According to ZDNet, identity management giant Okta has proposed a crucial new open security standard to address a looming crisis as AI agents proliferate. By the end of 2026, many employees will have at least one AI agent working on their behalf, with tens or hundreds possible within five years. The problem is that today’s method for granting access—OAuth tokens—leaves IT security teams in the dark, as end users can delegate access without organizational oversight. Okta’s specification, called Identity Assertion Authorization Grant (IAAG) within the IETF, is designed to close this loophole by bringing non-human access under central identity management control. Major companies including Google, Amazon, Salesforce, Box, Zoom, and Microsoft have already signed on as early adopters, with Microsoft planning to support IAAG in its Entra platform.
The OAuth Blind Spot
Here’s the thing: the current system is a ticking time bomb, and the rise of AI agents is about to light the fuse. For years, when you click “Allow” to let Slack access your Google Drive, you’re creating an OAuth token. That token is like a digital key that Slack holds, and it pretends to be you whenever it talks to Google. The organization’s IT system, like Okta or Microsoft Entra, often has no idea this key was even cut. It’s a user-level deal, done in the shadows of a consent pop-up.
Now, imagine that process, but instead of a human clicking for a single app like Slack, it’s an AI agent being provisioned by an employee who just wants to get more work done. That agent might need access to your CRM, your project management tools, your email, and your data warehouse. And it can make those connections autonomously. Suddenly, you have hundreds of these powerful, non-human entities with broad access, and your central security team has zero visibility or control. That’s not a vulnerability; it’s a catastrophe waiting to happen. The recent billion-record Salesforce breach, which relied on stolen OAuth tokens, is just a preview.
Why an Open Standard Matters
Okta could have tried to make this a proprietary feature to lock in customers. But they didn’t. They took it to the Internet Engineering Task Force (IETF) to make it an open standard. That’s a huge deal. It’s like the difference between a single company inventing a new type of electrical plug versus everyone agreeing on the USB-C standard. For this to work, everyone has to play ball—identity providers, application makers, and cloud platforms.
The fact that Microsoft, a direct competitor, is already committing to build IAAG into Entra is the strongest possible signal that this is necessary. Ping Identity’s engineer co-authoring the latest IETF draft is another big endorsement. This isn’t about Okta winning; it’s about the industry trying to avoid a security meltdown. It needs to work as universally as HTTP or the WebAuthn standard behind passkeys.
Who’s Really in Charge Here?
This gets to the core philosophical problem OAuth never really solved for businesses. The standard assumes the “resource owner” is the end user. But is it? If you’re using your company’s Salesforce instance or SharePoint site, those resources belong to the organization. So why does a single employee get to hand out access keys to AI agents without the organization’s knowledge?
IAAG basically inserts the organization’s identity system into the handshake. So when an AI agent tries to get an OAuth token to access corporate data, the request can be routed through the company’s IAM system (like Okta or Entra) for policy approval. IT can set rules: “Agents from this vendor can only access these APIs,” or “Agents require manager approval for financial data.” The user might still initiate the request, but the organization gets a seat at the table. You can read more on Okta’s vision in their developer blog.
A Race Against Agentic Sprawl
The timing here is everything. Okta started this work before “agentic AI” was a buzzword, but now the wave is about to hit. Companies are desperate for productivity gains, and employees will use whatever tools they can. The pressure to bypass slow IT processes will be immense. If there isn’t a secure, standardized way to manage agent access, shadow IT will evolve into shadow AI—an uncontrollable swarm of autonomous software with the keys to your kingdom.
This standard is a foundational piece of plumbing for the next era of enterprise software. It’s not sexy, but it’s absolutely critical. The adoption by cloud giants is promising, but the real test will be in how quickly the thousands of SaaS applications and AI agent platforms build support for it. If they don’t, businesses will face an impossible choice: stifle innovation and agent use, or accept massive, unquantifiable risk. My bet? They’ll demand the standard, because the alternative is just too terrifying.
