The security landscape is transforming rapidly as AI agents join our workforce, creating an urgent need to rethink how we approach identity protection. When 80% of breaches already stem from compromised identities, how do we secure virtual employees who can't use traditional multi-factor authentication?
We sat down with David Bradbury, Chief Security Officer at Okta, to discuss this topic. This is a very important discussion to have, because traditional security approaches fall short when protecting non-human identities.

We ask Bradbury what organizations need to do to protect and secure their modern environments better from an identity perspective. He outlines the essential building blocks organizations need to implement. These have to do with token authentication, fine-grained authorization, and asynchronous workflows. We also talk about the role of the human in this new framework.
Looking toward solutions, Bradbury highlights promising developments like Google's Device-Bound Session Credentials, which cryptographically bind sessions to specific devices. He also emphasizes the need for broader adoption of security standards across the SaaS ecosystem and calls on CISOs to demand better security features from vendors.

All in all, a lot of work needs to be done when it comes to protecting and securing identity moving forward in an agentic world. The first order of business is to understand what the challenges are that AI agents pose. Listening to this podcast episode is a good start, as we discuss all the fundamentals.