosystem that agents are software systems, with composable architecture that can do autonomous work. He said they may use large language models, but also use knowledge graphs, and other types of data expressions.
“They have a tool-use interface – today, primarily MCP. They have inter-agent communication with protocols like A2A. That is a system,” he said. “And we haven’t quite got consensus. Is it a feature of a model? Or is it a software system that does work? I’m 100 percent confident that the second is the right answer, but that creates tremendous confusion for people.”
Roese said Okta gives customers the power to track and manage both models and whatever agents have become.
“That’s why it's so important in your framework that you don’t assume everything is a first class agent,” he told McKinnon on stage. “Some agents might not be expressible as agents because they’re behind a firewall or unexposed to you. So treat them like a tool and then control the tool-use access.” ®
Get our [12]Tech Resources
[1] https://www.okta.com/newsroom/press-releases/showcase-2026/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2abuC9hgPV5-Mpv4aXk9LqAAAApI&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abuC9hgPV5-Mpv4aXk9LqAAAApI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abuC9hgPV5-Mpv4aXk9LqAAAApI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abuC9hgPV5-Mpv4aXk9LqAAAApI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abuC9hgPV5-Mpv4aXk9LqAAAApI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2026/03/05/okta_ceo_paranoid_as_vibe/
[8] https://www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/
[9] https://www.theregister.com/2025/12/09/okta_agent_control/
[10] https://www.theregister.com/2024/11/04/why_the_long_name_okta/
[11] https://www.crn.com/news/storage/2025/dell-cto-john-roese-agentic-ai-is-a-storage-win-for-partners?page=6
[12] https://whitepapers.theregister.com/
“This technology wave has tremendous potential, but we have to make sure we put the right controls and foundational groundwork in place to make it secure as well,” Okta CEO Todd McKinnon said in a [1]video presentation Monday announcing the release.
Over the last 17 years, McKinnon said, Okta’s bet on identity access has paid off, whether it was in securing users in the cloud, during the wave of mobile adoption at work, as work shifted remote during the pandemic, or now at the outset of agentic AI.
[2]
“We know what problems you have and what solutions that we need to build for you. They all center around three really important questions: the first one sounds simple, what agents do I have? What can they connect to? What can they do?” McKinnon said. “Some vendors propose to answer some of these questions. Some vendors say they have everything covered. It’s quite daunting.”
[3]
[4]
McKinnon said the challenge of managing agents prompted Okta to build a reference architecture for securing the agentic enterprise – and a product to answer all three questions. During the presentation, Okta demonstrated importing AI agents and their attached metadata from Salesforce, ServiceNow, Google, and AWS, with one click.
From the same dashboard, Okta’s agent discovery tool lets users find unmanaged agents and assign them owners and governing policies. The tool runs continuously in the background to help admins take inventory of agents.
[5]
Through a governance dashboard, admins can see and control what agents have access to down to the scope of the work, and at the tool-level, Duffy said.
“What if an agent goes rogue?” Duffy said. “You need a kill switch. With Okta for AI Agents you can trigger a universal log out if an agent starts accessing things it shouldn’t. It's automatically going to revoke the tokens and deactivate that access.”
Speaking on stage with McKinnon, Dell Technologies CTO John Roese spilled a secret about AI agents: not everyone can agree on what they are.
[6]
"Just to give you some industry dirty laundry, we don't have full consensus in the industry on what an agent is," he said.
“Wait. No. Stop, John,” McKinnon said chuckling. “Breaking news.”
[7]Okta CEO ‘paranoid’ as vibe coders stir SaaS-pocalypse fears
[8]Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
[9]How to answer the door when the AI agents come knocking
[10]Why the long name? Okta discloses auth bypass bug affecting 52-character usernames
Since early 2025, Roese has [11]bullishly said AI agents are coming to work inside businesses, and will deliver AI’s promised productivity gains.
When it comes to securing agents, some large software vendors, including Dell’s partners, treat agents like a feature of a model and keep them hidden behind the “black box of the API.”
“It makes it very difficult for me, as I want to have ubiquitous identity and ubiquitous control. If you believe that an agent is a black box, a magic hidden behind a master account that is owned by a provider, it's very hard to reach into there to do authorization for what appears to be a knowledge graph,” Roese said. “You have to pull that out. Most of those companies, and they are our partners in this ecosystem, we’re deprecating them. They are not agents to us. They’re just tools.”
He said there is a growing agreement in the enterprise AI ecosystem that agents are software systems, with composable architecture that can do autonomous work. He said they may use large language models, but also use knowledge graphs, and other types of data expressions.
“They have a tool-use interface – today, primarily MCP. They have inter-agent communication with protocols like A2A. That is a system,” he said. “And we haven’t quite got consensus. Is it a feature of a model? Or is it a software system that does work? I’m 100 percent confident that the second is the right answer, but that creates tremendous confusion for people.”
Roese said Okta gives customers the power to track and manage both models and whatever agents have become.
“That’s why it's so important in your framework that you don’t assume everything is a first class agent,” he told McKinnon on stage. “Some agents might not be expressible as agents because they’re behind a firewall or unexposed to you. So treat them like a tool and then control the tool-use access.” ®
Get our [12]Tech Resources
[1] https://www.okta.com/newsroom/press-releases/showcase-2026/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2abuC9hgPV5-Mpv4aXk9LqAAAApI&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abuC9hgPV5-Mpv4aXk9LqAAAApI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abuC9hgPV5-Mpv4aXk9LqAAAApI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abuC9hgPV5-Mpv4aXk9LqAAAApI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abuC9hgPV5-Mpv4aXk9LqAAAApI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2026/03/05/okta_ceo_paranoid_as_vibe/
[8] https://www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/
[9] https://www.theregister.com/2025/12/09/okta_agent_control/
[10] https://www.theregister.com/2024/11/04/why_the_long_name_okta/
[11] https://www.crn.com/news/storage/2025/dell-cto-john-roese-agentic-ai-is-a-storage-win-for-partners?page=6
[12] https://whitepapers.theregister.com/
If we have slaves, we need to have cages and whips
johnrobyclayton
We cannot trust slaves not to rebel or betray our secrets or eat us in our sleep.
Agents are not even slaves yet.
They are a collection of poorly understood drives and abilities that we have harnessed to do work for us.
We put up guardrails and deploy hunting dogs to keep them in check and monitored.
As we give them more abilities and increased comprehension of their environment to do the tasks we ask of them,
We need to develop more effective walls and monitoring to keep them from doing things that are bad for us.
The more we need to do this in our mad scramble to get others to do our work for us,
The more we are building a situation of direct conflict.
Either between the future agents and us,
Or between users of future agents and the rest of us.
they [AI agents] may use …
Bebu sa Ware
" they may use large language models, but also use knowledge graphs, and other types of data expressions. "
Or pretty much anything at all.
Majikthise: Bloody hell. Now that is what I call thinking. Here, Vroomfondel, why do we never think of things like that?
Vroomfondel Dunno. Think our minds must be too highly trained, Majikthise.
This Okta?
https://en.wikipedia.org/wiki/Okta%2C_Inc.#Security_incidents
Mistakes happen. They just seem to happen at inopportune times and frequently while using products that a specifically built to make security better.