Artificial intelligence isn’t just reshaping applications: It’s redrawing the boundaries of identity security. As conversational agents take center stage, identity emerges as the defining layer where innovation and security converge.

Developers now face a landscape where application programming interfaces are the primary surface for business logic and uncontrolled agents can interact with critical systems. This architectural shift raises urgent questions about how to protect data, enforce permissions and maintain customer confidence, according to Shiv Ramji (pictured), president of Auth0 at Okta Inc.

Okta’s Shiv Ramji talks with theCUBE about why identity has become the new security boundary.

“That very nature of how AI applications are built or what generative AI and agents can do, you have to rethink how you build your applications because you can no longer control the access point inside your application,” he told theCUBE. “In fact, I bet you a year from now, when you use the American Airlines application and if it has a natural language interface to it, it’s going to look very different. You’ll be able to do a whole lot more things than what you can do today.”

Ramji spoke with theCUBE’s Rebecca Knight and Jackie McGuire at Okta’s Oktane, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how AI is changing application development, why identity has become the new security boundary, and the fundamental principles developers need to build trusted and scalable apps. (* Disclosure below.)

Developer-first identity security fundamentals

The pressure to innovate fast with AI must be balanced against securing agents, data and transactions. That tension is driving renewed attention to identity security fundamentals, such as authentication, fine-grained authorization and standards, that make cross-application access seamless, according to Ramji.

“There are four key requirements across all of these industries that kind of are common,” he said. “First is very basic … you have to authenticate and validate who you are; we have to do that for agents. But there is something unique here: We need to make sure that not only is the agent authenticated, but the agent is authenticated on behalf of you. That linkage is super important. The second thing is … an agent will have to connect to 30, 40, 50 different applications securely.”

Frameworks and standards reduce the burden on developers who want to move quickly without compromising identity security. By embedding identity security expertise into APIs and services, companies can accelerate innovation while shielding builders from common mistakes, according to Ramji.

“Builders and engineers and developers, they are not security experts, and I don’t think it’s fair for us to expect them to be,” Ramji said. “This is where the capabilities that we’re building [come in]: We’re taking that burden away. We are identity experts; we know how to secure tokens, vault them and scope them. We’re going to take that burden, and then we’ll make it really easy for a developer to use our products and APIs.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of Okta’s Oktane event:

(* Disclosure: TheCUBE is a paid media partner for Okta’s Oktane event. Neither Okta Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE