Back to all videos

91% of companies deployed AI agents. Only 10% secured them

By Silicon Valley Girl

AI SecurityAI GovernanceIdentity Management
Share:

Key Concepts

  • AI Agents: Autonomous software entities capable of performing tasks, making decisions, and interacting with systems without constant human oversight.
  • Agentic Identity: A new classification of digital identity specifically for AI agents, distinct from human or service accounts.
  • App-to-Agent/Agent-to-Agent Connection: A shift in security architecture moving away from simple application-level permissions toward granular, identity-based access for AI.
  • Kill Switch: A security mechanism allowing for the immediate revocation of an AI agent's access and permissions in the event of malicious or erroneous behavior.

The Current State of AI Agent Deployment

The corporate landscape is currently defined by a rapid, competitive race to deploy AI agents to boost productivity. However, this speed has outpaced security infrastructure. Research indicates that while 91% of enterprise customers are aware of AI agents in their production environments, only 10% feel confident that these agents are appropriately secured. Furthermore, 88% of companies experienced an AI agent security incident within the past year, with the vast majority of these breaches going undetected.

The Security Challenge: Autonomous Risks

The primary concern for leadership teams—such as those at Okta—is the potential for autonomous agents to perform unauthorized, high-impact actions, such as mass file deletion or unauthorized financial transfers.

The fundamental shift in the workforce is that companies will soon have more "agentic identities" than human employees. Unlike traditional service accounts, AI agents operate autonomously and often possess privileges that are not fully mapped or understood by IT departments. The current security model, which relies on "app-to-app" connections, is insufficient for managing the complex, autonomous nature of these agents.

The Framework: Identity-Centric Security

To mitigate these risks, the industry is moving toward a framework where AI agents are treated as digital employees. This methodology involves:

  1. Identity Assignment: Every AI agent is assigned a unique, verifiable identity.
  2. Permission Scoping: Agents are granted specific, least-privilege permissions rather than broad access.
  3. Governance: Implementing a management layer that treats agent activity with the same scrutiny as human activity.
  4. The Kill Switch: A critical security control that allows administrators to instantly terminate an agent’s access if it deviates from its intended behavior or exhibits signs of compromise.

Strategic Perspective

The transition to an "agent-to-agent" or "app-to-agent" connection model is essential for enterprise security. By creating and managing a new identity type specifically for AI, organizations can maintain visibility and control over autonomous workflows. Okta’s new platform, "Okta for AI Agents," serves as a real-world application of this framework, aiming to bridge the gap between rapid AI adoption and the necessity for robust, granular security controls.

Conclusion

The rapid proliferation of AI agents is not a replacement for human labor but a multiplier for productivity. However, the "security gap"—where 91% of companies deploy agents but only 10% feel secure—represents a significant operational risk. The takeaway is clear: organizations must move beyond legacy security models and adopt an identity-based governance framework for AI, ensuring that every autonomous agent is authenticated, authorized, and capable of being instantly neutralized if necessary.

Chat with this Video

AI-Powered

Hi! I can answer questions about this video "91% of companies deployed AI agents. Only 10% secured them". What would you like to know?

Chat is based on the transcript of this video and may not be 100% accurate.

Related Videos

Ready to summarize another video?

Summarize YouTube Video