Octa, publicly unveils Shadow AI real-time tracking technology... fully enhances security management

In the context of unregulated artificial intelligence usage evolving into security threats, identity and access management company Okta is responding by enhancing its detection capabilities for unauthorized AI agents, known as “shadow AI.” On the 12th (local time), Okta announced the addition of features to its Identity Security Posture Management platform that can identify shadow AI and track and manage their permissions.

The newly introduced “Agent Discovery” feature systematically provides visibility into the permissions and data access scope of AI agents within the organization, helping to operate AI securely within security controls. This feature is especially capable of detecting AI agents generated on unauthorized platforms and tracking in real-time data transfers to external entities via OAuth authorization flows.

Harish Peri, head of Okta’s AI Security division, emphasized, “AI agents operate at the application layer rather than the network or device layer, exercising persistent and broad permissions through non-human identities.” He added, “This new capability aims to identify unapproved AI usage and develop appropriate response strategies.”

Concerns about shadow AI are also reflected in a recent report by Gartner. The report states that 69% of enterprises are tracking traces of employees using unauthorized generative AI tools, and it is projected that by 2030, over 40% of companies will face security or compliance violations caused by shadow AI. Okta believes this security “visibility gap” stems from the rapid proliferation of AI agent generation tools and the increased use of unverified AI builders.

With this update, Okta offers a unified security view across cloud infrastructure and SaaS ecosystems from Oracle, Google, Microsoft, Salesforce, and others, integrating non-human identity management. This enables administrators to identify the owners, permission scopes, and potential security threats posed by various AI agents, whether approved or not.

Furthermore, Okta plans to extend detection capabilities to major AI platforms such as Microsoft Copilot Studio and Salesforce Agentforce by the first quarter of fiscal year 2027. This initiative aims to strengthen tracking of permissions granted to AI agents and associated risk factors.

Jenna Cline, Senior Vice President of Business Technology, stated, “Okta’s strategy in AI applications prioritizes governance over feature expansion,” emphasizing a continuous, control-based approach.

Shadow AI can easily evolve into uncontrolled technology during rapid enterprise AI adoption. Therefore, Okta’s enhanced ISPM features are viewed as a reflection of the evolving security strategy—embracing AI innovation while maintaining security and control.