Okta CEO Todd McKinnon is positioning his company around a provocative idea: AI agents inside corporations need identity management just like human employees do. In a wide-ranging interview with The Verge AI, McKinnon laid out why he sees agent identity as the next massive opportunity for his $14 billion company, even as he admits being “paranoid” about existential threats to the SaaS business model.
The timing matters. As AI agents move from demos to deployment inside enterprises, a fundamental security question is emerging: who manages the credentials, access rights, and permissions for software that acts autonomously? McKinnon argues that agent identity sits “in between a person and a system,” which creates an entirely new category for identity management platforms to address.
The SaaSpocalypse Is Real, and McKinnon Knows It
On Okta’s most recent earnings call, McKinnon used the word “paranoid” to describe his stance on what the industry calls the SaaSpocalypse. The threat is straightforward: if companies can vibe-code their own internal tools using AI, why keep paying SaaS subscription fees?
For a company pulling in $3 billion in annual revenue with 20,000 enterprise customers, that’s not an abstract concern. McKinnon frames it as both existential risk and massive opportunity:
- The overall technology pie is expanding, possibly bigger than the cloud computing shift
- New categories are emerging that didn’t exist before
- Companies that adapt can capture outsized value; those that don’t will get disrupted
“The prize is massive,” McKinnon told The Verge AI, adding that his goal is to transform Okta from a “mid-size, successful SaaS company” into “one of the most important companies in the world.”
Why Agent Identity Is the Real Play
What stands out here is McKinnon’s framing of the problem. Consider what’s already happening: people buy hardware, hand their login credentials to AI agents like Operator or Computer Use, and let the agent act on their behalf across dozens of enterprise apps. The security implications are enormous.
Traditional identity management assumes a human is on the other end of a login. Agents break that assumption completely. They need:
- Scoped permissions that limit what they can access
- Audit trails showing exactly what actions they took and why
- Kill switches that can revoke access instantly
- Credential management that doesn’t involve sharing human passwords
McKinnon suggests a kill switch at the agent level is part of the answer, but the full solution likely requires rethinking identity infrastructure from the ground up. This is where Okta wants to plant its flag.
What This Means for the Industry
The broader signal is clear: as AI agents proliferate inside organizations, every enterprise software company needs an agent strategy. Identity management might be the most critical layer, because without it, you get chaos. Employees managing “hybrid teams” of humans and AI agents need governance frameworks that don’t exist yet.
For AI practitioners and enterprise leaders, the practical takeaways are worth noting. First, if you’re deploying AI agents in production, identity and access management can’t be an afterthought. Second, the companies that build the identity layer for agents will hold significant leverage in the enterprise AI stack. Third, the SaaSpocalypse pressure is pushing incumbents like Okta to innovate faster than they otherwise would, which benefits buyers.
McKinnon’s paranoia looks well-placed. SaaS companies that simply defend their existing products will lose ground. The ones that redefine their category around AI-native use cases have a shot at coming out bigger than they went in.
The full interview dives deeper into McKinnon’s vision for hybrid human-agent teams and the nature of building software in 2026. You can find the complete conversation over at The Verge.