Software
Okta has announced Agent Discovery in Identity Security Posture Management (ISPM) to enable organisations to discover shadow AI, uncover hidden identity risks and misconfigurations of unknown and known agents, and map agents’ potential blast radius. As a capability of the Okta for AI Agents solution, customers can turn shadow agents into governed assets by assigning human owners and enforcing baseline security policies, leveraging the full power of the Okta platform to discover, onboard, and protect their AI agents throughout the entire lifecycle.
“Identity is the control plane for the agentic enterprise,” said Harish Peri, SVP & GM of AI Security, Okta. “AI agents don’t operate at the network, endpoint, or device layer—they live in the application layer and use multiple non-human identities with broad, long-lived privileges. By discovering and mapping every agent and its permissions, Agent Discovery within Okta for AI Agents gives organisations the visibility and governance they need to secure both sanctioned and shadow AI at scale."
Why it Matters:
Organisations are facing a dangerous accountability gap as "shadow IT" is being replaced with an invisible layer of "shadow AI." Gartner recently reported that 69% of organisations suspect or have evidence of employees using prohibited GenAI tools, and predicted that by 2030, over 40% of enterprises will experience security or compliance incidents directly linked to unauthorised shadow AI.
This visibility drift is driven by the democratisation of agent creation, which allows any employee to provision a digital worker, and by the growing availability of agent builder platforms. The result is a lack of IT oversight into how employees are leveraging unvetted, unsanctioned tools that use OAuth grants to funnel data outside the security perimeter.
Bring Discovered Agents Built on Unsanctioned Platforms under Enterprise Control
Agent Discovery detects OAuth consents and identifies agents on unsanctioned platforms and unvetted agent builders. By surfacing these connections at the point of origin, organisations can gain visibility into the AI tools entering their environment – before they evolve into backend API integrations or complex app-to-app connections.
By integrating with the browser, including Google Chrome, Agent Discovery captures real-time signals to map the relationship between the Client App (the AI tool) and the Resource App (the data source), alerting when unknown agents using unsanctioned tools gain permissions to critical data. From there, it reveals the specific permissions and scopes the agent has been granted, exposing unauthorised apps that bypass security reviews.
“When an employee brings their own AI agents into the workplace, it creates a dangerous blind spot where unmanaged tools connect to enterprise data and systems without oversight,” said James Simcox, Chief Operations and Product Officer of Equals Money. “Organisations need continuous discovery to understand which agents exist, who owns them, and what they can access. It’s exciting to see solutions like Agent Discovery that provide the visibility and control needed to secure shadow AI before it introduces security or compliance risks.”
Once discovered, an organisation can bring these agents under governance by registering them as known, managed identities in Okta, applying secure policies, and assigning human owners.
What’s to Come:
With the risks extending beyond unsanctioned platforms to managed AI/ML platforms and large language models (LLMs), Okta will expand its continuous discovery capabilities to cover ‘crown-jewel’ AI environments. This will enable security teams to turn sanctioned, high-risk identities into governed assets.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
