Detect and discover AI agents
Early Access release
Use the Okta Secure Access Monitor (SAM) plugin and Identity Security Posture Management (ISPM) to discover unauthorized OAuth grants that often enable unregistered AI agents to access critical resources.
Users often use unmanaged or unauthorized AI platforms and tools to build agents that automate their workflows. These AI tools, bots, and agents that aren't authorized or monitored by your org are known as shadow AI agents. Users grant OAuth 2.0 tokens for core business apps to these shadow AI agents to allow the agent to act on the user's behalf.
IT and security teams often find it challenging to monitor and govern the use of unauthorized and unmanaged apps (shadow IT) because these grants are initiated directly in the browser and result in direct app-to-app connections. These unmonitored OAuth grants to unmanaged client apps and shadow AI agents create critical security gaps in your org.
The Secure Access Monitor (SAM) plugin and Okta Identity Security Posture Management (ISPM) help you address these gaps by monitoring the user's browser for any new OAuth grants and provide you with the visibility you need to identify and mitigate risks.
Benefits
-
Detect shadow AI agents
Identify agents built on unapproved platforms and bring them under governance by registering them as known, managed identities in Okta.
-
Identify over-privileged access
Surface scopes that grant agents dangerous permissions, such as the ability to read sensitive files, export data, or take privileged actions.
-
Surface shadow SaaS apps
Detect unauthorized apps that bypass legal and privacy reviews, exposing the org to regulatory and data-residency risks.
How it works
After you configure the Secure Access Monitor (SAM) plugin, it monitors managed browsers for new OAuth grants to apps. An OAuth grant (which provides an OAuth 2.0 token) is a digital authorization that permits an app to access data and perform actions on a user's behalf. Because of the OAuth grant, the app can do this without requiring the user to share their sign in credentials. OAuth grants are often what enable AI agents to access data and take actions.
When the plugin detects a grant, it captures the data. It also enriches the data with essential user context and securely transmits it to Okta Identity Security Posture Management (ISPM).
ISPM analyzes the data and provides you with the visibility you need into the shadow IT use for your org. This enables you to take immediate remediation actions against OAuth grants that enable shadow AI agents. You can revoke the grants or register these agents in Okta to ensure appropriate oversight.