Okta AI Agents — Identity Sprawl and the Rogue Agent Kill Switch

AI relevance: The identity gap for autonomous AI agents — no agent identities, no token revocation paths — is becoming one of the most concrete operational risks in agentic AI deployments, and Okta's new survey quantifies it at scale.

Key findings

• 92% of executives report moderate or widespread use of autonomous AI agents, but only 22% have identities tied to those agents (Okta, May 2026).
• 58% of organizations experienced an AI-related security incident or close call in the past year.
• 52% of employees admit to using unapproved AI tools, often via personal accounts — the classic shadow IT pattern, now applied to autonomous agents.
• Of those using unapproved AI tools: 54% share internal messages/emails, 45% share HR information, and 39% share confidential documents.
• Only 34% of organizations apply the same security controls to agentic labor as human labor.
• 65% of executives believe their AI usage policies are "very clear" — but 57% of knowledge workers disagree.

The kill switch

• Okta's earnings call highlighted that ServiceNow specifically requested kill-switch capability for its AI Control Tower, relying on Okta to "sever the connections, the access tokens, the actual logical connection at the authorization layer."
• Okta for AI Agents and Auth0 for AI Agents are the company's leading agent governance products, though not yet contributing substantially to revenue.
• Microsoft Entra offers similar capabilities: agents authenticate directly via client credentials flow, with autodiscovery and identity assignment.
• Okta CEO Todd McKinnon reported meeting ~75 of the top 100 accounts and found a consistent pattern: "agents are widely deployed, but the controls around them are immature" — citing examples like Claude Code connected to GitHub and Jira with static tokens on developer machines.

Why it matters

The identity gap is the foundational security failure for agentic AI. Without agent identities, you cannot audit, revoke, or constrain agent actions. Okta's proposed model — placing an authorization layer around agents rather than rewiring each backend system — mirrors the service mesh approach for microservices. But the urgency is different: agents can spawn agents, operate at machine speed, and already have privileged access by default in most deployments.

What to do

• Inventory all AI agents in your environment — including shadow agents running on developer machines.
• Assign unique identities to every agent (service accounts, workload identities, or agent-specific OIDC identities).
• Implement token revocation pathways for every agent — if you can't kill it, you can't govern it.
• Apply the same access controls to agents as to humans — least privilege, MFA for sensitive operations, session limits.
• Audit static tokens used by AI tooling (Claude Code, Cursor, Copilot) and migrate to short-lived credentials.

Sources

• Okta — AI Agents at Work 2026: Securing the agentic enterprise
• The Register — Okta writes its own license to kill rogue AI agents
• CRN — Why Agentic AI And Identity Sprawl Add Up To Massive Security Risk