Okta sees the next AI-agent risk: who gets to take the keys back?
AI agents now need the same security oversight as users and apps.📷 AI-generated image / TECH&SPACE
- ★Okta wants a licensing and identity framework for AI agents operating inside enterprise systems.
- ★Todd McKinnon says customers, including ServiceNow, are asking for a reliable switch to stop rogue agents.
- ★The story shows enterprise security shifting from user accounts toward oversight of autonomous software workers.
Okta sees the next enterprise security problem in a place many vendors still frame as a productivity feature: AI agents are no longer just chatbots waiting for prompts, but software actors that may receive access to systems, data and business workflows. According to The Register, CEO Todd McKinnon says customers, including ServiceNow, want a very plain capability: a way to revoke a rogue agent’s license to act.
That is the colder, more important part of the current AI story. While suppliers sell agents as digital workers that can take over tasks, security teams have to answer less theatrical questions. Who is the agent? What permissions does it have? Who granted them? How long do they last? And what happens when the agent starts operating outside the expected boundary?
Okta’s answer, based on the available description, is not a new magical defense but an attempt to bring AI agents into the same operational regime already used for people, applications and services. Identity is not just user login. In an enterprise environment it is a record of rights, limits, auditability and revocation. If an agent can trigger an action in a system, there also has to be a clear way to remove that ability.
Todd McKinnon says enterprise customers, including ServiceNow, want a way to cut off AI agents before they cause damage.
Access revocation is becoming a core control for autonomous enterprise agents.📷 AI-generated image / TECH&SPACE
ServiceNow matters in this story as a signal, not because it changes everything on its own, but because it represents the kind of customer already thinking about agents inside real business workflows. In that setting, an AI agent does not need to cause a cinematic disaster to become a problem. It is enough for it to escalate the wrong request, pull data from the wrong source, keep executing an outdated instruction or retain access after a project has ended.
That is why the phrase "off switch" is less dramatic here than it sounds. In practice, it should mean an administrative and security mechanism: revoking access, killing tokens, narrowing permissions and leaving a visible record of what the agent did. Without that, enterprises get a new class of accounts that behave actively while being harder to explain than a conventional user or API integration.
Regulatory pressure is only background for now, but the direction is obvious. If AI agents begin making or executing decisions inside business systems, an audit will not be able to stop at the sentence that "the model did something." Someone will need to show who authorized the agent, under what rules, at what time and why access was not revoked earlier.
Okta’s move is best read as early infrastructure for the phase in which agents stop being demos and enter everyday operations. The weakest point may not be model intelligence, but the administration of trust around it. If a digital worker receives the keys to enterprise systems, the company has to know where those keys are, who holds them and how the locks change when things go wrong.
