Incumbents Bundle Agent Identity
Keycard
This acquisition shows that agent identity is being absorbed into the broader identity security suite, not bought as a standalone tool. Okta already sells workforce identity to large enterprises, so adding privileged access lets it control the riskiest step in an agent workflow, giving a bot or script access to a database, cloud console, or internal app, and price that control inside one larger security contract.
-
Axiom gives Okta modern privileged access management for cloud, SaaS, and databases, and Okta says the technology will be folded into Okta Privileged Access. That matters because AI agents often fail at the exact moment they need elevated rights to take an action, not when they first authenticate.
-
SailPoint is taking a governance led path. Its Agent Identity Security pulls agents from platforms like AWS, Azure, GCP, and Salesforce into one system, assigns owners, reviews access, and governs the service accounts agents use. That is strongest for audit, compliance, and lifecycle control.
-
Microsoft is embedding agent identity directly into Entra. Agents built in Copilot Studio and Azure AI Foundry are automatically registered in the same directory as employees and apps, which makes bundled distribution a major threat to startups that only sell agent identity as a point product.
The market is heading toward bundled identity stacks where human, machine, and agent accounts are managed together, but different incumbents will win in different layers. Okta is pushing deeper into action level access control, SailPoint into governance, and Microsoft into native platform distribution. That raises the bar for specialists like Keycard to own the real time decision layer that incumbents still handle more slowly.