Home / Technology / Okta Proposes Standard to Control AI Agent Permissions
Okta Proposes Standard to Control AI Agent Permissions
17 Dec
Summary
- New standard aims to grant organizations control over AI agent permissions.
- Current OAuth tokens may be insufficient for AI agent access.
- Okta's IAAG standard seeks to involve organizations in access decisions.
The rapid rise of AI agents, projected to be commonplace by 2026, presents significant security challenges for organizations. As these agents gain access to corporate resources, existing permission systems may prove inadequate. Identity management provider Okta is championing a new open standard, known as Identity Assertion Authorization Grant (IAAG), designed to address this emerging threat.
The proposed IAAG standard aims to close security loopholes by ensuring that organizations, through their identity and access management (IAM) systems, have oversight of permissions granted to AI agents. This contrasts with the current OAuth token system, where individual users often grant access, creating potential blind spots and security risks for corporate data.
Supported by early adopters like Google, Amazon, and Salesforce, IAAG seeks to empower IT managers with greater visibility and control. Microsoft has also announced plans to support the standard in its Entra cloud IAM solution, signaling broad industry interest in securing the future of AI-driven operations.
