Okta Calls for Identity‑Fabric Governance to Tame Rapidly Deployed AI Agents
What Happened – Okta’s principal product acceleration specialist, Arkadiusz Krowczynski, warned that enterprise AI agents are being rolled out faster than security teams can secure them, creating blind spots in access, ownership, and governance. He advocated an “identity security fabric” that provides visibility, control, and ongoing governance—including shutdown mechanisms—for AI agents.
Why It Matters for TPRM –
- Un‑governed AI agents can become a supply‑chain attack surface, exposing third‑party data.
- Lack of visibility hampers risk assessments of vendors that embed AI agents in their services.
- Governance gaps increase the likelihood of credential misuse and unauthorized data access.
Who Is Affected – All enterprise sectors deploying AI agents, especially SaaS providers, IAM platforms, and organizations relying on third‑party AI services.
Recommended Actions –
- Conduct an inventory of all AI agents (internal and third‑party) and map ownership.
- Deploy an identity‑fabric solution that enforces visibility, least‑privilege access, and periodic access reviews for agents.
- Integrate AI‑agent governance into existing third‑party risk management workflows and incident‑response playbooks.
Technical Notes – The proposed fabric consists of three layers: (1) continuous discovery of AI agents and their owners, (2) policy‑driven control over applications and data they may access, and (3) governance processes such as automated access reviews and a “kill‑switch” for rogue agents. No specific CVEs or malware were cited. Source: DataBreachToday