Identity access management company Okta Inc. today announced new features that allow organizations to discover shadow artificial intelligence agents, uncover hidden identity risks and misconfigurations of known and unknown agents and execute remediation plans.

The new Agent Discovery feature in Okta’s Identity Security Posture Management offering maps agents’ potential blast radius to allow enterprises to integrate AI into their identity security fabric without sacrificing visibility, control or governance.

The release seeks to take on the growing issue whereby shadow information technology is being replaced with an invisible layer that Okta calls “shadow AI.” A recent Gartner report found that 69% of organizations have evidence of employees using prohibited generative AI tools and predicted that by 2030, more than 40% of enterprises will experience security or compliance incidents directly linked to unauthorized shadow AI.

Okta argues that the growing visibility drift is being driven by the democratization of agent creation, which allows any employee to provision a digital worker and by the growing availability of agent builder platforms. The end result is a lack of IT oversight into how employees are leveraging unvetted, unsanctioned tools that use OAuth grants to funnel data outside the security perimeter.

“AI agents don’t operate at the network, endpoint, or device layer — they live in the application layer and use multiple non-human identities with broad, long-lived privileges,” said Harish Peri, senior vice president and general manager of AI security at Okta. “By discovering and mapping every agent and its permissions, Identity Security Posture Management within Okta for AI Agents gives organizations the visibility and governance they need to secure both sanctioned and shadow AI at scale.”

With the new release, Okta ISPM now brings AI under enterprise control.

The new release includes the ability to discover agents built in unsanctioned platforms, including detecting OAuth consents and identifying agents in unsanctioned platforms and unvetted agent builders. ISPM now captures real-time signals to map the relationship between the client app and the resource app and alerts users when unknown agents in unsanctioned tools now have permissions to critical data.

Okta ISPM users also gain the ability to harden the identity layer by securing non-human identities, with a single view into multiple nonhuman identity types in software-as-a-service, identity providers, cloud infrastructure and on-prem Active Directory.

The company also plans to expand its continuous discovery capabilities to AI platforms such as Microsoft Copilot Studio and Salesforce Agentforce in its fiscal 2027 first quarter to identify ownership of each agent, what permission those agents have and where the top risks reside.

Jenna Cline, senior vice president of business technology at Okta, spoke with theCUBE, SiliconANGLE Media’s livestreaming studio, in September, when she discussed how Okta is taking a governance-first path to AI adoption.

Photo: Okta