One thing is clear this year: Generative AI is having a tremendous impact on the software industry, and a week doesn’t pass without software companies announcing their plans to incorporate the seemingly game-changing technology into their platforms.
This week, it’s Okta’s turn. The identity company is making a slew of AI-related announcements at the company’s Oktane customer conference, taking place this week in San Francisco.
“I think AI is the next big wave in technology. I think it’s as important and big and impactful as the internet, as cloud, as mobile,” Okta CEO Todd McKinnon told TechCrunch.
For Okta, that means training a model on all of the data it’s been collecting about identity and putting that to work to help make customers safer. “We have a new set of capabilities we’re launching called Okta AI,” he said. “It’s taking all of the really, really valuable data we have from risk signals and usage patterns and customers and policies, and combining them with the latest and greatest AI technology.”
As McKinnon points out, Okta AI isn’t a product per se, so much as a set of capabilities that will be added over time across the platform, some of which will incorporate predictive AI to help security teams understand possible threats, and some of which will allow users to interact with the data to pinpoint problems more easily using generative AI.
While this will involve many different pieces, he highlighted three in particular. The first, Identity Threat Protection, looks at traditional identity protection, checking for things like the computer, network, location and other clues to ensure the person signing in is who they say they are — but it doesn’t stop there.
“With Identity Threat Protection with Okta, AI, the evaluation of your security posture doesn’t stop. It’s continuously getting signals from the entire ecosystem — from CrowdStrike or Palo Alto Networks or Zscalar or anyone else — and this is integrated with identity fraud protection. The second that there’s any kind of risk anywhere, whether it’s malware on the device or a bad network security posture, [it can identify it],” McKinnon said.
And if it finds something that passes a particular threat threshold, regardless of which system it came from, Okta or one of its partners, it will undertake what McKinnon is calling a “universal logout,” logging the user out from every system until security can resolve the problem.
Next, Policy Recommender proposes an application security configuration based on similar use cases across Okta’s 18,000+ customer base. “You want to get the right balance between ease of use, without checking too much, and still making it secure, especially when the application is sensitive. So Policy Recommender is trained on the policies of thousands and thousands of customers and how they set up these apps,” he said. It uses that data to recommend a policy for each customer, based on their requirements and security posture.
Finally, Log Investigator is a more pure generative AI play, letting users query the Okta logs using natural language to find information. “The basis of this technology is a generative model that looks at all of the queries that people are issuing against the Okta logs to ask questions, and it trains the model on those queries,” he said. “So then the result of it is a natural language interface so customers can just ask questions and the Okta system will respond with answers based on what’s in their logs.”
McKinnon says the company is using a combination of models, depending on the task, including Google, OpenAI and Amazon. The company could also develop its own model in the future, one that will likely be based on open source offerings, he said.
Ray Wang, founder and principal analyst at Constellation Research, says in the future there will be an ongoing security battle with both sides using AI to gain an advantage, and security and identity companies like Okta have little choice but to get on board.
“Customers know that in the future, AI will be battling AI. So this is just the beginning, and they are expecting their identity providers to be able to handle attacks from other AI systems, as well as proactively preparing,” Wang told TechCrunch.
With these and other announcements, Okta is clearly moving toward this world, but it will be judged on how well it executes on these ideas, while protecting customer privacy. For now, these and other AI features being announced this week will go into beta in the coming months, and be generally available sometime next year.