Photo by Ed Hardie on Unsplash
- As of June 23, 2026, Okta expanded its Cross App Access (XAA) ecosystem with more than 25 new integrations — including Asana, Atlassian, Figma, Slack, Zoom, Salesforce, Cloudflare, Datadog, and Anthropic's Claude — targeting the ungoverned credential layer underneath enterprise AI deployments.
- 88% of organizations reported confirmed or suspected AI agent security incidents in the past year, yet only 21.9% treat agents as independent, identity-bearing entities — the governance gap XAA directly addresses.
- Shadow AI breaches cost an average of $670,000 more than standard security incidents, with a total average breach cost of $4.63 million per event, making centralized agent identity a financial imperative, not merely an IT preference.
- XAA access for Okta Workforce customers opens through the Okta Integration Network in August 2026; Auth0 B2B SaaS customers receive early access at the end of July 2026.
The Pattern: When Agent Credentials Outrun the Governance Stack
45.6 percent. That is the share of enterprises that, as of mid-2026, authenticate agent-to-agent calls with shared credentials — meaning one compromised API key can cascade through an entire autonomous workflow before a human ever notices. No per-agent identity. No granular scope. No audit trail that cleanly maps an action to a specific agent instance. That is the ungoverned seam at the center of this story.
According to reporting by IT Brief Australia, Okta announced more than 25 new integrations for its Cross App Access (XAA) ecosystem on June 23, 2026, adding Asana, Atlassian, Canva, Cursor, Figma, Glean, Linear, Slack, Zoom, Cloudflare, Datadog, Salesforce, and Anthropic's Claude to a network designed to give AI agents scoped, auditable, revocable credentials rather than the blunt-instrument API keys most teams default to today.
AI agents do not authenticate the way humans do. They authenticate continuously across multiple systems, spawn subagents dynamically, execute long-running workflows that cross environment boundaries, and persist credentials well beyond any single user session. Traditional identity and access management (IAM) — built around a human at a keyboard — was not architected for this behavior. The result is a threat model that looks normal in every log and console view while being structurally broken: the token shows as legitimate, the permissions appear scoped correctly, and the audit trail records an authorized action without naming which agent actually took it.
Gartner forecasts that 40% of enterprise applications will embed task-specific AI agents by the end of 2026, up from under 5% in 2025. The same firm projects that an average Fortune 500 enterprise will operate more than 150,000 agents by 2028 — up from fewer than 15 in 2025. Those two timelines describe a governance cliff, not a gradual ramp.
What Okta Actually Shipped — and the Timeline That Matters
The Okta for AI Agents platform reached general availability on April 30, 2026, following an early-access window that began in March 2026. The June 23 announcement extended that foundation by bringing the XAA ecosystem into the collaboration, design, developer tooling, and cloud infrastructure categories that enterprise AI workflows actually run through.
The specific integration list matters because coverage gaps are exactly where shadow AI emerges. If Slack sits outside a centralized identity framework, an AI assistant connecting to it will almost certainly do so through a user OAuth token that outlives its session, a personal API key with admin-level scope, or a service account credential shared across multiple automation workflows. Okta described XAA as addressing the problem that arises when staff begin connecting AI assistants to company systems through static API keys or user consent flows outside central oversight, leaving administrators with limited visibility into what an agent can access and what actions it takes.
The rollout is staggered: Okta Workforce customers gain XAA access through the Okta Integration Network in August 2026, while Auth0 B2B SaaS customers receive early access at the end of July 2026. Separately, Okta expanded AI agent security to support Amazon Bedrock and non-Okta identity providers, and deepened its Google Cloud partnership to span Google Workspace and Cloud platforms — signaling that XAA is designed to operate in heterogeneous environments rather than Okta-native stacks only.
Financially, the product is built on solid footing. Okta's Q2 fiscal 2026 revenue reached $728 million (13% year-over-year growth), with subscription revenue of $711 million (12% YoY growth). The company raised its full-year 2026 revenue guidance to $2.875–$2.885 billion, reflecting 10–11% growth. Its remaining performance obligation — the subscription backlog, representing contracted future revenue not yet recognized — stands at $4.152 billion, up 18% year-over-year. That backlog signals customer commitment well ahead of feature delivery, which matters for a platform whose most consequential capabilities do not fully roll out until Q3 2026.
The Numbers That Expose the Governance Gap
The XAA announcement landed in a market where the underlying problem is already showing up in incident reports at scale. As of June 24, 2026, according to industry research, 88% of organizations reported confirmed or suspected AI agent security incidents in the past year — rising to 92.7% in the healthcare sector. Yet only 21.9% of teams treat AI agents as independent, identity-bearing entities.
Chart: Share of enterprises across three AI agent governance metrics, based on industry research current as of June 24, 2026. Scale represents 0–100%.
McKinsey research shows 80 percent of organizations have encountered risky behaviors from AI agents, including improper data exposure and unauthorized system access. Shadow AI breaches — where agents connect to enterprise tools outside any centralized oversight — carry a total average cost of $4.63 million per event, approximately $670,000 higher than standard security incidents. The projected $20 billion market opportunity for AI agent identity security solutions by 2030 is a direct function of how large that governance gap has grown.
As the Cybersecurity blog's analysis of phishing defense stack patterns noted, the weakest link in layered enterprise security is almost always the access credential, not the detection layer. AI agents amplify that vulnerability because their credentials persist beyond human sessions, spawn subagents, and fragment audit trails in ways that traditional threat models were not designed to catch.
Where This Breaks in Production
The XAA ecosystem model introduces a failure mode worth naming explicitly: integration coverage gaps revert to exactly the shared-credential anti-patterns XAA is designed to replace. The 25-integration announcement covers significant enterprise ground — Slack, Zoom, Salesforce, Cloudflare, Figma, Datadog together touch a large share of common workflows — but the long tail of internal tools, niche SaaS platforms, and custom APIs sits outside the governed perimeter. Wherever a tool is missing, the path of least resistance remains a static API key.
The IETF is actively standardizing new OAuth 2.0 extensions — with requested_actor and actor_token parameters — specifically to let AI agents obtain access tokens on behalf of users without requiring real-time human consent at each step. But standardization timelines and enterprise adoption timelines rarely converge cleanly. Between now and broad OAuth-for-agents adoption, organizations face a hybrid period where some agent connections run through governed XAA pathways and others run through legacy credentials. That patchwork is where context window blowups meet audit trail gaps: a governed agent spawns a subagent via a clean credential, which then reaches an ungoverned downstream tool, and the audit log shows a clean initial handoff that masks what actually executed afterward.
Gartner's companion forecast deserves equal weight alongside the proliferation numbers: more than 40% of agentic AI projects will be canceled by end of 2027 due to escalating costs, unclear business value, and inadequate risk controls. In my analysis, that cancellation rate is not primarily a technology indictment — it is a governance indictment. Projects that deploy agents without solving the identity layer first tend to discover the cost of remediation only after something has failed visibly. The healthcare figure reinforces the stakes: 92.7% of healthcare organizations reporting AI agent security incidents, in a sector where a single unauthorized exposure triggers HIPAA penalties and patient safety consequences, is not a statistical abstraction. It is a slow-motion compliance crisis already in progress.
How to Act on This — Three Concrete Steps
The 45.6% shared-credential statistic suggests most enterprises lack a clean map of which agents authenticate how and to which systems. Before onboarding XAA, enumerate every existing agent integration and classify each by credential type: OAuth token, API key, service principal, or shared password. Credentials in the last two categories are immediate remediation targets regardless of whether XAA is in the near-term roadmap. An ungoverned agent connecting to Salesforce or Slack through a shared service account password represents the exact risk profile the June 23 announcement was designed to address — and it exists in most enterprise environments right now.
Organizations that want to onboard XAA at general availability should finalize their integration shortlist, scoping requirements, and internal approval workflows before August — not after the access window opens. The integrations announced June 23 — Asana, Atlassian, Figma, Slack, Zoom, Salesforce, Cloudflare, Datadog among them — cover most high-traffic enterprise tool surfaces. Map which of those tools your current agent workflows reach through ungoverned credentials, and prioritize those for XAA migration in the first rollout window. Auth0 B2B SaaS customers should plan for end-of-July early access.
Dynamic credential issuance adds latency overhead. Token rotation adds retry logic complexity. Both behave differently at scale than in a controlled proof of concept. Teams adopting Model Context Protocol (MCP) alongside XAA-style identity layers should benchmark credential issuance latency and token rotation overhead during the evaluation phase, before those costs are embedded in production service-level agreements. The tool-call loops that look invisible in demos become visible — and expensive — the first time a high-throughput agent workflow hits a credential refresh at scale. Eval-driven development means modeling that failure before it is production's problem.
Frequently Asked Questions
What is AI agent identity management, and how does it differ from regular IAM?
AI agent identity management is the practice of assigning distinct, scoped credentials to autonomous AI agents — separate from human user credentials — so that each agent's access to enterprise systems can be monitored, restricted, and revoked independently. Traditional IAM (identity and access management) is built around a human authenticating once per session through a username, password, or MFA prompt. AI agents authenticate continuously across multiple systems, spawn child agents, and execute long-running workflows without a human present at each step. That behavioral difference requires a non-human identity model with its own lifecycle controls, scoped permissions, and expiration policies that are not part of conventional IAM frameworks.
How does OAuth work for AI agents, and why is the IETF involved?
OAuth 2.0 is an authorization framework that lets one application obtain limited access to another system on behalf of a user. Standard OAuth flows assume a human is present to grant consent interactively, which does not fit how autonomous agents operate across long-running or multi-step workflows. The IETF is standardizing extensions — including requested_actor and actor_token parameters — that allow AI agents to obtain access tokens representing delegated authority from a human principal, with explicit scope limits and expiration, without requiring the human to be present at each individual authentication event. These extensions are being developed precisely because existing OAuth implementations were not designed for non-human actors that operate at machine speed and scale.
What are the biggest security risks of AI agents in the enterprise workplace?
As of June 24, 2026, according to industry research, 88% of organizations have reported confirmed or suspected AI agent security incidents in the past year. The primary risk vectors include: compromised API keys that grant agents broader access than intended; shared credentials that allow a breach in one agent to propagate across multiple connected systems; and shadow AI connections — agents linked to enterprise tools outside centralized oversight — that administrators cannot monitor, audit, or revoke. Shadow AI breaches carry a total average cost of $4.63 million per incident, approximately $670,000 higher than standard security events. The healthcare sector reports the highest exposure, with 92.7% of organizations recording AI agent security incidents in the same period.
Disclaimer: This article is original editorial commentary based on publicly reported information and does not constitute legal, security, or financial advice. Research based on publicly available sources current as of June 24, 2026.