"By the end of 2026, many of us will have at least one AI-powered agent doing something behind the scenes on our behalf. Within five years, it could be tens or hundreds of agents. They will not only make decisions about what to do (based on their autonomous observations), but they will connect to multiple sources of data (as well as each other) in order to optimize those decisions and other outcomes."
"This future should terrify most organizations that already go to great lengths to protect their digital resources from unauthorized access. As employees are pressured to do more with the help of AI, they'll look to launch these agents and grant them access to whatever corporate resources are necessary. Today's credential for such user-provisioned application-to-application access -- known as an OAuth token -- may be woefully unsuited to the task."
"Several years ago, well before agentic AI was on the horizon, when organizational users granted certain applications, such as Slack, access to their work data, the folks at identity management provider Okta recognized a fundamental flaw in how that access was approved and granted. Identity and access management (IAM) systems, such as Okta's Identity Platform and Microsoft's Entra, serve as central control planes for managing which humans have access to which corporate resources."
By the end of 2026, many employees will have AI-powered agents acting autonomously and connecting to multiple data sources and other agents to optimize outcomes. Those agents will request application-to-application access to corporate systems, frequently via user-approved OAuth tokens. Identity and access management platforms often lack visibility into permissions that users grant to external applications, leaving organizations unaware of third-party access. The scale and autonomous behavior of agents increases risk dramatically, as agents can access and share sensitive corporate data. Okta has proposed a standard to provide organizations greater visibility and control over those permissions and mitigate emerging risks.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]