Agentic AI,
Artificial Intelligence & Machine Learning,
Identity & Access Management
Okta’s Charlotte Wylie on Identity, Governance and Rogue AI Access
As the landscape of enterprise technology continues to evolve with the rapid deployment of artificial intelligence agents, security teams are finding themselves confronted with challenges they are ill-equipped to address. Key among these challenges are fundamental questions about the placement of these agents, the systems they interact with, and their potential actions. Charlotte Wylie, who holds the position of senior vice president and deputy chief security officer at Okta, has highlighted that the surge of AI agents is giving rise to a pressing identity challenge that many organizations are not prepared to tackle.
In a robust conversation surrounding cybersecurity and innovation, Wylie underscored that most security organizations are currently operating reactively. They grapple with the dual objectives of fostering technological innovation while ensuring stringent enforcement of security protocols. A significant gap in visibility into unauthorized or poorly managed AI systems exacerbates this dilemma. Wylie elaborated on a critical oversight in perspective: organizations often regard AI agents merely as extensions of human users. This can lead to an underestimation of the unique permissions and risks these agents introduce. Wylie emphasized, “We need to start treating agents as their own identity type,” advocating for a paradigm shift in how enterprises approach identity management.
This evolving dynamic has given rise to a troubling phenomenon known as “shadow agents.” These are unsanctioned AI tools that employees connect to enterprise systems without proper oversight from the IT department. Wylie noted that instead of shutting down these initiatives outright, Okta’s strategy focuses on enabling their secure use through well-articulated governance frameworks. Cross-functional collaboration has become essential in scaling innovation responsibly while safeguarding the enterprise’s digital ecosystems.
In a video interview conducted by ISMG, Wylie elaborated on several crucial topics. She reiterated the importance of recognizing AI agents as a new category within identity management systems. She also addressed how the advent of shadow agents and excessive permissions can significantly ramp up enterprise risks. The conversation touched upon the necessity for Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) to harmonize governance strategies with AI deployment approaches, ensuring that innovation does not come at the cost of security.
Charlotte Wylie’s role at Okta is pivotal as she leads the company’s global technical cybersecurity services, overseeing a security program that supports nearly 19,000 customers worldwide. Her leadership extends to Okta’s Secure Identity Commitment initiative, which zeroes in on defending against identity-based attacks, threats enhanced by AI, and the emerging risks associated with nonhuman identities and agentic AI systems. Wylie possesses extensive experience in cybersecurity, previously serving as deputy CISO and chief of staff at Symantec and holding senior security roles at Xero, NortonLifeLock, and Commonwealth Bank.
As organizations continue to embrace AI technologies, the need for a proactive and comprehensive approach to identity and access governance has never been clearer. Wylie’s insights underscore a vital shift in mindset, urging enterprises to rethink traditional frameworks around identity management. By acknowledging and addressing the complexities introduced by AI agents—both sanctioned and unsanctioned—businesses can fortify their cybersecurity posture in this rapidly evolving digital landscape.