By:Neil van Wyngaard - Solutions Architect

According to iOCO Automation & Cybersecurity, AI agents are fast being deployed across organisations and within business units, often with unchecked access to sensitive systems and data. Businesses need to move quickly to enforce new identity strategies to mitigate the new risks this presents.

Neil van Wyngaard, Solutions Architect, According to iOCO Automation & Cybersecurity Cluster, says: “AI agents are now approving transactions, accessing systems, triggering workflows, and making decisions autonomously. But uncontrolled AI agents are becoming one of the largest security gaps in modern enterprises. AI agents don’t behave like humans - they operate autonomously across multiple systems, scale instantly, spawn additional agents and act continuously - not just at login. Most security models were built for humans: they authenticate users, assign permissions and log actions, but they weren’t designed to govern AI agents.”

Van Wyngaard notes organisations are very strict about what their staff can access, and even more strict about what external vendors can and cannot do on the network.  “But currently, many AI agents have no controls,” he adds. 

“There are no real regulations or standards in the industry for building or deploying AI agents: you can download them or write your own. So, people build and deploy them, give them elevated permissions, and they could just run amok and access data they shouldn't be accessing, doing things that they shouldn't be doing. And central IT departments have no way of controlling what AI agents are being deployed on various platforms, or what they're doing.”

iOCO notes that because AI agents are making decisions that have financial, regulatory, and reputational impact, it is crucial they are properly secured and governed. Van Wyngaard says: “Without proper governance, organisations cannot confidently scale AI, prove compliance, mitigate risk or contain incidents quickly.”

He warns that AI Agents are now ‘First-Class Identities’ and must be treated as non-human identities (NHIs) with clear ownership, permissions and lifecycle controls. “They should also be monitored and audited constantly, and companies should have the power to revoke their permissions instantly, if necessary. Identity is now the control plane for AI,” he emphasises.

Van Wyngaard says Okta, an Identity and Access Management (IAM) service, has moved to address AI agent risks through its AI Identity and Access Management and governance platform. iOCO is an Okta reseller in South Africa. Okta reports that 91% of organisations are already using AI agents, 80% have experienced unintended agent behaviour, and 23% report credential exposure via agents. Despite the risks, 44% have no governance in place.

Okta for AI Agents is one of the first IAM platforms to directly address AI agent IAM. It enables organisations to manage agent identity and access on a single platform, with features such as ownership assignment, lifecycle management, and the ability to deactivate rogue agents.  The platform’s AI Agent Discovery feature allows companies to detect and identify agents across the environment,  while the AI Agent Registry allows for agents to be registered as identities with a clear human owner and baseline governance policies. Okta for AI Agents also has system logs and telemetry to support compliance and stream to a SIEM for rapid incident response.

Van Wyngaard says: “iOCO has a number of customers already running the Okta platform - for them, Okta for AI Agents is an add-on IAM security tool.  Okta scales very well in large organisations and proves more cost effective than other solutions. With Okta for AI Agents, businesses can now enforce the same controls over AI agents as they do their staff and partners. Okta for AI Agents facilitates the discovery of AI agents within their environments, detect when they’re accessing data or making connections they shouldn’t, and shut them down quickly.”