The fear of AI agents running amok has thus far halted the wide deployment of these digital workhorses, Okta’s president of Auth0, Shiv Ramji, told The Register.

“It is security, privacy concerns like, OK are these systems ready? Do we have the right measures and visibility in place,” he said. “Which is kind of the insight that led us to really accelerate and build these products and get to market faster, because we realized that our customers need us to help them.”

As AI agents begin punching into work, the complexity of putting guardrails around the digital automatons has held them back, agreed Forrester analyst Andras Cser.

“The bottleneck has been largely authorization management and scalability of deployment,” he said.

This puts identity access management vendors like Okta, Ping Identity, and Microsoft Entra ID in the driver’s seat to establish secure, repeatable architectures, Cser and other Forrester analysts wrote in a research report published in November.

“AI agents in enterprise and customer-facing IT contexts will deliver both unprecedented productivity benefits and identity and access management headaches,” researchers wrote. “Because of AI agents’ autonomy and nondeterministic actions, they represent a new type of identity that is neither fully machine nor human. AI agents raise new governance, authentication, and authorization challenges — so IAM architectures and the IAM solutions that implement them must embrace AI agents as a new and unique identity type and protection surface.”

In the paper, Forrester recommends organizations assign AI robots the least agency possible, wrapped in continuous risk management, while securing the intent behind the robot with repeatable architectures that fit existing IAM (Identity and Access Management) frameworks. They also suggest deploying a single IAM architecture that can serve all agent types, and using the Model Context Protocol (MCP) agent-communications protocol as a building block.

Ramji said Okta Auth0 for Agents checks the boxes on that and provides organizations with full auditability of what the agent did on a user’s behalf, which can also be linked to security platforms.

This is key, as the latest fear keeping CISOs awake is guarding internal systems against a horde of overzealous, people-pleasing bots.

“Everything is logged, even if it’s an agent that’s doing a task on your behalf. We log all activity and actions that are being taken by agents. And then those events are then fed into our systems that customers use,” he said. “We also stream these events into other security systems that customers may be using. So sometimes there is one tool for observing all of this. We pipe those events in there.”

Okta, a Gartner leader in identity access and management released its tool – Auth0 for AI Agents – last month after a year of working behind the scenes with developers and users, Ramji said. While the company saw use cases for agents grow, so did fear as AI agents accessed internal tools and resources, including databases, files on a shared folder, and internal knowledge management systems, sometimes repeatedly and for as long as it took to carry out the task.

“These AI apps and AI agents, specifically with generative AI, they are (using) non deterministic patterns. And what I mean by that is you can ask an agent to do the same thing you would do, like, ‘Hey, go book me a flight, or find me a hotel,’” he said. “Or it can do some pretty sophisticated tasks for you.”

While keeping a human in the loop is critical, no agent should have greater permission than the person it is working for, he said. And as agents work within different systems on a user’s behalf, Auth0 built what it calls a token vault to manage and track the agent as it executes its task.

“What it does is allows you to connect your agents securely to different applications so that developers don’t have to manage that infrastructure,” he said. “We do that, and we do it safely and securely so that you can build these experiences where agents can do stuff on your behalf. The way we think about it is we are making it easy for our customers to build agents securely from day one.”

Forrester said, as AI agents authenticate to back-end systems using credentials including passwords, API keys, and PKI certificates, identity access management vendors like “1Kosmos, Microsoft, Okta, and Ping Identity will play increasingly important roles in agent attestation and agent provider registry maintenance.”

Ramji said access management products are setting the stage for a big year for AI agents in the workplace – but having worked through several tech cycles, he’s reluctant to say 2026 is the “year of the AI agent.”

“I think you will see a lot more use cases in production, in part because I think there are security products now that you can use to kind of have guardrails and visibility and I think just consumer adoption is there,” he said. “People are like, ‘Hey, okay, I’m going to interact with agents. So what can agents do for me?’” ®