CyberArk, Okta, Google target AI agent security

According to analysis firm Gartner, by 2028 a quarter of enterprise breaches will be related to AI agent abuse. One solution to prevent this is introducing identity access controls for AI agents and CyberArk, Okta and Google are presenting new solutions.

AI agents create identity challenges

Astrix Security sets out the problems that AI agents can introduce or make work, as non-human identities (NHIs) cannot be handled the same way as human digital identities.

The company defines non-human identities as the connective tissue between AI agents and the organization’s digital assets. AI agents need access to data, systems, and resources and this access is given through non-human identities such as API keys, service accounts, OAuth tokens, and other machine credentials. 

This also means that their security is linked: AI agents can magnify identity security challenges in a number of ways and create severe vulnerabilities. These include shadow AI proliferation, or employees deploying unregistered AI agents using existing API keys without proper oversight and creating hidden backdoors that persist even after employee offboarding.

Another danger is identity spoofing and privilege abuse, which allows attackers to hijack an AI agent’s permissions and gain access to systems. Compromised agents can trigger unauthorized workflows, modify data or orchestrate sophisticated data exfiltration campaigns. AI agents with access to several systems can increase breach impacts.

“Securing AI agents fundamentally means securing the NHIs they use,” says the company. “If an AI agent can’t access sensitive data, it can’t expose it. If its permissions are properly monitored, it can’t perform unauthorized actions.”

CyberArk launches Secure AI Agents Solution

AI agents will need to be authenticated to critical systems and restricted only to performing their intended functions. CyberArk’s new Secure AI Agents Solution allows organizations to mitigate risks by leveraging intelligent privilege controls offered by its Identity Security Platform.

“Agents must be secured on day one by combining the principles of human identity security with the scalability and automation of machine identity security,” says the company’s CEO Matt Cohen.

The new solution is complemented by CyberArk CORA AI, the platform’s embedded AI engine which analyzes user and agent behavior detects emerging threats and recommends automated response actions, the firm says in a release. 

The identity security firm is also working to integrate Accenture’s AI Refinery with its Identity Security Platform. This integration will allow managing AI agents based on Zero Trust principles, i.e. continuous verification and authorization for all users and devices.

Okta releases Auth for GenAI

Last year, Okta announced a new product on the Auth0 platform designed to help secure identity in generative AI applications called Auth for GenAI. The tool has now been released in Developer Preview, allowing them to meet the identity requirements to build secure agentic apps, says the company.

Auth for GenAI integrates with popular AI frameworks such as Langchain, Llamaindex, Google GenKit and Vercel.ai. It helps ensure AI agents have built-in authentication, fine-grained authorization, async workflows, and secure API access. 

“Authorization is being frequently overlooked,” the company says. “Agents are connecting to APIs with integrations that aren’t optimized for AI-driven access, and email or push notifications triggered to approve sensitive actions are being implemented with minimal security controls.”

Google presents Agent2Agent protocol

Google has announced the launch of its open interoperability protocol Agent2Agent (A2A), designed to allow AI agents to collaborate across frameworks and vendors. The product is supported by over 50 technology partners, including Salesforce, SAP, ServiceNow and MongoDB.

A2A provides a universal framework for AI agents to securely exchange information, coordinate actions and integrate across enterprise platforms. It aims to address challenges such as siloed systems by standardizing communication between agents. By enabling interoperability between specialized agents, A2A also helps scale agentic AI solutions.

Google has released A2A as open source while a production-ready version is expected later this year. Unlike Anthropic’s MCP or Microsoft’s AutoGen framework, it emphasizes open collaboration and community-driven development, says Google

Article Topics

Agent2Agent  |  AI agents  |  Astrix Security  |  Auth0  |  CyberArk  |  enterprise  |  Google  |  identity access management (IAM)  |  Okta