The Briefing RoomMarch 30, 2026via The Verge AI
Okta’s CEO is betting big on AI agent identity
Why it matters
As agentic AI systems proliferate across enterprises, identity and access control is shifting from managing humans to managing hybrid human-agent workforces. Okta is positioning itself as the infrastructure layer that authenticates, permissions, and controls AI agents at scale—a market McKinnon believes could dwarf traditional identity management.
Key signals
- Okta revenue: $3B, growing 10% YoY
- Okta market cap: $14B
- McKinnon: agent identity market could be 'the biggest category in cyber by far' (cyber market = ~$280B/year; traditional identity = ~10% of that)
- Okta blueprint for agentic enterprise: (1) agent identity provisioning, (2) standardized connection points, (3) 'kill switch' revocation capability
- Agent identity defined as hybrid between person and system—can operate on behalf of humans or autonomously
- McKinnon's internal mandate: shift company change ratio from 20/80 to at least 60/40 to absorb agentic disruption
- OpenClaw cited as 'ChatGPT moment for agents'—proof of concept that agents accessing enterprise data/systems is real
- Identity market segmentation: 40% customer auth (vulnerable to AI-powered fraud/spoofing), 60% employee/workforce access
- Emerging regulatory trend: digitization of national IDs, passports, mobile driver's licenses as fraud/bot mitigation
- McKinnon on SaaSpocalypse: 'paranoid' about vibe-coded competitors, but believes security, reliability, and integration moats + expanding TAM make Okta defensible
The hook
Okta's CEO just outlined how enterprises will authenticate AI agents—and why that matters more than you think.
Today, I’m talking with Todd McKinnon, who is co-founder and CEO of Okta, a platform that lets big companies manage security and identity across all the apps and services their employees use. Think of it like login management — actually, that’s a great way to think about it because the way most people encounter Okta is that it’s the thing that makes you log in again right before joining a meeting several times a week, so then you’re late for the meeting… Can you tell we use Okta?
Anyhow, all of that is a big business — Okta has a $14 billion market cap. But big software as a service companies like Okta are under a lot of pressure in the age of AI. Why would you pay their fees when you can just vibe-code your own tools? This so-called Saaspocalypse is a big deal, and Todd recently said he was “paranoid” about it on Okta’s most recent earnings call. So we dug into it, and how he’s putting that paranoia into practice inside Okta — what he’s changing, and what opportunities he’s going after to head off the apocalypse.
Verge subscribers, don’t forget you get exclusive access to ad-free Decoder wherever you get your podcasts. Head here. Not a subscriber? You can sign up here.
The biggest opportunity you’ll hear us talk about is some deep Decoder bait: the idea that it’s not just people whose access and security credentials need management, but also AI agents inside a corporation. This concept has really exploded with the rise of OpenClaw, which came with a ton of security challenges. Can any company keep users, platforms, and data safe if people are just going to buy a Mac Mini, hand their credentials to it, and let OpenClaw do whatever it wants with them? Is simply installing a “kill switch” at the agent level — as Todd suggests — enough?
You’ll hear Todd say that agent identity is something in between a person and a system, which is some of the richest Decoder bait possible, so we spent some time digging into that. It also seems like we are on the cusp of some of t...
Relevance score:78/100