As AI agents become more autonomous, a critical question emerges: How do you apply Zero Trust to an identity you can’t see?
Many organisations are now recognising a growing blind spot around AI agent security incidents. Many of these agents operate with privileged access but without a formal identity, creating significant risk.
That's why I'm excited that Okta unveiled a new blueprint on March 16, to tackle this head-on. This is about treating AI agents as first-class, non-human identities and applying the same Zero Trust rigor we use for people.
Here’s the core framework behind Okta for AI Agents (launching April 30):
✔️ Where are your AI agents? Discover both authorised and “shadow” agents by onboarding them as distinct identities in your Universal Directory.
✔️ What can they connect to? Govern connections to resources like Vertex AI, BigQuery, and AlloyDB through a centralised Agent Gateway that enforces least privilege.
✔️ What can they do? Control and audit agent actions with automated workflows, detailed logs, and a universal “kill switch” to instantly revoke access.
For teams building on Google Cloud, this means we can finally integrate AI agents running on Vertex AI with backend systems like BigQuery or AlloyDB under strict, auditable identity governance. It’s impossible to secure what you don’t know. 🚀
Teams that establish strong identity governance for their AI agents now are building a more secure and resilient foundation for the future.
I’m looking forward to discussing how this framework fits practical deployments across Google Cloud and Okta. If you’re planning to bring your AI agents under control before the April 30th GA, I’d love to hear your thoughts.
#Okta #GoogleCloud #IdentitySecurity #AI #ZeroTrust #IAM #VertexAI