“Everybody's under pressure to do more with less” - Why Okta says you need an AI agent governance strategy, and sooner rather than later (www.techradar.com)

At Oktane 2025 Okta warned that organizations must adopt an AI agent governance strategy now, not later, as AI agents (or Non‑Human Identities) rapidly proliferate — a recent study found 96% of European businesses expect to use them by 2026. Because agents need broad permissions (calendar, email, payments, proprietary data) they create high‑impact attack surfaces: models are “gullible” and can be manipulated, insiders or threat actors can exfiltrate sensitive information, and poorly configured credentials have already led to mass exposures (e.g., the McDonald’s recruiting incident that exposed ~64 million records). Okta argues that adoption is outpacing governance, increasing legal, financial and regulatory risk across the industry. Okta is positioning its identity platform to treat agents as first‑class identities: discover risky configurations, enforce least‑privilege permissions for limited durations, maintain audit trails, and continuously detect/respond to anomalous or “rogue” agent behavior. It also introduced Cross App Access (XAA) standards to help standardize cross‑app permissions and defensive practices across organizations. For the AI/ML community this signals a shift: agent design and deployment must be integrated with identity and access controls, telemetry for behavior detection, and shared industry standards — otherwise productivity gains from agents will come with unacceptable security and compliance costs.