Okta’s CEO is betting big on AI agent identity
Foto: The Verge AI
A market valuation of $14 billion does not protect against the existential dread that Todd McKinnon, CEO of Okta, openly calls "paranoia" in the face of the approaching "Saaspocalypse." The leader of the identity management sector recognizes a fundamental threat: in a world where AI allows for the instantaneous generation of custom tools (so-called "vibe-coding"), traditional SaaS subscriptions may lose their raison d'être. However, Okta's survival strategy relies on a new, key link in the digital ecosystem – the identity of AI agents. For users and global organizations, this signifies a transition from managing employee logins to authorizing autonomous bots that make decisions and operate on sensitive data on our behalf. McKinnon is betting on creating security standards where an AI agent possesses its own verifiable identity, intended to prevent permission chaos and information leaks. Rather than fighting automation, Okta aims to become its indispensable guardian. The practical outcome of this transformation will be a new security layer, where systems will not ask "who are you?" but "does this specific algorithm have the right to perform this operation on your behalf?" This is a clear signal that in the AI era, security is no longer just about people, but begins to define the boundaries of machine autonomy.
In the world of corporate technology, few brands evoke such mixed feelings as Okta. On one hand, it is a $14 billion security foundation used by the world's largest global enterprises for identity and access management. On the other, it is that annoying login screen that pops up at the most inconvenient moment, right before an important online meeting. However, the company's co-founder and CEO, Todd McKinnon, has much more serious problems on his mind today than end-user irritation. The SaaS (Software as a Service) industry is facing a phenomenon he himself describes as the "Saaspocalypse".
The emergence of advanced artificial intelligence has changed the rules of the game. Since developers can now "click through" or generate their own tools using AI (so-called vibe-coding), the justification for paying high subscriptions for ready-made solutions is being called into question. During a recent earnings call, McKinnon openly admitted to feeling "paranoia" regarding this trend. However, this is not a paralyzing paranoia, but one that drives action. Okta's strategy is now shifting toward managing the identity of not just humans, but primarily AI agents — autonomous entities that will soon dominate corporate ecosystems.
Machine identity as the new security standard
The traditional approach to identity management was based on the human-to-application relationship. We verified whether a given employee had permissions to access a database or edit a document. In a world dominated by AI agents, this model is becoming insufficient. Bots, scripts, and autonomous agents act on behalf of humans but have their own lifecycles and specific access needs. If Okta is to survive the coming revolution, it must become the authentication layer for every request generated by an algorithm.
Read also
McKinnon's vision assumes that every AI agent will need to have a unique identity that can be monitored, restricted, and — if necessary — immediately disabled. This is critical in the context of security: imagine an AI tool tasked with cost optimization in a company that, due to a code error, starts deleting key subscriptions or wiping databases. Without strong Identity Management at the agent level, organizations risk losing control over their own infrastructure. Okta wants to be the "policeman" who checks the passport of every bot moving through the corporate network.
Vibe-coding and the end of the era of simple SaaS tools
The phenomenon of vibe-coding, mentioned by McKinnon, is a real threat to the business model of many technology companies. Thanks to models like GPT-4o or Claude 3.5 Sonnet, engineers can create internal tools that previously required the purchase of expensive licenses. If a company can build its own system for invoice processing or vacation management in a single afternoon, why would it pay an external provider? McKinnon understands that Okta cannot just be a simple tool that can be easily replaced by home-grown production.
Okta's strength is meant to be interoperability and trust. While it is easy to write a simple application, it is extremely difficult to build a secure, scalable access management system that integrates with thousands of external services. Todd McKinnon is betting that in an era of chaos generated by AI, companies will need a single, stable anchor point. The technical specification of their solutions must evolve toward:
- Supporting dynamic permissions for AI processes operating in real-time.
- Verifying the provenance of data transmitted between agents.
- Ensuring Zero Trust Architecture in an environment where the line between employee and program is blurring.
The risk of Saaspocalypse and the new role of the CEO
Admitting to paranoia during a talk with investors is a bold move for the head of a company with a $14 billion capitalization. McKinnon argues, however, that only such leaders will survive the paradigm shift. Okta must stop being perceived as a "gatekeeper" and start being treated as an "enabler." Deep structural changes are taking place within the company aimed at accelerating the release cycle of new AI-related features.
The key challenge remains the fact that artificial intelligence is just as good at breaking security as it is at creating it. Deepfake attacks or automated phishing strike directly at the foundations upon which Okta was built. McKinnon believes the only answer is to fight fire with fire — using AI to predict anomalies in user behavior before a data breach occurs. This is no longer just about managing logins; it is an arms race in cyberspace.
In the era of digital transformation, identity is becoming the new security perimeter. Traditional firewalls are losing relevance in a world where employees work from anywhere and most operations are performed by autonomous scripts in the cloud. If Okta can successfully implement identity standards for AI agents, it will maintain its leadership position. However, if it is seen only as a relic of the "logging into meetings" era, the Saaspocalypse could turn out to be a brutal reality for it. McKinnon is putting all his cards on the table: in the future, you won't be logging in — your agent will, and Okta will have to know if it's definitely them.
