Oktane 2025: Identity Security Fabric and AI Agents Shape the Future of Digital Security

In Oktane 2025, Todd McKinnon, CEO and co-founder of Okta, shared a clear vision of the present and future of digital security: in a world dominated by artificial intelligence, identity security is AI security.

The challenge: Innovating without compromising safety

McKinnon acknowledged a tension that all organizations face on a daily basis: embracing the accelerated innovation that AI brings without sacrificing the security and trust that underpin the business.

“AI security is identity security” was the key phrase.

The AI agents are now a new form of identity: they can access data, systems, and APIs and act on their own behalf or on behalf of a company. Without an appropriate framework, they represent the equivalent of an “automated insider threat”, capable of operating on a large scale.

The Identity Security Fabric is born

The big announcement during the keynote was the introduction of a new category: Identity Security Fabric.

A unified framework that:

• It integrates all identities (employees, customers, contractors, machines, and AI agents).
• Covers all use cases: access, privileges, governance, and protection.
• Eliminate silos and fragmentation by consolidating security into a single cross-functional layer.
• Orchestra and Share risk signals in real time, enabling automatic actions such as universal session locks in response to threats.

The goal is ambitious but necessary: zero identity-based attacks.

Keynote 2: AI Agents, Cross-App Access, and the Fabric in Action

The second keynote reinforced this vision, illustrating it with specific examples using AI Agents and the new Cross-App Access (XAA):

• AI Agents as New First-Class Entities
  Now the Universal Directory and Okta governance enable the discovery and registration of invisible agents, eliminating static credentials and assigning them an owner and a controlled lifecycle.
• Identity Security Posture Management (ESPM)
  Detects exposed service accounts and credentials used by agents and converts them into governed identities. This prevents shadow IT risks associated with agents.
• Cross-App Access (XAA)
  A new open protocol developed in collaboration with the IETF and the OpenID Foundation, which ensures agent access with centralized policies in real time, without relying on insecure consents or fragile tokens.
• Extending Fabric to Critical Resources
  Integration with Google Chrome Enterprisewas announced, bringing the Identity Fabric to the browser itself, and the expansion of governance to external clients and partners, reinforcing trust in the digital chain.

Key Innovations at Oktane 2025

• AI Agents as first-class identities on the Okta platform.
• Cross-App Access (XAA) as an open standard for securing agents.
• ESPM for visibility and control of at-risk credentials.
• Governance extended to customers and partners, not just internal employees.

On the first day of Oktane 2025 , it became clear: the path to AI innovation lies in building a robust Identity Fabric, capable of governing both human identities and AI agents, and to rely on open standards such as Cross-App Access to ensure a future free of identity-based attacks.