New Delhi: Okta’s identity solutions play a vital role in ensuring trust, security, and seamless interactions in the ecosystem. It focuses on leveraging AI-driven identity management to support the evolving tech and startup landscape while addressing critical security challenges. Bhawna Singh, CTO, Customer Identity Cloud, Okta, shares exclusive insights in a detailed conversation with CXO News and APAC News Network.
How do AI agents function, and what role do they play in automating tasks?
AI agents are designed to handle tasks that we would otherwise manage ourselves, enabling us to delegate repetitive work. For example, imagine you want someone to manage your calendar, book travel tickets, or even monitor and manage a stock portfolio. AI agents can take over such responsibilities, automating the process and reducing the need for human intervention.
For instance, if you’re booking a flight, you can delegate that task to an AI agent. The agent will consider factors like price, timing, and preferences you set, then communicate with other AI agents (such as those working for airlines or ticketing platforms) to gather pricing information and secure the best deal. This creates an ecosystem of AI agents, each specialized in different tasks like searching for prices, making bookings, and processing payments.
While AI agents might seem similar to bots, they differ significantly. Bots typically perform simple tasks, while AI agents have specific, authorized purposes with credentials that allow them to carry out tasks within certain boundaries. You might authorize an AI agent to use your identity or payment details for specific tasks like booking tickets, ensuring that the agent operates securely and within the scope of the given task. This ecosystem of interconnected personal AI agents has the potential to transform the way we interact with technology, making it an exciting development for the future.
As autonomous AI agents gain traction, what are the most pressing challenges businesses might face in verifying their identity, and how does this affect trust and security in the ecosystem?
This is a critical question. The key issue with AI agents is trust—why should you trust an agent with your personal information, which, if misused, could have serious consequences? Trust is foundational when discussing identity, which is why AI agents must be properly verified. This means ensuring they are authenticated—can we confirm that the agent is who it claims to be and authorized to act on your behalf? For example, if an agent is handling sensitive information like your Aadhaar card, we must ask whether the agent should have the proper authorization to use and share that information.
Authentication and authorization are at the heart of identity management. As the future moves toward AI agents managing a wide range of tasks, Okta, as a leading identity provider, has an important role to play. We provide solutions for authentication and authorization, which help establish the trust necessary for AI agents to operate effectively. If users can’t trust AI agents, widespread adoption of these agents will be much more difficult.
Can you elaborate on the risks posed by unverified AI agents, such as data breaches and hallucinations, and how Okta’s solutions address these kinds of threats?
The number one risk here is exactly what you mentioned—trust and security. If the AI agent handling your personal data is not properly authenticated, it poses a significant risk. Without proper verification, the agent may not have the right to access that information, which could lead to serious breaches. If you do share sensitive data with an unverified agent, and the necessary data protection and access controls aren’t in place, there’s a risk that unauthorized parties could gain access to that data. Since AI agents communicate with other agents, a lack of proper controls and guardrails can result in data being shared inappropriately, causing a major security breach.
For a rapidly evolving technology like AI agents, if these issues are not addressed, it could significantly hinder adoption. Currently, there’s momentum in the tech space, but if users remain concerned about sharing their data, the usefulness of AI agents will be limited. Without access to crucial data, they can’t act on your behalf. That significantly reduces their value.
Trust is essential for the success of AI agents. We’ve seen this in other technologies, such as Copilot. Initially, many companies were hesitant to adopt it due to concerns about licensing, data indexing, and open-source issues. Over time, as trust in the tool grew, adoption rates increased. The same applies to AI agents. Without trust, adoption will be slower, and the technology won’t reach its full potential.
At Okta, we’re focused on solving these security and identity challenges. By ensuring proper identity verification and implementing strong data protection measures, we aim to build trust and help drive broader adoption of AI agents. Solving these problems is crucial not only for security and privacy but also for overcoming the hesitation that users and businesses may have when it comes to embracing this technology.
What are the key features of Okta’s Auth for GenAI products, and how do they help developers ensure secure and authenticated interactions with their GenAI applications?
Okta’s GenAI platform is designed to provide essential authentication and authorization features, which are crucial for establishing trust in AI applications and agents. This platform is integrated with key technologies necessary for building AI applications, including AI agents. For example, we’ve already integrated with technologies like LAN chain, and we aim to remain neutral by allowing integration with a wide range of technologies. Our goal is to enable developers to use whatever technologies they prefer to build their applications, ensuring those technologies are available on the platform or can be easily integrated.
The platform allows developers to focus on innovation without worrying about authentication and authorization. We handle the security aspects, ensuring that the right protocols are in place. Another key feature is the asynchronous (async) nature of interactions between multiple agents. These agents must communicate securely, with each having the appropriate guardrails, credentials, and least-privilege capabilities in place. These are foundational security principles, and Okta’s platform helps enforce them throughout the process, ensuring that every agent operates securely within these parameters.
What is your perspective on AI adoption in India, particularly in the context of generative AI? Also, India is making significant investments in AI—how is Okta positioning itself to address the unique needs of Indian businesses adopting GenAI and AI agents?
The tech and startup space in India is experiencing hyper-growth, with significant investments and support systems in place that are further enabling this expansion. While AI itself isn’t new, generative AI and conversational AI are the latest trends. These technologies are making AI more accessible by making it more conversational and easier to understand. It’s a two-way interaction: AI can understand humans, and humans can understand AI, which makes it more appealing and further fuels its growth.
As we observe this trend, one notable challenge is the increasing number of cybersecurity attacks. With the rapid growth of technology, especially in the digital space, cyber vulnerabilities and breaches are becoming more prevalent. India is now one of the most targeted countries for cyber threats, with about 3,000 attacks per week, and this number is only expected to rise. As technology advances, these threats will likely grow in intensity.
In this context, Okta plays a critical role. Not only are we addressing issues related to AI, but we also focus heavily on cybersecurity. We often say internally that hackers aren’t just hacking—they’re logging in. They are attempting to mimic legitimate users in order to access systems, steal data, and cause breaches. This is why identity security is so vital. Okta, as a leading identity provider, plays a key role in protecting identities and securing access. We help our customers defend against cyber threats, identity attacks and ensure that their data remains protected. Think of identity as the “front door” to any system, and our job is to make sure that the front door is secure. That’s the space Okta operates in, and that’s what we aim to solve for businesses, particularly in a growing market like India.
How has Okta’s Indian Innovation Center contributed to developing cutting-edge identity solutions, and what role does it play in the company’s global strategy?
The Indian Innovation Center plays a very key role in Okta’s global strategy. Over the past year, we’ve seen tremendous growth, with our team expanding almost threefold to 300 people. Looking ahead, we aim to grow to 500 next year, demonstrating the rapid pace of development here. The key reason for this growth is India’s rich talent pool, and we are investing heavily in it. In addition, India’s growing technology landscape provides us with valuable insights into how Okta can further innovate and contribute to the country’s progress.
Our team in India is working on several cutting-edge technologies that are shaping the future of identity security. For example, we have developed solutions like the Policy Recommender, which leverages AI to recommend the right policies when setting up identity management and security guardrails. This helps enterprise customers by providing personalized policy recommendations based on their needs.
Additionally, our Governance Analyzer and Threat Protection solutions are integral to the security we offer. We use AI to analyze attack patterns and better protect our customers from potential breaches. In situations where there’s a security breach or a vulnerability, our Log Investigator tool helps users investigate faster, reducing the time it takes to analyze thousands of log entries by using AI-driven data analysis.
These innovations enhance Okta’s core focus on identity security and cyber-attack protection. As we continue to expand, the engineers at our Indian Innovation Center will be instrumental in developing more products and features, further strengthening our position as a global leader in identity management.
How does Okta ensure its infrastructure remains reliable and secure while meeting the growing demand for identity solutions in AI-driven environments?
Ensuring the reliability and security of our infrastructure while scaling to meet the growing demand for identity solutions, especially in AI-driven environments, is at the core of our work. We take great pride in our performance, as evidenced by our resiliency metrics. This is a constant focus for us—security, resiliency, and compliance—and we refer to this as our “trust metric.” We continuously monitor these areas to ensure we’re maintaining the highest standards.
What’s critical is how quickly we can address security issues. It’s not just about avoiding incidents, but also how fast and effectively we respond when they occur. We also leverage AI internally to improve our resiliency posture, using smart tools to proactively manage and mitigate potential risks.
Our infrastructure is designed with no single point of failure. We’ve built a stack with replicas in various configurations, ensuring that we have multiple failure zones and failover capabilities. This approach guarantees that if one part of the system experiences an issue, another node can take over, maintaining service availability without disruption. Our goal is always to meet our service standards.
We’ve also implemented robust proactive measures for monitoring, including strong observability capabilities. This enables us to anticipate growth and manage the associated demand. We understand that AI companies, in particular, experience viral traffic, and we’ve built our stack to be elastic—scaling up automatically when needed and downscaling when traffic decreases.
This elasticity is critical, as we’ve seen firsthand with companies like OpenAI, which experienced rapid growth. While such platforms grow incredibly fast, so does our role as the identity provider. We too grew at that pace, adapting to meet the demands of viral growth. What we take pride in is not having anticipated that scale ahead of time but in our ability to build and scale our infrastructure in real-time, alongside our customers’ growth.
What trends do you foresee in identity and access management as AI agents become a standard feature across industries, and how is Okta preparing for this new shift?
The major shift we’re seeing in the tech space is the rise of AI agents, particularly generative AI, and the possibilities it unlocks. These agents are increasingly becoming integral across industries, with some companies even predicting the deployment of billions of AI agents to perform delegated tasks for humans. Okta fully recognizes this shift as the future and is preparing to offer robust identity and access management solutions tailored specifically for AI agents. This includes attack protection capabilities and secure identity credentials for these agents.
Additionally, we are witnessing an increase in cybersecurity attacks, and attackers are already using AI to innovate in malicious ways. For example, we’ve seen deepfake technology being used, and we anticipate more innovations in this area designed to bypass security measures. Okta is committed to addressing these evolving threats by leveraging AI in positive, protective ways. We will continue to innovate in the identity and access management space to safeguard our customers from these increasingly sophisticated threats.
In short, while AI can be used for harmful purposes, we’re actively exploring how to harness its power for good, ensuring we protect our customers from emerging cyber threats. This is an area where we are already experimenting and making progress.
Which industries can benefit from Okta’s AI agents, and how does the platform cater to their specific needs?
We are building a platform designed to make it easier for developers to create AI agents. This platform is industry-agnostic, meaning it can serve any sector. As a neutral and independent provider, Okta’s platform can be leveraged by businesses of all sizes, regardless of the industry. Whether a company is working on AI for healthcare, finance, e-commerce, or any other sector, it can use this platform to focus on its core innovation without having to worry about authentication, authorization, or credential management. Our goal is to streamline the development process and ensure that it is secure, allowing developers to concentrate on what they do best.
Can you share some examples or case studies of how Okta’s identity solutions have empowered businesses to deploy secure and scalable applications so far?
Many companies, such as Zoom and FedEx, are prominent global brands that trust Okta to secure their identity systems. Rather than focusing solely on how Okta operates, it’s more about the trust these well-known names place in our solutions to protect their users. This reflects the responsibility we carry as a provider in the security space, and we approach this role with the utmost seriousness and dedication.
We recently held an Okta event where we openly shared our commitment to secure identity solutions, which includes several initiatives aimed at improving our security capabilities. Among these, we introduced AI-based attack protection to make it easier for our customers to understand and manage security threats. We recognize that not every organization has deep cybersecurity expertise, so our goal is to help them make informed decisions and take appropriate actions when faced with security challenges.
Additionally, Okta’s platform currently blocks approximately 3 billion attacks every month—a number that continues to grow as we enhance our capabilities. This commitment to security means that, while bad actors are continuously finding new ways to attack, Okta is also innovating to stay ahead of these threats and ensure our customers’ data and applications are always protected.
With over 25 years in the tech industry, what lessons from your leadership journey are guiding you in navigating the rapid advancements in AI and identity management technologies?
Reflecting on my experience, there have been pivotal moments that shaped my perspective. For instance, during the Y2K crisis, there was a lot of hype and panic, but in hindsight, it was more of a momentary challenge than a catastrophe. Similarly, when the internet first emerged, many dismissed it as just a passing trend. Today, if we don’t have Wi-Fi, it feels like a crisis, and we can’t imagine life without the internet.
I see the current advancements in AI as another transformational technology. The key lesson is to approach this technology with eyes wide open—recognizing both its potential benefits and its challenges. Technology, when used responsibly, can bring immense value to humanity. The question, however, is whether we are guiding it in the right direction and ensuring it serves that purpose.
As leaders in the tech space, we have a responsibility to inform the public and share our perspectives so that the narrative around AI is accurate and well-informed. There is a lot of negativity and fear-mongering surrounding AI, but every technology has its pros and cons. Our focus should be on harnessing the positive value AI can offer, like automating tasks that improve efficiency and contribute to human progress. As leaders, we must ensure that we are directing AI’s capabilities towards making a positive impact on society.
Bhaswati Guha Majumder
Also Read –
Discussion about this post