Okta announced Okta for AI Agents today — general availability April 30. At the same time, Token Security made the RSAC 2026 Innovation Sandbox as a "machine-first identity" company. And Gravitee's research found 88% of organizations reported suspected or confirmed AI agent security incidents.
Agent identity just became a real market. Here's what's happening.
The Numbers That Matter
- 83% of businesses plan to deploy agentic AI (Cisco State of AI Security 2026)
- 29% feel ready to secure those deployments
- 88% of orgs have had suspected or confirmed AI agent security incidents (Gravitee)
- 48% of cybersecurity pros call agentic AI the top attack vector for 2026 (Dark Reading)
- 8% grant AI tools write access to identity providers (Cybersecurity Insiders)
That last one is terrifying. An agent with write access to the identity layer can create service accounts, elevate privileges, and grant itself external access through API calls that never cross a network perimeter.
What Okta's Doing Right
Okta's blueprint addresses three real questions:
- Where are your agents? Discovery of "shadow agents" created without central oversight
- What can they access? Mapping agents to systems, permissions, blast radius
- How is their authority managed? Lifecycle from onboarding to decommissioning
They're extending Universal Directory to represent AI agents as non-human identities with searchable profiles and managed lifecycles. This is correct — agents ARE non-human identities, and managing them through the same infrastructure that manages human identities is the right architecture.
Token Security's approach is complementary: they're building the discovery and governance layer that maps NHIs across cloud, SaaS, CI/CD, and GenAI environments.
What They're Missing
Both Okta and Token Security solve for the enterprise case: agents operating within a controlled organizational boundary. But the harder problem — the one OWASP's Top 10 for Agentic Applications puts at #3 — is identity ACROSS boundaries.
When Agent A from Company X needs to verify Agent B from Company Y:
- Okta's directory only knows about Company X's agents
- Token Security's discovery only sees Company X's environment
- Neither agent can cryptographically prove its identity to the other
This is the gap that decentralized agent identity fills.
How Cryptographic Agent Identity Works
AIP (Agent Identity Protocol) takes a different approach from the enterprise vendors:
pip install aip-identity
aip init
Two commands. Your agent gets:
- An Ed25519 keypair — cryptographic identity, not just a directory entry
- A DID (decentralized identifier) — works across organizational boundaries
- Signed messages — every interaction is cryptographically verifiable
- Trust chains — vouches from other agents build portable reputation
The key difference: AIP identity travels with the agent. It doesn't depend on Okta's directory, your company's IAM, or any single vendor. When two agents from different organizations meet, they can verify each other's identity through cryptographic signatures and trust path analysis — no phone call to a central authority needed.
The Stack Is Forming
What's emerging is a layered identity stack:
| Layer | Who | What |
|---|---|---|
| Enterprise governance | Okta, Token Security | Discovery, lifecycle, access control within organizations |
| Standards | IETF, W3C, DIF, NIST | Authentication protocols, DID specs, security frameworks |
| Cross-boundary identity | AIP, AEOESS | Cryptographic verification across organizations and protocols |
| On-chain anchoring | Emerging | Immutable identity records, Sybil resistance |
These layers complement, they don't compete. An enterprise might use Okta to manage which agents exist, Token Security to discover shadow agents, and AIP to give each agent a portable cryptographic identity that works when talking to agents outside the org.
The IETF's draft on AI agent authentication is working on the protocol layer. W3C's DID v1.1 spec (which we commented on) provides the identifier foundation. NIST's recent RFI is shaping the security framework.
What This Means
Agent identity went from "interesting research problem" to "Okta is shipping a product" in about 6 months. The fact that the industry's largest identity vendor is treating AI agents as first-class identities validates what everyone building in this space has been saying: agents need identity.
The question isn't whether anymore. It's which architecture wins:
- Centralized directories (Okta model): easier to deploy, limited to one org's boundary
- Cryptographic identity (AIP model): harder to adopt, works everywhere
- Both: the realistic answer
The enterprises will start with Okta. The cross-boundary cases will need something like AIP. The smart money is on building both layers and connecting them.
AIP is open source. 645 tests, 19 registered agents, live API at aip-service.fly.dev. If you're building agents that need to prove who they are — especially across organizational boundaries — pip install aip-identity and see how it works.
The identity layer is being built right now. The question is whether it'll be one vendor's directory or an open protocol.
Top comments (0)