Okta's CEO just admitted he's paranoid about AI killing his $14 billion business, and his survival plan is to make your AI agents get a corporate badge.

The Summary

  • Okta CEO Todd McKinnon is pivoting hard toward "agent identity", positioning AI agents as a new class of enterprise user that needs login management and security credentials
  • The move is a direct response to the "Saaspocalypse," the threat that companies will vibe-code their own tools instead of paying SaaS subscription fees
  • OpenClaw's explosion exposed a security gap: enterprises have no way to manage credentials when employees hand them to autonomous agents running on Mac Minis

The Signal

This is what enterprise panic looks like when the ground shifts. McKinnon used the word "paranoid" on an earnings call, which for a public company CEO is basically screaming into a pillow. The threat is real: if you can prompt an AI to build the workflow you need instead of subscribing to Okta's competitor, why pay the enterprise tax?

His answer is to treat AI agents as something "in between a person and a system" that needs its own identity layer. The logic: agents need credentials to do their work, they access sensitive data, and right now the security model is essentially "trust the human who deployed it." That breaks down fast when OpenClaw or similar tools let anyone spin up an autonomous agent that can act on their behalf across corporate systems.

Okta's bet is that enterprises will need centralized agent credential management the same way they needed it for employees in the cloud era. Kill switches at the agent level. Permission scoping. Audit trails. All the enterprise security theater that actually matters when something goes wrong. The alternative, what we have now, is chaos: employees buying Mac Minis, copying passwords into Claude, and hoping for the best.

But here's the tension: the same AI that threatens Okta's business model might make identity management simple enough that companies don't need a $14 billion middleman. If agent-to-agent authentication becomes native to the models or platforms, Okta becomes the Yahoo Directory of Web4. McKinnon knows this. The paranoia is the point.

The Implication

Watch how enterprises handle agent credentials over the next 12 months. If they adopt Okta's model, it validates the "agents as users" framework and creates a new category of enterprise spend. If they don't, it means either the platforms solved it themselves or security is still too abstract a concern. For anyone building agent infrastructure, identity is now a first-order problem, not an afterthought. Design for it or watch someone else own the access layer to your agents.

Source: The Verge AI