Okta Now Lets AI Agents Call third-party APIs Securely

okta

Not so long ago, Eugenio Pace, Okta’s president for business operations, told AIM that the identity provider could make billions more by providing identity to AI Agents.

Pace, who visited India in June, stressed that this was a forward-looking statement. However, just four months later, Okta has announced a new offering – Auth for GenAI – that will enable enterprises to provide identity to AI agents.

The brand-new platform empowers developers to securely make use of generative AI in their apps.

“The tech ecosystem is rapidly evolving, with an increasing number of applications developing as AI agents that will work on our behalf, leading to everyone having multiple agents assisting them,” Shiv Ramji, the president of customer identity at Okta, told AIM on the sidelines of Oktane 2024.

The industry is racing towards leveraging AI agents, which are autonomous and capable of performing complex tasks with minimal human intervention. Salesforce, a partner of Okta, has been particularly vocal about its new AI agent-building platform, Agentforce.

However, it’s also critical to ensure that these agents act appropriately on our behalf. While this is a complex challenge, Okta believes it can contribute to the solution.

(Shiv Ramji speaking at Oktane 2024)

Providing Identity to AI Agents

While the industry remains enthusiastic about the developments in this space, Ramji believes there are a few challenges as well, especially in terms of identity and security.

“From an identity standpoint, the priority is to ensure that these agents are built securely and there’s no risk of data leak. Over the past two years, we’ve collaborated with numerous application developers to analyse the requirements for generative AI applications,” Ramji said.

So far, Okta has identified four essential requirements. The first is that both users and agents need authentication. “Just as users must verify their identity when logging into a website, agents require the same level of verification,” he said.

If we are to believe industry leaders, there could be more AI agents than humans in the future. A single enterprise could deploy thousands of AI agents, each handling various tasks.

Okta’s billion-dollar revenue comes from providing identity solutions to enterprises for the workforce and customers. Now, the company could make billions of dollars more by providing identity to AI agents.

Agents Calling APIs on User’s Behalf

“The second consideration is that agents, unlike humans who interact with websites to log in and make purchases, will primarily engage with third-party APIs. Therefore, agents must be capable of accessing these APIs on our behalf, which is another significant requirement,” Ramji said.

Auth for GenAI will enable AI agents to access APIs from services like Google Calendar, GitHub, Box, and others on behalf of users. It employs secure standard protocols to ensure that API credentials are unique to each user’s account and that the user has consented to the specific permissions granted to the generative AI application.

At Oktane, the San Francisco-based company also announced a new Developer’s Portal designed to make APIs AI-ready. It will make it easier for enterprises to securely expose APIs, with their brand, to developers and partners.

“Thirdly, we would want to avoid storing important credentials with AI agents for extended periods due to potential data leakage. Not all AI workloads provide immediate answers; some may take minutes or even days.

“Therefore, agents will perform tasks for us and report back but there will be a human in the loop to approve or reject the work done by these AI agents,” he said.

This feature called Async Authentication enables developers to integrate on-demand authentication into their applications, allowing users to authenticate with a single tap via a push notification on their mobile devices.

For example, if an AI agent is instructed to book flights when the price drops below $200, Async Authentication can send a push notification through the travel app, prompting the user to approve the transaction instantly.

AI Agents Risks

While these developments are promising and it’s encouraging to see Okta take the lead in enhancing security as AI agents gain prominence, APIs continue to pose one of the most significant security risks.

According to a report on ‘The Economic Impact of API and Bot Attacks’ by Imperva, a Thales company, organisations are losing between $94 billion and $186 billion each year due to insecure APIs and automated bot abuse.

Additionally, as AI agents become increasingly widespread, they may introduce new security challenges for enterprise security teams. For instance, these AI systems could be prone to data poisoning where malicious actors manipulate training data, leading to biassed outputs and security breaches.

Moreover, unauthorised access can expose sensitive information if AI agents connect directly to databases, while outdated software may introduce exploitable vulnerabilities.

Given AI agents are still in their infancy, a broader adoption by enterprises is expected in 2025. Nonetheless, it remains to be seen whether new threats will arise from their use or if current safeguards will be enough to address these challenges.

The post Okta Now Lets AI Agents Call third-party APIs Securely appeared first on AIM.

Follow us on Twitter, Facebook
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 comments
Oldest
New Most Voted
Inline Feedbacks
View all comments

Latest stories

You might also like...