Las Vegas (special envoy). During the Cold War, the word “agent” evoked elegance and mystery: James Bond, the perfect spy, or Maxwell Smart, with its lovely awkwardness. Today, the concept changed completely. The new agents are not human, but artificial intelligence algorithms that work tirelessly, 24/7, making decisions and executing tasks for us. And as they multiply, a key challenge arises: protect them.
In the Summit of Las Vegas, OKTA – a leader in identity security, with a market valuation of 15.8 billion dollars – presented its strategy for this new scenario. The objective: Design platforms that allow you to create insurance agents, prevent fraud promoted by artificial intelligence and get them to integrate without friction with current corporate systems.
IA agents are already present in organizations, even if sometimes they are not perceived. They are autonomous programs capable of executing tasks, interacting with systems and making decisions without human supervision. Today they can develop with tools such as Chatgpt, Microsoft Co -ilot, Google, N8N, Dify, Relay and many more. According to OKTA data, 91% of companies recognize that they already use AI agents within their operations. These systems spent in a short time of production laboratory tests, deeply transforming the way we work.
But this accelerated growth has a dangerous side. Only 10% of companies have adequate systems to govern and control how their agents work. This means that millions of “digital employees” operate today without clear credentials, without central monitoring and without defined limits. In many cases, companies themselves do not know the accesses and permits that these programs are using, which generates an enormous exposure and risk of attacks.
A recent example shows the problem dimension. In July, McDonald’s suffered a serious security failure when it was discovered that Olivia, his AI chatbot to recruit employees, had basic vulnerabilities on the platform developed by Paradox.AI. These failures allowed any hacker to access conversations between Olivia and applicants, obtaining sensitive data such as CVS, contact information and responses to personality tests. The most alarming: access could be achieved simply by guessing weak credentials, such as the classic “user” and password “123456”, leaving the information of thousands of aspiring jobs exposed.
Read more: Coreweave expands your agreement with OpenAI with a new contract for 6,500 MDD
Know the identity of ‘digital’ agents in the AI era
“The pressure to be implemented at full speed explains, in part, the lack of controls,” Eric Kelleher, President and Okta COO, told Forbes. “Companies run to show results – cost, cost reduction – and many times deploy agents without understanding the risk. Today what happens is that you simply give your credentials to the agent. For example, if you add a Microsoft agent to Office 365, ask you for your credentials and you admit them. Bad idea. Now your agent has them forever. It is insecure the risk you created. ”
The context is complex because most organizations operate in a hybrid environment, where internal applications with external services such as Google Workspace, Slack or Salesforce coexist. Managing users in both worlds is critical, especially when an employee enters or leaves the company. Without centralized management, accesses can be active and become open doors for attackers.
To face these challenges, OKTA presented a series of solutions that until now applied to people and that will now extend to AI agents. Among them, single login (SSO), multifactor authentication (MFA) and user life cycle automation. The objective is clear: to make each agent have a safe and controlled digital identity.
The company describes this evolution in two great stages. The first, already fulfilled, was to help companies migrate to the cloud safely. The second, where we are entering, seeks to protect a world where human, machines and agents live together.
One of the critical points is the useful life of the agents. Many remain active even when they are not used, which makes them easy whites for attacks. OKTA proposes digital credentials that are automatically destroyed after being used and systems that light and turn off agents according to the need. For example, an agent who helps reserve trips would be active only during the purchase process and then deactivated, reducing the attack surface.
The threat is not only theoretical. The AKA Threat Intelligence program of OKTA monitors global threats and already detected attempts to infiltrate companies through false agents that are passed through real employees. These attacks confirm that digital identity became the new security perimeter, far beyond the physical walls of an office or a data center.
“In Okta we do not think about cybersecurity as an arrival point, but as a constant process,” concludes Kelleher. “Every new innovation brings new challenges. This never ends.”
You may be interested: Threads finally exceeds X: the Zuckerberg platform exceeds Musk’s in daily users
