AI agents have moved well past the pilot stage inside most large organizations running cloud infrastructure. According to Okta‘s own market research, 92% of executives report moderate or widespread agent use across their cloud operations. What that same research also found is harder to dismiss: only 34% of those organizations apply the same security controls to their digital workers as they do to human employees operating within those same cloud environments.
That gap is the problem Okta and Google Cloud are directly addressing through an expanded partnership that brings identity governance into the cloud environments where AI agents and browser-based work actually happen.
The core challenge is structural. Human employees go through authentication, access controls, and governance frameworks built up over years of enterprise cloud security investment. AI agents, despite performing similar tasks and accessing similar cloud systems, often operate outside those frameworks entirely. They authenticate differently, accumulate cloud permissions that nobody audits, and interact with sensitive data through cloud pathways that security teams struggle to monitor consistently.
Okta’s Auth0 for AI Agents now integrates directly with the Agent Runtime on the Gemini Enterprise Agent Platform on Google Cloud. The integration gives developers a secure identity layer they can embed into cloud agent workflows without building custom authentication from scratch. Agents get verified identities, token management through a dedicated Token Vault, and fine-grained authorization controls that limit each agent to only the cloud actions its designated user is actually permitted to take.
Human-in-the-loop workflows add another layer for high-risk cloud decisions, triggering approval checkpoints when agents attempt actions that warrant human review before proceeding.
The browser security component runs alongside this through a partnership with Chrome Enterprise. Rather than treating the browser as an endpoint that cloud security policies reach after the fact, the integration turns it into an actively enforced cloud work environment. Device trust signals, antivirus checks, and policy enforcement run at the browser level across both managed and unmanaged devices, addressing a threat surface that grew considerably as session hijacking attacks rose 127% year over year.
Ely Kahn, Okta’s CPO, noted that organizations should not face a choice between the cloud productivity tools their teams want and the security their business requires. That framing reflects where enterprise cloud AI adoption currently sits: fast enough to create real exposure, but not yet governed carefully enough to contain it.
