Oktane . Wow. This is amazing. Thank you so much for being here, customers, partners. We love customers. We love partners. Investors, we love investors. Competitors? Hey, don't laugh. They have to figure out what they're going to be working on for the next few years. We're happy to share all of our hard work with all of you. We're very excited. My dad is here. Welcome to Oktane , Dad. Nice to have you here. This is very cool. So in the room, it's official. I got the update. This is the biggest in-room crowd ever for Oktane . Bigger. Yeah. Bigger. It beats the record of 2019, which was the previous record. So I think that means COVID is officially over. Congratulations, everyone. We are thrilled to have you here for the most important security event of the year.
Last year, I told you a story of how Okta was on this journey to be the most secure company in the world. This year, the story is about how Okta is still on that journey and is working on and made a lot of accomplishments toward being the most secure company in the world, but also how we're doing that and embracing and transforming with AI. Because there is a huge opportunity, this is the most obvious statement I'll make today, but there's a huge opportunity for all of us with AI. It's the biggest platform shift since the internet. It's bigger than mobile. It's bigger than cloud. It's bigger than social. The opportunities and the potential is amazing. We see it in the products we use. We hear it in the headlines we read. Do you read these headlines? I feel like I should just be doing more.
I should be doing more with Okta. I should be leading. We should be adopting more AI. We should be putting in our products more and more and more and more and more. I feel like if I haven't built a company worth $1 trillion or I haven't built a $500 billion data center, it's like, what am I doing with my life? Does anyone else have this FOMO about AI? This is a common thing, FOMO. And I thought about, like, what's going on here? What's the tension? And it's really this: Okta has spent the last few years on this journey to be the most secure company in the world. And that's really driven our priorities and what we've focused on and what we've invested in.
And we have to figure out how we do both, how we innovate with AI and how we continue on this journey to be the most secure company in the world. And it's a tension that we all face every day. I know because in my conversations with you, it comes up over and over again. It's easy to fall in the trap of one extreme, either complete lockdown mode and totally focused on security, or the other way where you're being fast and loose and innovation at all costs. And we all know that we have to do both. We have to balance. We have to strike the right balance. We have to innovate and be secure. Every company struggles with this. Don't feel bad about it. Don't feel guilty. We have to figure out how to do both.
At Okta, our foundation, our bedrock, our core priority is incredibly clear. It starts with the Okta Secure Identity Commitment, which is our long-term commitment to lead the industry in the fight against identity-based attacks. This is how we do it. When we think about this tension about balancing innovation with AI and about security, we had this key revelation, which is the thing we've been focused on is actually the unlock to do both. This is how we innovate without compromise. The Okta Secure Identity Commitment has four pillars, from building industry-best products and making sure those products are secure by default, to hardening our corporate infrastructure, making sure it's the most secure in the world, to championing customers' best practices. Because if it doesn't all work for you and it's not easy to adopt and deploy and get value from, it doesn't work.
And finally, to elevate the whole industry in the fight against these attacks. We launched this initiative formally over two years ago, and we have poured our blood, sweat, and tears into this. One way to quantify it is it's added up to over two million hours in two years, two million hours in two years. And we're very proud of the progress here. And when you write it down, it's a lot of stuff. It's a lot of stuff. But that is what is required from a company like Okta. That is what is required, and that's what we have, that's what we've been doing. It's not just about security and locking it down. It is the unlock to how we reach the potential of AI, how we help the entire industry reach this potential.
Being secure, the Secure Identity Commitment is the key to the future of AI security and to AI. You know what? What do I mean by this? Well, nothing like a great example. And we recently saw a very important and poignant example. It's a major industry-wide breach. I'm sure many of you were involved and impacted in some way, shape, or form. This is a breach of an AI agent. And this AI agent was used to automate marketing. So companies used this agent, and it sat on their website, and it helped prospects learn about the company and create sales leads and automate the marketing process.
And the company that builds this agent was hacked, and the hackers got the access tokens that this agent used to connect to the SaaS application of hundreds and hundreds of companies, hundreds and hundreds of SaaS applications on hundreds and hundreds of companies. I'm sure impacting many people in this room. I share this story for two reasons. The first reason is it's a very strong demonstration of the work we've done at Okta to harden our corporate infrastructure. We are customers of this AI agent. And because of the work we've done to harden our corporate infrastructure, we were not impacted by this breach. We were not impacted. So thank you. Thank you. I appreciate that. I don't share this. This is a really bad situation for the entire industry. And I don't share this story to celebrate this whole thing happening.
But a lot of times, hardening corporate infrastructure and focusing on lockdown security mode, it's hard work. It's focus day after day. It's prioritizing. It's having an amazing team that can get things done, can make hard projects amongst many dependencies in challenging times. And this focus and this dedication directly impacted Okta being protected from this issue. So it's nice sometimes to see success be demonstrably apparent when many times security work, as you know, is the best thing that can happen, is you never hear anything about it. So that's the first reason I share it. Now, the second reason is that this is an example of what can happen in our industry without the right security for AI agents. Think about this breach. This is an AI agent. If every agentic system has breaches like this, AI is not going to reach its full potential.
It's not going to happen. People are going to be scared of it. Companies are going to be afraid to adopt it. We have to fix this problem. We have to elevate the industry. We have to show the industry a better way. If you think about what's going on here, this AI agent and many other AI agents, they are a powerful new identity type, a powerful new identity type. They can act independently on their own or on behalf of a user or a team or a company. They can access tools, applications, and data. They can plan and complete tasks on their own. They're kind of like a piece of software, kind of like a system account, kind of like a person somewhere in between, and the pace here of innovation is absolutely stunning. We all see it.
So it's not surprising that many of you are making AI agents the number one priority in your entire technology investment. And now these AI agents and the potential here and the potential benefits, they are getting very, very powerful, and it's happening very quickly. If you think about just five years ago, the complexity of a task that an agent could complete would be something that would take you about nine seconds. Think about adding the last sentence to your email. Now, just in five years, it's dramatically different. AI agents can complete tasks on their own that would take you two hours. Think about kind of a medium complexity support issue where you have to look at the support database and interact with the customer and then solve that issue.
So, key here as this improvement happens is that agents need access to more and more data, more and more data, more and more access, which means it's very important that these AI agents have an identity in the sense we talk about identities. And that means that without identity security, AI security collapses. So, AI security is identity security. You can't be successful in one without the other. AI security is identity security. So, to understand why, think about the complexity you are already facing. I know it's something you think about all the time. You're working with it every day. You have identities. You have employees, customers, partners, non-human identities. You have various tools from different identity vendors that connect the identities to your resources, the resources. They're absolutely critical. It's your applications. It's your data. It's your business processes. It's your APIs.
It's the things that power your business. And this could be thousands, even for a medium-sized company. It's a big challenge to stitch all this together, this web of complexity. Now, you take this complexity and you layer on top of it a million agents. And these agents, they need to connect to everything, just like your people do: machines, servers, APIs, data, customer data, other agents, identities. This results in even more and more complexity as it all mixes together. But complexity isn't the only challenge here. Agents, to be most effective as they get more powerful, need broad and persistent access. My friend, Steve Williams from NTT, Steve's here, I think. He had a great line about this.
We were talking and he said, "Todd, it's like you take an insider threat and you just put it in your company and give it all the access it needs and let it run wild." I thought that was an interesting way to think about it, scary but interesting. So there's enormous risk here. And this isn't some abstract concept that a CEO of an identity company is up here trying to scare you about. This is happening now. The risk is real now, and we're seeing instances of this every day. This is an example of one of the world's best-known restaurant chains. They implemented an AI agent. This agent sits on their website and helps job applicants who want jobs at the restaurants learn about the positions. The person gives information to the agent. The agent lets the person apply for a job, automates this important process.
It's an important process. This company needs great people to work in their restaurants. Now, they implemented the agent in such a way that attackers could trick it into disclosing the password for the back-end administrator account that the agent connected to. And guess what the password was? So I understand you think this is like for humor. And I will just say, like, take a step back and think about what's going on here. I don't have any inside knowledge about this, but I bet you something like this happened. The CEO of this company, the board of directors of this company, is pushing the team to adopt AI, adopt AI. What are we doing with AI? Has anyone heard this? What are you doing with AI? Adopt AI. And so these hardworking, smart people built this great AI agent.
And they probably took it to a meeting and said, "Look what we have. And I'm doing this at Okta. I'm saying, what do we have? What are we doing? What are we doing with AI? I don't want to miss out." And I'm sure you're doing it to your teams and your boss is doing it to you. And so this team took what they had and the boss said, "Put it in production now." And the teams look at each other like, "I'm not sure it's ready." "What do you mean it's not ready?" "We're going AI." So they put it in production. And so it's not a surprise that this happens. And now the threat actors have access to 64 million records about chats and conversations and personal information. It's a big issue. So we have to help.
We have to do a better job here as an industry to make these kinds of things successful. Because if we don't, AI is not going to reach its potential. So it's not just a one-off incident. The government of the United Kingdom organized a big red teaming exercise, which means a bunch of people got together and tried to break into systems so they could find the vulnerabilities before the bad guys did. And these weren't against AI agents built by a restaurant company. These are some of the most well-known AI agents that we all use. And guess what they found? In almost all of them, the same kind of issues: overly permissive access, not clear deployment patterns, which led to the ability to compromise these actions. And without the right identity controls, this is a big problem.
If we don't do something differently, we're at a risk of taking a step backwards 10 years in all the security progress we've made. We've done such a great job with phishing and cross-site scripting and building more secure web apps. This is the potential to throw it all away, which is we can't let that happen. This means AI security is identity security. It's the key to agent security and the entire AI security world. And we face these clear and present challenges today. I'll share another very memorable story from my conversation with a customer. This customer is a great Okta customer called Emerson Electric. And I was talking to Matt and Scott, and we were talking about this pressure they feel, like, "Do more with AI." They had offsite meetings, and they said, "We got to get together.
We got to do more with AI." Of course we do. And they looked at me and they said, "Todd, we want to do all this stuff with AI. If we don't get our identity foundation in order, we have no shot. We have no shot. It's not going to work." That really stuck with me. And you can't address this issue with a grab bag of standalone identity tools. This requires a completely new category, a unified approach that simplifies control and strengthens protection. Now, a key thing here is that it's got to be comprehensive. It's got to cover everything. No gaps, no little wedges for any kind of threat to sneak through. It's got to cover every identity type, every use case, and every resource. It's called Identity Security Fabric, and it transcends previous identity categories. And the goal here is very simple.
The goal here is zero identity-based attacks. It's a unified approach that's deployed across every identity type: employees, customers, non-human identities, partners, contractors, every identity use case, governance, privileged access management, access management, threat protection, posture management. These are not individual products. They're really features of a bigger category. And it's integrated across every resource: apps, infrastructure, databases, APIs, everything. No gap, no wedge to sneak into. And it has to be fully shipped. It has to ensure that you are fully secure. And it can do this with the ability to orchestrate across the fabric. So the left hand knows what the right hand is doing. It can share risk signals, so coordinated defense against attacks. And you can take actions like automating universal logout when any kind of threat emerges. This is what you ask us for every single day.
You don't want 50 different solutions from 50 different identity vendors. Now, this idea is what I've been doing my entire career. Okta is my third job. My first job was at a company called PeopleSoft. It was in the ERP category, unifying HR, financials, manufacturing. My second job was at Salesforce in the CRM category, unifying sales, marketing, service, and support. My third job is at Okta. The category is Identity Security Fabric, and we're unifying access management, privileged access management, identity governance, posture management, identity threat protection. It's a new category. Now, it's bigger than just Okta. It will require the whole industry to work together to make this a reality. But it's our North Star. We are continuously chasing this vision, this dream, and innovating as technology evolves.
This is absolutely critical to our overall vision as a company, which is to free everyone to safely use any technology, and this vision is, it's more relevant and more urgent than ever in this new age of AI and all the potential that we're surrounded by. For us, securing AI agents is just like securing any other type of identity, and it's what we were built to do. Today, we are unveiling three important innovations that will help all of us address the challenges of agentic security. The first is how you can bring your identity security fabric to life by bringing AI agents into the Okta platform. Second is how to strengthen the identity security fabric with open industry-leading standards for AI agents, and third, how you can easily build fabric-ready agents with the Auth0 platform. It all starts with the Okta platform.
It's the best, it's the fastest, it's the easiest way to build an Identity Security Fabric. It's the only modern, fully integrated, scalable cloud-based platform. It's purpose-built for IT and security teams. Individually, the products in the Okta platform are excellent. But together, they are spectacular and enable use cases that were never before possible. And it does this in an independent and neutral way that is integrated to everything. Over 8,000 integrations in our Okta Integration Network. We don't have an opinion on which technology you choose. We focus on identity and leave the choice of technology up to you. There's no lock-in. There's no forcing of any direction of technology. So the simple way to put it is the Okta platform, it brings your Identity Security Fabric to life. That's how you simplify control and strengthen security as your environment grows.
It takes you from this multi-vendor fragmented approach to consolidation on a single identity platform. Of course, a key feature of the Okta platform is that it continues to adapt and evolve as the technology world changes and new technologies emerge. And that's why we're making AI agents a first-class identity in the Okta platform. This means every use case in Okta will support AI agents, from storing them in Universal Directory to discovering them with Identity Security Posture Management, to managing their access with Okta Identity Governance, to manage their access to critical resources with Okta Privileged Access. You can think about this like you've put people in Okta forever and had visibility and governance and control. And now you can do the same thing with AI agents, all with total flexibility that you would expect from Okta.
Now, in an AI world where the technology is rapidly emerging and adapting and changing every quarter, Okta is your AI partner. We focus on the fundamentals, the fundamentals of identity, governance, visibility, control, and free you to choose whatever emerging technology in this dynamic landscape that serves your needs the best. You need a partner that will take care of the basics and free you to choose. Okta does that for you and makes sure that your choices are future-proof. So one concrete example of this is with one click, you can bring any AI agent into Universal Directory. You can decide what's the right source of truth. Should that come from Salesforce? Should that come from an agent you build yourself? Should that come from ServiceNow? Should that come from Workday? The choices are dizzying. You can choose, though. You can choose.
We'll take care of the visibility, the control, and the governance, just like any other type of identity, which is what we do for you. This unified approach will make sure you have a great cyber posture and be free to innovate with AI to meet your business objectives. To get AI right, you have to get identity right. To get AI right, you have to get identity right. And the Okta platform makes that possible by bringing your Identity Security Fabric to life. Now, the Identity Security Fabric is only as complete as the standards that link it to all of your identities and all of your resources together in your environment. We love standards. Everyone knows their value. You get in your car, your phone seamlessly hooks up to your Bluetooth, well, sometimes it does. We're still working on that one. Standards make the internet possible.
And now it's especially important in an emerging new area like AI agents. Standardization gets everyone on the same page about where to innovate, who's doing what. It's key as these technologies evolve. Now, you can't have a comprehensive Identity Security Fabric if your identities and your resources aren't speaking the same language. So let's look at a concrete example here of an area that needs to standardize. Everyone that's implementing agents, whether you're a SaaS company or whether you're building your own, is doing the security and the access control slightly differently. It's hard-coded, and it can be brittle and error-prone, as we've seen if you move it from development environment into production. When something goes wrong, there's a lack of visibility because guess who has to clean it up? IT security, IT and security.
And they go to clean it up, and it's not clear how it was implemented. It's not clear what can access what. So there's a big opportunity to standardize that. And so there are a lot of standards in the AI world, but there's a missing standard here. And that's why Okta are working with the standards bodies to propose a new standard we call Cross-App Access. It's focused on security and access. It lets IT and security teams set the access policies upfront for these AI agents, which makes it open and transparent and visible to everyone involved. You're clapping for the standard? Okay. This is like a, it's my kind of crowd. It's my kind of crowd. You see the value in it. It's kind of down in the details, but you see the value in it. And so you get this visibility.
You get to set things up beforehand. And most importantly, a lot of ways people do this now is that when the agents start being used, they ask the users to allow all these grants. And you get this prompt that says, "Do you want to allow access to your calendar from this agent?" Yes, yes, yes. It's complexity for the end user, and there's a total lack of visibility as things progress. So we've been working on this for a couple years now, and we're partnering with the IETF OAuth Working Group, other ISVs, and others across the industry to pioneer this new open protocol. That open protocol part is very important. And we're seeing a ton of support across the industry, technology providers signing up and getting involved here and being on board. Now, why? Why are they doing this? These people are all busy.
They're trying to push their businesses forward. The reason why is because they see the problem, and they see the opportunity. They see their AI technologies going into these companies, and they see the friction, and they see the confusion, and they see the security issues, and they see this protocol as a way to free that up and have their technology deployed. They see it as an unlock for the entire industry, and that's why they're so excited. And it's not just these listed here. There's dozens more who recognize the power here and the value of securing the agentic future with a protocol like this. So this standard is necessary and important, but it's also kind of a continuation of what we've always done. We work with standards, and we kickstart standards from the beginning, whether it's WSFed, SAML, or OpenID Connect.
Last year, I spent a bunch of time talking about our pioneering work on an open standard called IPSIE. We're really excited how much progress IPSIE has made. The OpenID Foundation, technology providers, and a bunch of you in the room have worked together to publish the first draft of IPSIE's Session Lifecycle 1, which delivers standards-based single sign-on, enforceable session lifecycle, and transparency into authentication methods. Now, this is just the beginning. We're already working with everyone involved on higher levels to add even more use cases, to standardize how technology works with identity, make things more secure. It's a very important thing we're working on. If you want to hear more about this, there's a session this afternoon with Gail Hodges, the OpenID Foundation's Executive Director. So it's very exciting progress.
It's important work because it's key to shaping the future of identity in the age of AI. And we're not stopping there. There are more standards to create. There's more innovation to push forward. We have a playbook for it. And it starts with working with standards bodies, working with the community to crystallize these areas that need to be standardized. And then we build them into our products. We build these standards into the Okta platform. We build these standards into the Auth0 platform. And then you adopt them, and you get the benefits, the security benefits of these open standards. And users of these products and technologies demand from the technical community that more and more people support them. And so the people building technology look at the open standard and say, "Oh, I'm not going to get locked in. I can add that.
That's going to solve this problem of agentic access or identity management in the enterprise. "So I'm going to implement it." And that leads to more customers successful. So what you see here is this flywheel, this flywheel that spins, and it benefits everyone toward the goal of zero identity-based attacks. It's a powerful motion. It's happening, and you're all part of it. So it's very exciting. Now, a critical part of this entire playbook is making sure that developers can build with these standards from the start. And that brings us to our Auth0 platform. The Auth0 platform is purpose-built for developers, whether that's a developer building a service or agent or application to sell to customers, or it's a developer inside a company building applications, services, and agents for internal use. Auth0 works amazing with every programming language, every platform, every framework.
You can use it in really bite-sized components. So you can use it where it helps and where you don't want to do your own thing. It gets out of every way. It's perfect for a developer. And of course, it's all based on the solid foundation of security and reliability. Now, for years in the Auth0 platform, we've made sure that developers could build every application standards first. And we've made it very easy by including them in Auth0. And today, we're taking that journey even further by delivering inside of the Auth0 platform cross-app access support out of the box. So yeah, if you clap for the standard, you have to clap for the implementation in our products. It's a rule. It's the rule of clapping.
So whether you're building an agent or you're building agentic services, which is something that an agent talks to, you can make sure that they're fabric-ready out of the box with the right levels of security and the right level of visibility. Now, to bring it all together, here's a summary of everything we've covered so far. The Okta platform brings your identity security fabric to life. Open industry-leading standards like cross-app access help everything in your fabric from the identities down to the resources, making sure they all speak the same language. And the Auth0 platform makes it incredibly easy to build fabric-ready agents and agentic systems. Now, together, all of this ensures that you can build, deploy, and manage AI agents safely, securely, and at scale. Now, let's see all of this in action. So join me in welcoming to the stage Harish and Mallory to show you what this all looks like.
All right. Thank you, Todd. What's up, Okta? How are we feeling? Good. I couldn't hear you. How are we doing today? Good. That's what I'm talking about. All right. So in the next few minutes, Mallory and I are going to walk you through what it's like to bring AI agents directly inside the Okta platform into your identity security fabric. The thing is this. From every single one of you, you're hearing the same thing. We want to roll out agents really fast, but we're struggling to balance innovation and security. And specifically, we hear the same three things over and over again. The first is visibility. Where are all these agents that are in my org? The second is control.
How do I ensure that it's only accessing exactly what it's allowed to access? And the third is governance. How do I ensure that over time, I don't end up with agentic sprawl? Well, the good news is this. For the last 16 years, Okta has been solving this exact problem for human identities, and now we can do the same exact thing for AI agents. Let's see how. We're going to start with visibility. This is your AI agent directory. If this screen looks familiar, it should. This is the same Universal Directory that many of you use on a daily basis. And now you have AI agents right alongside people and groups. That's because AI agents are a first-class identity now in the Okta platform. Let me repeat that. AI agents are a first-class identity in the Okta platform. That's right. Give it up for Universal Directory.
That's right. U.D.'s in the house. Okay. Now, there's a lot of agents here. There's agents for customer support. There's agents to record video calls. And what's great is these agents were built on different platforms, like LangChain or Vercel or Writer. And they also live in different platforms. Maybe they're in ServiceNow. Maybe they're in Agentforce. It doesn't matter. Okta integrates to all of these, so you don't have to worry about future-proofing. We got you. Don't worry about it. But there's one more important thing. You can see the users that actually own these agents. Now, it's very important when it comes to closing the accountability loop and knowing who's actually responsible for this agent. Now, let's click into one of these agents, the customer support agent. This is a use case we're all familiar with.
This is a very powerful agent that needs access to Service Cloud. It needs access to PagerDuty to do its job. But what's great is I can see a description of the agent. I can see the users that own that agent, and I can see the users that have access to that agent. This is the point. It's complete visibility in one place, so you know everything that's going on with your agent right inside the Okta platform. So that was part one. That was visibility. Let's keep moving. Let's look at the next piece of puzzle, which is control. Now, as Todd said, an agent is only as powerful as the underlying apps and data and resources that it can access. The access is great. It lets the agents move fast, but it creates a big security hole. But if you remember, if you remember, I'm testing you.
I just said agents are now a first-class identity in Okta, which means with managed connections, I can actually control exactly at a fine-grained level what's going on with these agents. Think of this screen like the single sign-on screen for an agent. A lot of you have the SSO screen that you use to get into the various applications with Okta. This is exactly that for an AI agent. Now, what's even better is I can see all of these agents' connections in one place. I can see its service accounts. I can see its API keys, and I can see its direct agent-to-app connections.
This last one is powerful, but also dangerous because if you're a motivated hacker, which none of you are, but if you're a motivated hacker, you can ride that direct agent-to-app connection directly to get the agent to spit out some sensitive data or take a malicious action. It's very dangerous stuff. But fear not. This agent supports cross-app access, which means the IT team can control at a very fine-grained level exactly what this agent has access to. So in this case, it has read access to Google. It has read-write access to Jira. And what we've done is we've shifted what is normally embedded hidden risk. We've shifted that into the hands of the IT team. And in doing so, we've actually eliminated a critical attack path. Now, control is more than just about what this agent can access.
It's also about staying on top of where this agent is going, and to get a deeper look at that, I can actually go to my system logs, and I can get a detailed audit trail of everywhere this agent has been in my organization. Now, this screen is more than just some great graphs and some details. This data can be streamed to my security operations team so they can stay one step ahead of potential attackers. I want to make a very important point here. Agents are now in the Okta platform, which means your IT teams, your security teams, they can move from being reactive to breaches and move into a place where they're proactive and staying one step ahead of threat actors and take care of their organization's security. All right. I mentioned three things. Let's look at the third piece, which is governance.
Now, a lot of you are telling us this. Agents are moving rapidly from development to production. That's great. Keep innovating. You do you, but you have to stay secure. And one of the big problems with agents moving really fast into production is the risk of agentic sprawl. What that means is what if you have an agent that is no longer needed but still has long-lived overprivileged access to sensitive resources? That's the definition of sprawl. But again, agents are in the Okta platform, which means Okta Identity Governance can fix that. In OIG, I can run a simple access review to understand, for example, who has access to Salesforce. And this review shows me my human users, but it also shows me the AI agents that are accessing Salesforce. Even better, I can see the original owner of that agent.
Remember when I called out the owner in Universal Directory? That's why. Closing the accountability loop. But beyond that, I can see the entitlements of this agent. I can see a risk level. And Governance Analyzer with Okta AI can show me a recommendation of what exactly to do with this agentic access. I may want to revoke it, or I may want to keep it. The point is the end user has the data they need to make the right decision to keep your organization secure. Okay. So we covered what I would call the happy path. You're setting up an agent correctly from the get-go. You're controlling its access. You're running governance. That's great. But what about the rogue agents? What about, let's say, for example, this is just an example.
What if the sales team - I love my sales skill here - but what if the sales team deploys an agent to connect to Salesforce without notifying IT? It could happen. They're very enterprising folks. Now, here's the thing. The Okta platform can detect that. Because agents are in the platform, you don't have to hunt for rogue agents and hidden risks. We can find them for you. And to show you more about that, I'm going to hand it to my friend Mallory. Take it away.
Great. Thanks, Harish. This is Identity Security Posture Management, or ISPM. You can think of ISPM as your real-time threat hunter. It's continuously scanning your tech stack for risks like misconfigurations, overprivileged accounts, or even hidden app-to-app connections, like Harish mentioned. It does this by integrating with every part of your tech stack. And it uses things like access patterns, naming conventions, and a whole host of other advanced techniques to actually identify these risks. So here, we can see that ISPM has flagged a high-risk issue called Grants Without Okta Policy.
Sounds interesting and risky, so we'll look into that. If we investigate, we can see that ISPM has flagged a rogue agent. This agent is connected to Salesforce. It was created completely outside of IT's processes, and it has broad read-write access to our customer data in Salesforce. These are obviously all really huge issues for us. But fortunately, with Okta, we don't just find this risk. We can actually remediate it. So all of the things that you just heard from Harish around visibility, control, and governance are ready to be applied. So when we find a rogue agent, we don't scramble. We can just run the play.
I'm going to go ahead and remediate this risk by applying our full security model to this agent. First, for visibility, we can go ahead and bring this agent into Universal Directory, and we can do that with just one click, and then we'll assign a human owner to our agent to close that accountability loop that we've been talking about. Second, for control, I'll go ahead and apply a baseline security policy that's going to immediately limit the permissions of this AI agent to read only, and this is going to help us shrink that blast radius if something were to happen, and then third, for governance, we'll go ahead and trigger an access certification campaign right off the bat. And the new owner, the one we assigned in Universal Directory, will have to review this AI agent, just make sure everything still looks good with the permissions.
And just like that, we have gone from a hidden critical risk to a fully managed and governed identity in Okta. And if I head back over to Universal Directory, do that now, you can see this agent right alongside all of our other AI agents here in Okta. Fully visible and fully secure. With Okta, these rogue agents have nowhere to hide. What did you think, Harish?
You know, I think it's cool. But judging by this, I think they think it's pretty cool too. So that's right. Agents in the platform. Look, what you saw was the full power of the Okta platform now applied to AI agents. You saw visibility, all of your agents in one place. You saw control so that your agents don't access anything they're not allowed to. You saw governance so you don't end up with agentic sprawl that's going to come back to haunt you later. And finally, you saw ISPM detecting and bringing a rogue agent under control. The thing is this.
Agents are going to transform business and technology as we know it. That is going to happen. But companies that invest in an identity security fabric and that invest in securing every identity type across every use case integrated to every resource, those are the ones that are going to get ahead and stay ahead in our AI future. Thank you. Todd, back to you.
All right. Nice job, Harish. Nice job, Harish. Nice job, Mallory. It's amazing. I love seeing all the hard work of the entire team demonstrated on screen there. And I can't wait for all of you to get your hands on this and to make that incredibly easy. That's why we've packaged all of this up in a solution that we call Okta for AI Agents. Now, it includes everything you need to build and manage agents securely. So for agent builders, it includes Auth0 for AI Agents so you can build agents that are secure by design. And for IT and security teams, it includes all the products on the entire breadth of the Okta platform with support, especially for AI Agents.
So for securing AI Agents, this is the most comprehensive solution in the entire market. We're amazingly proud of it, and we can't wait to have all of you use it to deliver value to your companies and your organizations. So I want to cap things off today. I want to zoom out a little bit and have a conversation with another industry leader thinking about how to navigate this tension between innovation and security in the age of AI. So we are incredibly fortunate to have the following guest here at OCTAIN. So I'd like to introduce now Sarah Franklin, the CEO of Lattice. Sarah? Welcome.
Thank you. Yeah. I can't do the jumping thing in the field. Yeah, exactly. It's bigger than it looks, huh, on camera. It is. It takes time to walk through. What an incredible crowd. Thank you so much for having me.
Yeah, thank you for being here. So many customers of Lattice in the audience, but for those of you that aren't current on everything you guys are up to, what's the latest?
Yeah, so Lattice, our mission has and always will be to make work meaningful, meaning that we help you as employees know what to do, what your goals are, how you're doing at that, have a conversation with your manager, and bringing AI in in a way that helps people be scaling our human potential and really helping us achieve, like you said, that nirvana, that great outcome that AI can bring to people. And we're really focused on the success of people.
I love that perspective because we talk a lot about infrastructure and standards and risk, but it really is all about what are we doing with all this stuff? How are we impacting positively our organizations? Do you have AI FOMO?
I don't have AI FOMO. I mean, sometimes what is it? JOMO, the joy of missing out?
Yeah, joy of missing out.
No, what we have is a deep belief in what we want the outcome to be with AI. You talked about it from a security standpoint. We deeply care about the human impact and what it means for us as people. And we don't want an outcome to be where the AI is just automating us all out of work. We want the AI to help us be better at our jobs. And so that's really what is so important to us and why it's an incredible opportunity right now for IT and HR to really join at the hip and say, "Let's make this secure. Let's make it accountable. Let's have that fabric. And let's really focus on how this is a big people transformation for all of our organizations."
When you're out there talking to customers, what is the biggest barrier to that? What slows it down? What does the unlock? Like for us, the whole idea here is that we're emphasizing how important identity security is to AI. What's the equivalent as you try to spread this message of empower your people and people are the key?
I mean, people are afraid. AI is new. It is unknown, and it doesn't.
By the way, the way the intelligentsia talk about it doesn't help.
No, it scares you.
Everything's going to change. It's all horrible here.
Well, it is going to change, but in a way that we want it to be more in our control than out of our control. And when we have people saying everything from, "We'll have massive unemployment" to "We'll have massive free time," and when we're sitting here wondering, "How do we just get this to step one?" We're all at the starting line. Not anyone here has 10 years of agentic AI experience. So we need to, like you said, be very responsible in how we bring this in and not let the fear paralyze us. We need to have the courage and the confidence together that we will not just ship something to production with a passcode of 1, 2, 3, 4, 5, 6 because we need it there, but that we will be very responsible in how we bring AI out.
What's the biggest success story? Do you have a customer story that demonstrates the way to do this wonderfully?
Yes.
What's the barriers? What's the positive case?
So the positive case and what we've seen with Lattice is when we've brought AI in as a coach and really to help people have better human -
but what does that mean, AI as a coach?
Oh, sorry.
I think I might need that.
You're doing great.
Presentation coaching?
No, no, no. It's more in your day-to-day job. When you think about you show up to work, you have goals that you want to achieve. The company has goals to achieve. Are you working on the right things? Are you doing a good job? That conversation, one of the most important things, you know this as a CEO, is getting your people aligned and motivated and working on the most important things.
Yeah, priority alignment is really hard, yeah.
Yes. And this is where AI can really help us scale and coach us and be there for us all the time to help us understand what we should focus on, what we're doing well, what we're doing poorly. And the other thing that's very interesting with AI is that as humans, a truth about us as humans is that we are not always honest with each other. We're scared of what somebody may think. We're scared of being wrong. We're scared of not knowing what we need to do. And that fear impacts our conversations, especially when you're giving feedback. I don't want to hurt somebody's feelings by giving them feedback. And so when you have AI that can have context of you as an employee, context of your system of record of work, whether it's Salesforce, whether it's Jira, whether it's any system that you're working in, and the feedback that's coming about you, your goals, your aspirations, it can help you through your daily job. And that's what's really exciting about Lattice.
And what we've seen with our customers be super successful is just being able to help that conversation be more connected and human and real because the AI is there to help you.
Yeah, yeah. There's a lot of amazing potential there. When you work with your customers, do these issues of security of your solution and how manageable it is and how it hooks in with the rest of the infrastructure, does that come up a lot?
All the time. And this is why for all of you here, this is so important that you have the Okta's fabric because AI is, I mean, it's true. I am guilty, as you said earlier in the keynote about being a CEO, of telling your team to push AI out there.
That's right. Faster. Come on.
Right?
Do it, yeah.
And we're having the pressure from the board to be more efficient. The thing that is most important, I think, right now is to not just look at efficiency, but look at effectiveness. And we need to help our people be more effective with AI. And our customers are asking us every day, "Okay, what does this mean?" They don't yet understand everything that you showed on the screens of how these agents have autonomy or how they have access, sometimes root-level access to data. And so this is. I accept your challenge for us as an industry to really step up to the plate to say, "Our job is here to educate everyone on what this technology can be, but also how it can hurt us. And let's do this responsibly so that we navigate more to a utopian outcome than a dystopian one.
I love that. I love that. There's so much potential, and we need to stay on the side of utopia. Yeah. I
would love to. And I will say also, at Lattice, we're a very proud Okta customer as well. And it's something that our system.
Thank you so much.
Yes. It's important that our IT teams and our HR teams, they work really well together because the directory you have of your agents also needs to be mirrored in the people directory and understanding what the goals are for these new entities, these new identities in our workforce. And so it's a new world that we're all walking into. And it's one which is great responsibility. It's actually getting a little geeky. I would say that I'm really.
Don't get geeky here.
Oh, I'm not allowed to?
We don't talk any standards or protocols.
You are just doing it. I should be allowed. No. But I find it very exciting that the functions of IT and security and HR are really center stage right now. It is all of your moment to be the superhero in this story. We've seen so many cautionary tales between cloud, social, mobile. Actually, social, mobile, I'll just say really quickly, exciting technologies when they were delivered. We thought this democratizes access to the internet, democratizes access to all types of things. We didn't take enough time to ask, "How can it hurt?" And now many of us, I'm a self-proclaimed addict to my mobile phone. And we have a generation of anxious people. Our children are addicted to their devices. Social media has harmed their sense of self-worth. And if we can look at those two things as cautionary tales to not just say, "How can this help us?" but also, "How can it hurt us?"
Yeah, I think that's really smart.
And let's not let it hurt us. Yeah. Let's not wait a decade to have the regulations and the onus on ourselves to bring this technology responsibly in because we want this to be great for people.
Yeah. Yeah. The way I keep thinking of it is utopia takes work. Utopia doesn't happen on its own.
I mean, hope cannot be our strategy. I've never heard that work out well.
Yeah, yeah.
So yes, it takes work, and it takes ownership, and it takes courage. And that's what's the hardest thing is that this is unknown. It's new. And the charts are going up and to the right. And it's fast. And so we have to have the courage to walk into the unknown together. And I would love for IT, security, HR, the back office to front office and says, "We are here to make the future of our companies and our society one that we're proud of."
Yeah. I love the message, Sarah. Thank you so much for being here to deliver it.
Thank you so much.
Thanks for joining us. Sarah Franklin. Utopia takes work. It doesn't happen for free. The next decade will be defined by how we secure AI. We all feel this tension. It's real. How do we innovate? How do we stay secure? Okta makes it possible to do both. And our goal is clear. And that is zero identity-based attacks. So today we've covered three important things to move us closer to this ideal state.
First is how you bring your identity security fabric to life with Okta, how you do it with open, transparent, clear standards that connect everything together. And thirdly, how you build fabric-ready agents with Auth0 . So by doing this, it's the key unlock. It's how we can all innovate without compromise. And this is only something we, the collective we, Okta and all of you here, can deliver together. So it's a very important mission. We have to deliver. The next chapter of identity security is here, and it's up to us to lead it. So you can scan this QR code on the screen. We have details about everything we've announced. We have a lot of work to do, but we've made incredible progress. And there is incredible, amazing potential and opportunity that comes next. So let's keep driving. Let's keep striving.
Let's keep pushing to build this future and realize all the benefits. I want to thank you on behalf of the entire Okta team for being here with us today. I want to wish you the best, and please enjoy the rest of Okta.