Okta announced Agent Discovery within its Identity Security Posture Management (ISPM) platform, a new capability designed to identify shadow AI, detect hidden identity risks, and govern AI agents across the enterprise lifecycle.
As part of Okta for AI Agents, the solution enables organisations to discover unknown and unmanaged AI agents, assess their permissions, and map their potential blast radius. Security teams can then convert shadow agents into governed assets by assigning human owners and enforcing baseline security policies through the Okta platform.
“Identity is the control plane for the agentic enterprise. AI agents operate at the application layer, often using multiple non-human identities with broad, long-lived privileges. Agent Discovery provides the visibility and governance required to secure both sanctioned and shadow AI at scale,” said Harish Peri, SVP & GM of AI Security at Okta.
Addressing the Growing Shadow AI Risk
Shadow IT is rapidly evolving into “shadow AI,” creating significant governance and compliance gaps. According to Gartner, 69% of organisations suspect or have evidence of employees using prohibited generative AI tools, and by 2030, over 40% of enterprises are expected to face security or compliance incidents tied to unauthorised AI usage.
The rise of agent builder platforms and democratised AI creation tools allows employees to deploy digital agents independently—often without IT oversight. Many of these tools leverage OAuth grants, enabling data access that can extend beyond established security perimeters.
Discovering and Governing Unsanctioned AI Agents
Agent Discovery detects OAuth consents and identifies AI agents operating on unsanctioned platforms. By surfacing these connections at their origin, organisations gain early visibility into AI tools before they develop into deeper backend API integrations or complex app-to-app connections.
Through browser integrations—including Google Chrome—the solution maps relationships between client AI applications and enterprise resource systems in real time. Security teams can:
- Identify unknown agents accessing enterprise data
- Detect unauthorised OAuth scopes and permissions
- Expose applications that bypass formal security reviews
- Assess the potential blast radius of compromised AI identities
Once identified, agents can be registered as managed identities within Okta, assigned accountable human owners, and governed through enforceable security policies.
“When employees introduce their own AI agents into the workplace, it creates blind spots where unmanaged tools connect to enterprise systems without oversight. Continuous discovery is essential to understanding what agents exist, who owns them, and what they can access,” said James Simcox, Chief Operations and Product Officer at Equals Money.
Expanding Governance to High-Risk AI Environments
Looking ahead, Okta plans to extend continuous discovery capabilities to managed AI/ML platforms and large language model (LLM) environments—often considered ‘crown jewel’ systems. This expansion will allow organisations to bring high-risk, sanctioned AI identities under unified governance frameworks.
By positioning identity as the foundation of AI security, Okta aims to help enterprises transform shadow AI from unmanaged risk into a secure, innovation-enabling asset.
