Why AI Agents Are Creating a New Security Blind Spot

Agentic AI , Artificial Intelligence & Machine Learning , Identity & Access Management Why AI Agents Are Creating a New Security Blind Spot Okta's Charlotte Wylie on Identity, Governance and Rogue AI Access Jennifer Lawinski • May 26, 2026     Credit Eligible Get Permission Charlotte Wylie, senior vice president and deputy chief security officer, Okta As enterprises rapidly deploy artificial intelligence agents across their organizations, security teams are struggling to answer a basic set of questions: Where are those agents, what systems can they access and what actions can they take? Charlotte Wylie, senior vice president and deputy chief security officer at Okta, said the rise of AI agents is creating a new identity challenge that many organizations aren't prepared to manage. See Also: Know Thy Enemy: Threats to Cyber Resilience Wylie said most security teams are operating in a reactive mode, attempting to balance innovation with enforcement while lacking visibility into unauthorized or poorly governed AI systems. The problem, she said, stems from treating AI agents as extensions of human users rather than as independent identities with their own permissions and risks. "We need to start treating agents as their own identity type," Wylie said. One growing concern is the rise of "shadow agents," unsanctioned AI tools employees connect to enterprise systems without IT oversight. Rather than shutting those initiatives down, Okta focuses on enabling them securely through governance frameworks and cross-functional collaboration designed to scale innovation responsibly. In this video interview with ISMG, Wylie discussed: Why AI agents must be treated as a new identity category; How shadow agents and overprovisioned access increase enterprise risk; Why CIOs and CISOs must align governance and AI deployment strategies. Wylie leads Okta's global technical cybersecurity services and oversees the company's security program supporting nearly 19,000 customers worldwide. She also helps lead Okta's Secure Identity Commitment initiative, focusing on defending against identity-based attacks, AI-augmented threats, and emerging risks tied to nonhuman identities and agentic AI systems. She was previously deputy CISO and chief of staff at Symantec and held senior security roles at Xero, NortonLifeLock and Commonwealth Bank.