How do you secure identities that aren’t human? As AI agents become autonomous actors in enterprise environments, this question keeps security leaders awake at night. In this Techzine TV interview, Stephen McDermid, CISO for EMEA at Okta, talks with us about some of the answers.
McDermid sits down to discuss one of the most important challenges in cybersecurity today: managing and securing AI agent identities. With 86% of attacks targeting identity systems, and AI agents now operating with more and more autonomy, organizations face a critical turning point in how they approach security governance.
The conversation goes into practical strategies that organizations are implementing right now. One interesting thought here is that treating AI agents as primary identities changes everything about security architecture. Also, we draw parallels between the mistakes of cloud adoption that seem te be repeating themselves in the AI era.
What you’ll learn in this interview
Most organizations don’t realize where AI is already being used across their business. McDermid explains the critical first step that companies must take before implementing any AI governance framework, and why skipping this step leads to failure.
Not all AI decisions require human approval, but some definitely do. During the interview, we discuss an example involving payment authorization that illustrates where to draw these lines, and how organizations can adjust these boundaries as they gain confidence in their agents.
AI-driven attacks already move faster than humans can respond. McDermid talks with us about how identity platforms must evolve to make real-time decisions at machine speed, and why traditional security approaches simply can’t keep pace with agentic workflows.
Europe and the United States approach AI risk very differently. Understanding these regional variations matters for any organization operating globally, and McDermid’s perspective as EMEA CISO provides some interesting insights into bridging these gaps.
Key topics
- Why AI agents need the same identity governance as human users – and what that actually means in practice
- How to discover existing AI usage across your organization before implementing controls
- The role of fine-grained authorization in balancing automation with appropriate risk management
- Why open standards matter more for AI security than any previous technology shift
- How threat intelligence sharing across the security community creates collective defense
- The importance of hardware identity verification as attacks become more sophisticated
- Real-time decision making across application, data, and infrastructure silos
- Why transparency builds trust for American technology companies operating in Europe