Oktane 2025: Securing Every Identity, AI, and App

Navigating the complex landscape of identity security now demands a unified approach that protects every user, application, and emerging AI agent. The rapid integration of autonomous artificial intelligence into daily workflows introduces unprecedented security challenges, magnifying long-standing issues of control and visibility across enterprise systems. At Oktane 2025, the focus was squarely on building a cohesive identity security fabric capable of meeting these new demands.

AI agents, which operate with minimal human oversight, are fundamentally changing how tasks are performed and data is accessed. This autonomy, while boosting productivity, creates significant security blind spots. Traditional authorization models, designed for human interactions, are struggling to keep pace. The core problem lies in the fact that these agents move between environments and initiate actions in ways that are incredibly difficult to track or govern effectively.

Legacy consent frameworks, particularly OAuth, reveal critical weaknesses in this new context. Originally built for human-to-app scenarios, OAuth relies on users to grant permissions. However, this model is prone to exploitation, as seen in numerous high-profile breaches where individuals were tricked into authorizing malicious applications. Users often face cognitive fatigue from constant permission screens, reducing their ability to make sound security judgments. Beyond the risks, this also creates a fragmented and frustrating user experience.

The limitations of human-centric models have reached a breaking point with the rise of AI agents using protocols like Model Context Protocol (MCP) and Agent2Agent (A2A). A new standard is required to secure these machine-to-machine interactions.

Okta’s response, developed in collaboration with industry leaders, is Cross App Access (XAA). This open protocol extends OAuth to secure interactions across entire application ecosystems. XAA shifts visibility and control of app-to-app and agent-to-app connections to the central identity provider. This centralized approach ensures that access policies are enforced consistently and are easily auditable. For end-users, it means a smoother experience without repetitive authorization prompts. Crucially, XAA treats AI agents as first-class entities, allowing their actions to be governed and secured just like any human user or traditional application.

Major technology companies are already aligning behind this new standard. Industry leaders such as Automation Anywhere, AWS, Boomi, and Box recognize the urgent need for secure and transparent AI agent interactions. Adi Kuruganti, Chief Product Officer at Automation Anywhere, emphasized that as AI agents handle mission-critical operations, enterprises require complete visibility and governance over every interaction. He stated that Cross App Access provides a critical new standard for building the trust required to securely scale these powerful capabilities.

The overarching vision is to create a security fabric that protects every form of identity, human, non-human, and AI, throughout the entire authentication lifecycle. To make this a reality, XAA is planned for integration into Auth0, enabling B2B SaaS developers to build applications that natively support the protocol. It will also be available within the Okta Platform, giving organizations the tools to enforce consistent policies governing agent interactions across their entire digital estate.

Solving this amplified security challenge is not a task for a single organization. It requires a collective effort, industry-wide collaboration, and a firm commitment to open standards. Only through shared responsibility can we build secure ecosystems that evolve alongside new technologies and threats.

(Source: ITWire Australia)