惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
博客园 - 司徒正美
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 【当耐特】
M
MIT News - Artificial intelligence
罗磊的独立博客
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Stack Overflow Blog
Stack Overflow Blog
The GitHub Blog
The GitHub Blog
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
宝玉的分享
宝玉的分享
N
News and Events Feed by Topic
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
C
CERT Recently Published Vulnerability Notes
F
Full Disclosure
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Security @ Cisco Blogs
H
Hacker News: Front Page
L
LangChain Blog
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
B
Blog RSS Feed
H
Heimdal Security Blog
Google Online Security Blog
Google Online Security Blog
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 三生石上(FineUI控件)
V2EX - 技术
V2EX - 技术
V
Vulnerabilities – Threatpost
Help Net Security
Help Net Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tailwind CSS Blog
W
WeLiveSecurity
T
Tenable Blog
D
DataBreaches.Net
Martin Fowler
Martin Fowler
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
S
Secure Thoughts
O
OpenAI News
L
LINUX DO - 热门话题
Vercel News
Vercel News
阮一峰的网络日志
阮一峰的网络日志
Jina AI
Jina AI
J
Java Code Geeks
Know Your Adversary
Know Your Adversary
IT之家
IT之家
Latest news
Latest news
Cloudbric
Cloudbric

informationweek

2026 tech company layoffs InformationWeek Podcast: CTOs on using AI in regulated spaces How top CIOs are measuring the real ROI of IT automation What AI must learn from Roosevelt, conservation and 1929 Experian's chief innovation officer gleans AI gains with startup collab ETS CIO on competing with AI startups 'running with scissors' Before the next VMware: How CIOs prepare for vendor shocks The strategic alignment powering cyber-resilient organizations The AI infrastructure bottleneck is becoming a CIO problem InformationWeek Podcast: CTOs on reining in rogue AI agents Workplace equity in the age of AI Why and how to implement an AI asset rationalization strategy Why companies are shifting toward private AI models AI agents in automation: When to build, when to buy Navan CTO AI on trial: The Workday case that CIOs can The AI infrastructure boom is coming for enterprise budgets How CIOs can manage LLM costs: A practical guide What CIOs miss when buying vertical SaaS software InformationWeek Podcast: How CTOs balance AI and their teams Whirlpool, Duke Energy, Cleveland Clinic CIOs on scaling AI Where CIOs get stuck rebuilding the enterprise: What 'Rewired' reveals As AI makes projects harder to track, will CIOs need new controls? Why disaster recovery plans fail in geopolitical crises A silent erosion of enterprise AI by data poisoning Priceline CTO prioritizes engineers able to 'hold a room and a roadmap' InformationWeek Podcast: When CTOs need to restart IT projects Wayfair CTO maps agentic path across digital and brick-and-mortar commerce The AI contract gaps the Google-Pentagon deal just made visible Non-human identity sprawl is agentic AI's real risk Anthropic's Mythos forces a rethink of vulnerability management Outsourcing contracts weren't built for AI. CIOs are renegotiating now The AI spend hangover companies didn't plan for The power of CIO networking in the competitive AI world Why CIOs see AI projects stall: Speed without structure kills scale IT leaders should never let a good crisis go to waste SFO's digital twin maps airport operations from the curb to takeoff CIOs caught in the middle as AI startups disrupt vertical Saas Submit an IT Leadership column to InformationWeek Podcast: Rightsizing AI frameworks to avoid failure modes The invisible labor crisis inside IT: AI work the org chart can't see Why AI teams treat training data like capital Ask the Experts: How CIOs can identify and overcome cultural barriers to innovation Nobody told legal about your RAG pipeline -- why that's a problem Meta's new 'AI Zuckerberg' is a mirror for every C-suite Will the music stop for AI's funding dance? Rethink tech talent: Local is the smartest play for IT InformationWeek Podcast: Catching errors in AI-powered code CIOs can combat talent scarcity with AI-augmented leadership -- Gartner How Bellevue, Wash., is applying AI to streamline a broken permitting process Ignore the hype: Smarter tech bets at speed of change Who controls the fix? Colorado's repair fight tests CIO power Ask the Experts: The red flags that signal an AI project isn't worth pursuing The hidden high cost of training AI on AI Red Hat's Marco Bill: Resource control is key for AI sovereignty InformationWeek Podcast: New IT architecture, cloud, edge and AI Enterprises need Tier 1 provider relationships to deliver on AI How CIOs run and rebuild the business at the same time in the AI era It's not your tech stack, it's your structure -- fix it Confidential computing resurfaces as security priority for CIOs FinOps: Helpful tool, or a cloud control placebo for CIOs? Cleveland's open data overhaul: From sticky notes to public dashboards As Microsoft expands Copilot, CIOs face a new AI security gap Why build vs. buy doesn't fit modern IT systems InformationWeek Podcast: Is quantum computing slumbering? Your AI vendor is now a single point of failure Vibe coding: Speed without security is a liability A practical guide to controlling AI agent costs before they spiral AI fuels a new wave of technical debt The sunsetting of Sora: A hard lesson in AI portfolio resilience HP pushes broad internal AI use after early productivity gains Why value-based pricing is inevitable InformationWeek Podcast: Safeguarding ecosystems from outsiders Why AI scaling is so hard -- and what CIOs say works Humans are the North Star for AI-native workplaces -- Gartner How IT leaders build a culture for what comes next Compliance costs risk widening the AI gap AI-driven layoffs add new demands on CIOs to prove value AI transformation: Early wins are not enough for CIOs Why CIOs can't let users wait on IT Memory shortage doesn't have to spell disaster for IT budgets Accelerate AI adoption: 3 reasons for adopting MCP How techno-nationalism is complicating IT resilience and supply chains for CIOs InformationWeek Podcast: Compliance crackdown on AI and BYOD Workday’s AI reset: Agents and the race to remake SaaS Why enterprise AI initiatives keep dying before production Metrics of meaning: What do we really measure in AI? Techno-nationalism is reshaping CIO infrastructure strategy Using AI to pick team leaders -- without crossing legal or ethical lines What Oracle's layoffs reveal about running IT with fewer people Chief AI Officer on course-correcting when AI moves too fast Large enterprises need high-performing networks to scale AI InformationWeek Podcast: When do smaller AI models make sense? The future belongs to AI-driven IT Ways AI supercharges risk awareness and data insights for CIOs How automation prepares you for agentic NetOps Should the CIO, CFO or CEO hold the kill switch on AI? The CIO's new mandate: Redesign work itself Ask the Experts: CIOs say they wouldn’t pull workloads back from the cloud How AI is Reshaping the Enterprise
Okta
Myles Suer · 2026-06-18 · via informationweek

Myles Suer,CIO Analyst and Tech Journalist

June 18, 2026

6 Min Read

Data security and privacy remain among the biggest concerns as IT organizations help their companies move ahead with agentic AI. In recent research from Dresner Advisory Services, more than 60% of 500 organizations surveyed said data security and privacy are "critical" to successful agentic AI initiatives. The percentage increases to 85% if you add those who say it is "very important." 

To better understand how identity and access management are evolving for AI agents, I recently spoke with Harish Peri, senior vice president and general manager for AI security at Okta. Our conversation covered shadow AI, agent governance, authorization and the challenges of securing non-human identities

The interview

Suer: What identity and access risks aren't CIOs seeing clearly, or actively discounting, when deploying agentic AI?

Harish Peri: The biggest risks right now stem from shadow AI — that is, the agents operating in your environment that you don't know about.

Related:Intuit's chief AI officer on the SaaSpocalypse and disciplined AI

Suer: How is this different from the shadow IT security issues CIOs have dealt with for decades?

Peri: It's an issue of visibility. A compromised AI agent isn't your run-of-the-mill breach — it's an autonomous attacker that doesn't sleep, with the keys to the kingdom. 

We're seeing this problem today because organizations are struggling to keep up with the democratization of agent creation, which allows any employee to provision a "digital worker." Teams are spinning up new agents so quickly, and if you don't have the right identity and access controls in place, these agents can run wild and untraced.

Suer: What are the biggest security risks associated with AI agents? 

Peri: There are actually three risks that we have determined with the help of our customers. The first is the risk of an employee with ill intention. The second is a motivated hacker who finds a hole in from the outside and performs a prompt injection attack. And the third is an agent that incorrectly responds to a prompt and exposes sensitive data or misappropriates data it has access to.

Suer: Which agentic AI risks are being mistaken for traditional application security problems when they're really identity and authorization problems? 

Peri: Current identity and security stacks were tailored for humans and traditional software. Human users have predictable lifecycles, and software has fixed execution paths, but autonomous agents break these assumptions. The non-deterministic nature of agents creates gaps that existing tool stacks aren't built to close. 

Related:Time for an AI exit strategy: How CIOs are cutting AI waste

Suer: Some vendors are pushing the idea of writing job descriptions for agents. Should role-based security follow — and how granular does it need to be? 

Peri: AI agent access should be incredibly granular. Agents need to be treated as their own unique, first-class identity type. Treating agents as first-class identities means moving away from managing them as unmanaged service accounts or static API keys, and instead discovering, onboarding, protecting and governing them with the same security rigor, lifecycle controls and visibility applied to human employees.

Suer: What does identity governance look like when agents — not employees — begin initiating actions, accessing systems and making decisions? What does governance need to look like? 

Peri: AI agents operate at machine speed, meaning they're potentially executing thousands of API calls in a matter of minutes. Traditional identity governance isn't built for the dynamic authorization necessitated by agents. Organizations need to control every app, tool, MCP and API that an agent interacts with. Effective governance requires the ability to continuously authorize all of those individual tool calls and understand the context and intent behind those decisions.

Suer: As organizations deploy more and more Ai agents, how can governance possibly keep up? 

Related:CIOs need control before AI gains accountability

Peri: The answer is agents. In this case, it is agents that can identify improper behavior and crack down on that behavior. Here, it is the job of an authorization agent to look at real-time, fine-grained authorizations. To do this, we need fine-grained configurations defined at the start so these guardian agents can stop inappropriate behavior. As well, we need organizations to broaden their use of fine-grained permissions at the app layer, the process layer and the data layer. This is where posture and the authorization layer become critical. Organizations need to govern agents whose privileges can be more than the human who commanded them. And this is not just role-based security -- it is attribute-based control."

Suer: Who should be allowed to build agents inside the enterprise? Are agent builders an unguarded attack surface in the enterprise, and what access controls and guardrails should CIOs be putting around them? 

Peri: The democratization of AI and building agents is a net positive. It's less a question of who should be allowed to build, but do you have the right controls in place to secure and manage the agents that teams are spinning up? Every homegrown agent needs to be registered into a central directory, granting security teams the visibility to manage its permissions and lifecycle just like any other enterprise asset.

Suer: With agents sprawled across teams and stacks, how can CIOs maintain visibility into what agents can access, modify and share? 

Peri: Visibility is the top concern we're hearing about from customers. It starts with being able to discover agents, regardless of where they were built or being deployed — including the shadow agents that have been spun up without permission. Once discovered, it's about centralized control over agents' connection paths. By having a singular control plane to manage agent access, organizations can observe and audit agent actions, and manage the full lifecycle of an agent from onboarding to decommissioning.

Suer: AI agents are chunking and embedding information in vector databases and other systems that traditional security tools weren't designed to protect. How should CIOs rethink data security in these environments? 

Peri: Because agents interact with sensitive data autonomously, the most effective way to protect your databases is to rigorously secure and govern the non-human identities accessing them. By enforcing strict, identity-centric access controls and continuous behavioral monitoring, you effectively build a dynamic fortress around your most critical data.

Parting words: The customer is usually right 

At the end of the interview, I asked Peri how he arrived at his current perspective. He said it was Okta's customers — early adopters of agentic AI — who led the way. As these customers began implementing agents in their environments, they became aware of how agents could be manipulated. These vanguard customers helped Peri and his team rethink the concept of zero trust. This is clearly a case where staying close to the customer helped ensure the right problems were being considered. It will be interesting to see how data security evolves in the months and years to come. It does seem strange that agents will protect us from other agents — and from agents acting with ill intent.

About the Author

Myles Suer

CIO Analyst and Tech Journalist

Myles Suer is a CIO analyst and tech journalist. Recognized by Leadtail as a top CIO influencer, he is the former leader of #CIOChat, a global community connecting CIOs and senior technology leaders. His insights have been featured in publications such as CMSWire, CIO.com, VKTR, and Cutter Business Technology Journal. Suer frequently reviews books on AI, technology, and business strategy from leading publishers, including Harvard Business Review Press, MIT Press, and Columbia University Press. Additionally, he serves as research director at Dresner Advisory Services.