Okta Agent Discovery: Securing Shadow AI with Identity Governance

Okta’s new Agent Discovery capability brings identity-first visibility to a problem that has quietly become an enterprise-scale risk: employees and automation builders creating unsanctioned AI agents that bind to corporate data using OAuth and service credentials, often outside IT governance.

Background / Overview​

Okta announced Agent Discovery as part of its Identity Security Posture Management (ISPM) toolkit, positioning the feature to detect, map and help remediate “shadow AI” agents that gain access to enterprise resources through OAuth grants, app registrations and other non‑human identities. The capability is available in early access and is described by Okta as a browser‑integrated detection mechanism that captures OAuth consent telemetry, correlates client‑to‑resource relationships, and presents discovered agents and their privileges inside the ISPM console.
The launch follows Okta’s broader product narrative around securing the “agentic enterprise” — a set of platform and governance features under the banner “Okta for AI Agents” intended to treat AI agents as first‑class identities with lifecycle, policy and governance controls. Okta’s product roadmap couples discovery with provisioning, authorization, and governance to create an identity security fabric for non‑human identities.
That corporate move is responding to an industry‑level warning: Gartner’s recent survey and analysis found that a large majority of organizations have already observed prohibited generative AI usage by employees, and it warns that by 2030 a significant share of enterprises will experience security or compliance incidents caused by unauthorized shadow AI. Those numbers underscore the urgency driving vendors and customers toward discovery, audit and lifecycle controls for agents.

---

What Agent Discovery does — the mechanics and scope​

How discovery works in practice​

• Agent Discovery uses a Security Access Monitor browser plugin to capture real‑time OAuth consent events initiated from managed browsers. The telemetry captures the client app (the AI tool/agent) and the resource app (the data source or API) and forwards that mapping to ISPM for analysis. Administrators can then view OAuth grants tied to non‑human identities and identify unknown or unsanctioned access.
• ISPM surfaces discovered agents in a dedicated inventory and links them to Non‑Human Identities (NHI) listings, so security teams can see service accounts, API keys, tokens, and agent objects alongside human accounts. This unified view is intended to reduce the blind spot where automation or agent identities gain persistent or broad privileges.
• Once discovered, organizations can register those agents as managed identities, assign ownership (a human sponsor), and apply lifecycle and access policies that enforce least privilege, credential rotation, and conditional access. Okta describes this flow — discover, register, protect, govern — as the four‑stage plan to bring agentic AI under enterprise control.

Platforms and future integrations​

Okta’s initial discovery relies on browser telemetry to catch OAuth consents at the point of authorization, which is a practical approach to find agents created through web‑based builders or apps that request delegated permissions. Okta has signaled plans to expand discovery coverage to managed agent platforms such as Microsoft Copilot Studio and Salesforce Agentforce in future product phases, aiming to detect agents even when they originate inside sanctioned AI platforms.

---

Why identity‑centric discovery matters​

Shadow AI is an identity problem​

AI agents don’t live on the network or endpoint in the traditional sense; they act at the application layer and frequently rely on OAuth tokens, service principals, and API keys to interact with SaaS and cloud APIs. That makes the identity plane the most appropriate place to detect and control agent access. Okta’s move lines up with a growing industry shift toward treating agents as identities that require lifecycle management, ownership and policy enforcement.

Real risks uncovered by discovery​

• OAuth consent abuse and token exfiltration are common vectors for agentic data leaks: an unsanctioned agent that obtains delegated Graph or drive scopes can access and exfiltrate sensitive files rapidly.
• Non‑human identities frequently escape regular audit cycles and persist with broad privileges; discovery helps convert dormant blast radii into auditable, remediable assets.
• Detection at the consent point can catch risky connections before they evolve into backend API integrations or complex app‑to‑app topologies that are harder to unwind.

---

Strengths: what Okta brings to the table​

1. Point‑of‑origin detection​

Catching OAuth consents via the browser is an effective method to observe the moment an agent obtains permission. This early signal can prevent an agent from becoming a persistent channel for exfiltration. Okta’s integration with the managed browser aims to surface those events in near real‑time.

2. Unified non‑human identity visibility​

Okta ISPM now displays service accounts, API keys, tokens, and AI agents in a single inventory — enabling teams to prioritize based on sensitivity, owner, and permission scope rather than dealing with siloed tools. That single pane reduces the manual correlation burden during incident triage.

3. Lifecycle and governance integration​

By positioning discovery as the first stage in a lifecycle (discover → register → protect → govern), Okta moves beyond signal generation into operational workflows: register a discovered agent, assign a sponsor, apply conditional access and provisioning, and log actions for audit. This operational fit is critical because discovery without governance is only a partial solution.

4. Ecosystem and standards play​

Okta’s broader vision includes Cross App Access (XAA) and protocols to standardize secure agent interactions, and the company has industry partners aligned with that approach. Standardization and protocol support can reduce brittle, ad‑hoc integrations that create risk.

---

Limits and risks — why discovery is necessary but not sufficient​

Vendor telemetry is powerful — and imperfect​

Large telemetry volumes are often cited by vendors as evidence of detection capability, but telemetry is capacity, not an operational guarantee. Detection effectiveness depends on how signals are operationalized into policies, runbooks, and human workflows. Overreliance on vendor telemetry without process changes risks a false sense of security.

Blind spots remain in the ecosystem​

• Browser plugins don’t capture agents created and executed wholly within server‑side platforms, embedded IoT devices, or certain native applications — which means discovery can miss some agent vectors until platform integrations for those environments exist.
• Not every SaaS platform exposes the granular audit or consent telemetry defenders need; coverage gaps will persist until platforms standardize agent audit events and expose them reliably.

False positives and operational noise​

Discovery tools will surface many low‑risk, legitimate automations alongside true threats. Security teams will need clear triage rules, ownership assignment, and prioritization criteria. Without those operational processes, the volume of findings can overwhelm teams and lead to alert fatigue.

Governance and organizational change​

Tooling alone does not fix the governance gap. Effective control requires:

• Executive sponsorship,
• Cross‑functional policies (security, legal, compliance, product),
• Clear sponsor and lifecycle rules for agents,
• Developer education and secure agent blueprints.
  Okta’s features support these needs, but customers must adopt the operating model to realize the benefits.

---

Verifiable claims and caution flags​

• Gartner’s survey and public guidance stating that 69% of organizations have evidence or suspicion of prohibited generative AI use, and that over 40% of enterprises may experience security or compliance incidents linked to unauthorized shadow AI by 2030, are published analyst findings that raise the severity bar for enterprise action. These findings are reflected in industry coverage and vendor roadmaps responding to the risk.
• Okta’s claim that Agent Discovery will detect OAuth consents and unsanctioned agents via a browser plugin is corroborated by Okta release notes and product communications; the feature is available in early access and requires deployment of the browser plugin to capture consent events. The capability and its EA status are verifiable in Okta’s release materials.
• Cautionary note: vendor claims about scale and coverage (for example, “we see everything across your environment”) should be treated carefully. Independent audits, customer references, and test deployments are necessary to confirm coverage in a specific tenant or environment. Where the vendor documentation is silent about region‑specific telemetry, log retention, or exact event fields, customers must validate within their own tenant.

---

Practical playbook — what security teams should do now​

• Inventory front doors and consent vectors.
• Enumerate app registrations, service principals, OAuth consent flows, and known agent builders. Use both platform APIs and browser telemetry where available. Tag each identity with owner, purpose, and creation source.
• Deploy point‑of‑origin detection.
• If you use managed browsers, evaluate deploying a consent‑monitoring plugin (or equivalent telemetry) to capture OAuth grants and client→resource relationships at the moment of consent. This is the fastest way to detect new agent authorizations.
• Harden consent and app‑registration policies.
• Disable end‑user consent for high‑risk scopes. Require admin consent or approval workflows for apps requesting broad scopes (e.g., Files.ReadWrite.All, Mail.ReadWrite). Review past consents and revoke suspicious grants.
• Treat agents as managed identities.
• Register discovered agents in your identity platform, assign a human sponsor, set expiration policies, and require short‑lived credentials where possible. Enforce PIM and just‑in‑time elevation for agent‑level privileged roles.
• Enforce least privilege and rotation.
• Replace static secrets with federated or short‑lived credentials, rotate keys automatically, and use conditional access policies tailored to non‑human identity scenarios.
• Expand observability to platform internals.
• For critical AI platforms (Copilot Studio, Salesforce Agentforce, etc.), work with vendors to obtain agent‑creation, consent, and invocation telemetry. Map agent groundings to sensitive data stores and prioritize mitigations.
• Operationalize runbooks, SLA and incident playbooks.
• Define mean time to revoke tokens, incident triage steps, and responsibilities for decommissioning agents. Run tabletop exercises simulating agent compromise.
• Measure and report identity risk KPIs.
• Track agent counts, high‑risk permissions, mean time to revoke credentials, and percent of agents with assigned sponsors. Use those KPIs to show progress to executives and to justify investments.

---

Broader implications: compliance, privacy and developer speed​

Compliance and audit​

Agent discovery helps close a key audit gap by producing the “AI Bill of Materials” — a registry of where agents connect to regulated data. That registry is essential for responding to data subject requests, breach notifications, and regulator queries. But registries are useful only if maintained and tied to real lifecycle enforcement.

Privacy and data minimization​

Discovery should be paired with policies that limit what an agent can ground itself on. The safest posture is to minimize groundings to regulated or sensitive datasets and to treat agent outputs as potentially exfiltratable until proven otherwise.

Developer and product velocity​

A danger of overly restrictive controls is driving developers to circumvent enterprise controls (more shadowing). The right balance: provide secure blueprints, self‑service registries with guardrails, and an expedited review path for business‑critical agents. That approach preserves speed while raising the bar for compliance.

---

Independent corroboration and ecosystem signals​

Okta’s product move follows a pattern across identity and cloud vendors: identity platforms are rolling out agent governance features, cloud providers are introducing agent‑specific identity primitives, and security research teams have demonstrated concrete risks in agentable platforms (for example, exploit chains involving default connectivity and permissive consent). These independent signals — analyst research, vendor roadmaps, and third‑party security disclosures — all point to the same conclusion: discovery and identity governance are necessary foundations for secure AI adoption.

---

Conclusions — what this means for IT leaders​

Okta’s Agent Discovery fills a practical and timely gap by making consent‑level signals visible and tying those signals into an ISPM inventory and governance workflow. For organizations wrestling with the rapid proliferation of agentic AI, that capability is a meaningful step: it turns invisible OAuth grants and unmanaged service principals into auditable, governable identities.
However, discovery is the first step, not the final answer. Teams must treat agent governance as a cross‑functional program: instrument discovery, enforce least privilege, assign sponsorship, automate lifecycle operations, and bake agent governance into developer workflows. Relying solely on vendor telemetry or a discovery tool without the people, process, and policy work will leave organizations exposed.
For IT and security leaders, the immediate action is straightforward: start with inventory (discover), then stabilize access (register and enforce), and finally institutionalize change (govern and measure). The identity plane is where agents act — that means identity controls will determine whether agentic AI is an accelerator for the business or an emergent attack surface. Okta’s Agent Discovery helps with the first mile of that journey; enterprises must do the rest.

---

Source: SC Media Okta introduces new shadow AI agent discovery features