Okta deepens Google Cloud tie-up on AI agent security

Okta has expanded its partnership with Google Cloud with new security integrations for AI agents and browser-based work. The move extends identity controls across Google Cloud's Gemini Enterprise Agent Platform and Chrome Enterprise.

The tie-up targets organisations deploying AI agents more widely while shifting everyday work into browser-based software environments. It combines Okta's identity products with Google Cloud services designed to govern access, device posture and user activity.

At the centre of the announcement is a set of integrations for AI agents built on Gemini Enterprise Agent Platform. Okta's Auth0 for AI Agents now integrates with Agent Runtime on the platform, allowing developers to add authentication and access controls to agent-based workflows.

The service includes user authentication, OAuth token storage and management through a token vault, approval checkpoints for higher-risk actions, fine-grained authorisation controls, and authentication for Model Context Protocol servers. The goal is to let agents act on behalf of users under tighter controls and with clearer limits on what they are allowed to do.

A second layer of integration is still to come. Okta for AI Agents will connect with Gemini Enterprise Agent Platform to give companies a central registry for agents, link each agent to a human owner, and apply enterprise policies to agent access through Google Agent Gateway.

Those planned controls are intended to address visibility and governance issues as companies move from small pilots to much larger deployments. Central oversight becomes harder when businesses are managing tens of thousands of agents across different systems and tools.

Rising concerns

The broader backdrop is a rapid increase in AI use at work and a parallel rise in identity-based attacks. Okta cited figures showing that 92% of executives report moderate or widespread use of AI agents, while only 34% of organisations apply the same security controls to agents as they do to human workers.

It also pointed to a 127% year-on-year increase in identity-based attacks such as session hijacking, in which attackers steal post-authentication session tokens held in browsers. That has pushed browser security higher up the agenda for companies that rely heavily on software-as-a-service tools and AI-enabled applications.

In response, Okta and Google Cloud also announced a set of measures tied to Chrome Enterprise. These include Chrome Enterprise Universal Enrolment through the Okta Integration Network, allowing IT teams to apply managed Chrome profile policies on managed and unmanaged devices without synchronising identities to Google.

Okta has also integrated Device Assurance with the Chrome Device Trust Connector so browser and device posture can be checked in real time before access is granted to an application protected by Okta. New antivirus signals will allow Chrome to block logins at the browser level if antivirus software is disabled or out of date.

The browser measures also include support in Chrome for Apple's Extensible Single Sign-on on macOS with Okta as the identity provider. Chrome users will also be able to make greater use of Okta FastPass and Okta Device Access during sign-in across applications.

Another feature is support for Device Bound Session Credentials, an open standard that cryptographically links a session to a specific device through the Chrome browser. Okta said it worked with Google Cloud as a design partner on the standard and has added support in the Okta End-User Dashboard to reduce the risk of stolen cookies being reused on another device.

Dan Mountstephen, Senior Vice President and General Manager, APJ, Okta, commented on the regional significance of the partnership.

"We're at a pivotal moment across Asia Pacific. Organisations have moved past the AI experimentation phase. AI agents are now embedded in daily operations as part of the workforce. These agents need the exact same governance, visibility, and control we've long applied to human identities. It's non-negotiable."

"But there's another reality we're seeing. Our customers aren't locked into a single AI platform or cloud provider. They're navigating multiple environments and tools, and they want the freedom to choose best-of-breed solutions without introducing new silos or vendor lock-in."

"That's exactly why this partnership matters. Okta and Google Cloud are enabling organisations to deploy AI at scale, securely, with accountability built in from day one, while preserving the interoperability and choice that drives genuine innovation. Sustainable AI isn't about betting everything on one ecosystem. It's about giving organisations the control, visibility, and flexibility to build what they need," said Mountstephen.

Okta also framed the deal around concerns about dependence on a single provider, saying 62% of IT leaders view vendor lock-in as a strategic risk. The company argued that businesses want to combine different AI, cloud and productivity tools while retaining a single identity layer across those environments.

"Organisations shouldn't have to choose between the AI and productivity tools their teams want and the security their business requires," said Ely Kahn, Chief Product Officer, Okta.

"Securing the AI-powered enterprise requires a layer of identity security that operates seamlessly across the core platforms that power modern work," said Vineet Bhan, Director and Global Head of Security and Identity ISV Partnerships, Google Cloud.