Can Okta & Google Cloud Stop AI Identity Security Exploits?

As AI agents increasingly work alongside human employees, organisations must treat digital identities with the same security rigour as the traditional workforce. 

However, the automated ecosystems of this new world are pushing traditional boundaries of identity security to limits.

In a significant move to address these emerging challenges, Okta is expanding its strategic collaboration with Google Cloud.

By combining identity, cloud and productivity solutions, the two organisations are working to strengthen resilience across the modern workforce.

Vineet Bhan, Director and Global Head of Security and Identity ISV Partnerships at Google Cloud, notes that in order to secure AI-powered enterprise, a layer of identity security operating seamlessly across core platforms, is required.

He says: “Together with Okta, we're extending that foundation across Google Cloud – so customers can confidently deploy AI agents in production, govern how they interact with critical systems and maintain strong protection across the browser.”

Session hijacking and security vulnerabilities

The integration of automated tools into daily enterprise workflows increases efficiency, but it also creates a distinct set of operational and security challenges.

Modern work is evolving quickly as automation becomes a routine part of the workplace. 

According to Okta's AI Agents at Work market report, 92% of executives report moderate or widespread use of AI agents within their organisations.

Despite this widespread adoption, only 34% of organisations apply the same security controls to these digital workers as they do to human employees. 

This discrepancy leaves a massive governance vacuum, opening a door for malicious actors to exploit. Identity-based exploits are rising sharply as a result of this security gap. 

Session hijacking has seen a 127% year-over-year increase as threat actors focus on stealing post-authentication session tokens stored directly in the browser.

Flexibility and platform interoperability also remain top priorities for technology leaders. 

Approximately 62% of IT executives view vendor lock-in as a strategic risk, highlighting the critical need for open, interoperable security ecosystems.

Ely Kahn, CPO at Okta, explains that enterprise teams require both advanced productivity tools and robust system defences.

He says: “Organisations shouldn’t have to choose between the AI and productivity tools their teams want and the security their business requires.

“Okta and Google are a natural fit because we pair Google’s leading product suite with an identity layer that can work across the entire modern, AI-powered work stack.”

Integrating Auth0 for identity governance

To eliminate identity blind spots as enterprises scale automated systems, the collaboration delivers a structured identity framework.

This framework is divided into immediate deployment capabilities and upcoming pipeline features.

Auth0 for AI Agents now integrates directly with the Agent Runtime on the Gemini Enterprise Agent Platform. 

This integration provides a secure identity layer that accelerates the transition from pilot projects to live production by mitigating the need for custom coding.

Developers can embed enterprise-grade identity and access controls into workflows using several core features:

• User authentication: Verifies that only authenticated users can invoke an agent
• Token Vault: Stores, manages and refreshes OAuth tokens to safely connect agents to downstream services
• Human-in-the-loop workflows: Trigger human approval checkpoints for high-risk actions while agents work in the background
• Fine-Grained Authorisation (FGA): Ensures that agents perform only the specific actions a user is permitted to take
• Auth for MCP: Adds authentication and authorisation to any Model Context Protocol server.

As enterprise agent fleets expand, answering fundamental questions about agent visibility and policy enforcement becomes vital. 

Okta for AI Agents will soon also integrate with the wider Gemini Enterprise Agent Platform to ensure all automated tools possess a verified identity. 

The upcoming capabilities will continuously import agents into a centralised directory to maintain human accountability while routing external requests through a real-time policy enforcement point.

Strengthening browser security

Since modern enterprise activity increasingly takes place within a web browser, securing this layer is just as crucial as governing the automated tools running inside it. 

Organisations face continuous threats from credential theft and malicious extensions, which create visibility gaps.

To address these vulnerabilities, Okta and Chrome Enterprise are turning the browser into a policy-enforced work environment. 

This configuration protects applications, data and gen AI use on both managed and unmanaged devices without disrupting daily workflows.

The Chrome Enterprise Universal Enrollment feature enables IT teams to enforce enterprise-grade policies through managed Chrome profiles on any device. 

This is available through the Okta Integration Network and functions without requiring identity synchronisation to Google.

Device trust enhancements will integrate Okta Device Assurance with the Chrome Device Trust Connector to evaluate browser and device posture in real time. 

Meanwhile, new antivirus signals allow Chrome to block logins at the browser level if a device has out-of-date protection.