Okta has released its annual Businesses at Work report on identity management and AI governance, finding that most organisations are using AI agents without a comprehensive strategy to govern them.

The findings highlight a gap between board-level concern and operational controls as companies expand their use of autonomous systems. Globally, 99% of C-suite leaders view Identity and Access Management as important to AI adoption, while 58% identify AI agent governance and oversight as their top security concern.

Even so, 90% of organisations do not yet have a comprehensive strategy for governing autonomous agents. The report also found that 91% of enterprises surveyed are already using AI agents, although most remain in early or limited deployment stages.

The research drew on anonymised data from more than 8,000 enterprise integrations in the Okta Integration Network. It portrays businesses moving quickly to introduce AI-driven tools while control frameworks lag behind.

Governance gap

One of the clearest findings is the uneven treatment of AI systems compared with human users. Only 32% of organisations govern AI agents with the same level of scrutiny applied elsewhere, leaving a significant share of non-human activity outside established oversight processes.

That matters because non-human identities are becoming more common across enterprise systems. The report found that 42% of organisations now have widespread use of non-human identities, suggesting autonomous software is moving into routine business operations rather than remaining in isolated pilots.

Okta linked that trend to a broader rise in governance activity. Access requests per company increased 158% year on year and 1,140% over two years, indicating a sharp increase in the amount of access organisations are trying to monitor and manage.

Service account governance also rose quickly, with centrally managed non-human identities up 650% year on year. That suggests many businesses are laying the administrative foundations for more extensive use of automated systems, even if formal governance of AI agents remains incomplete.

Security pressure

The report also highlights a widening mismatch between the pace of threats and the pace of defensive upgrades. It says the threat landscape is accelerating 6.3 times faster than organisations are adopting high-assurance protections, creating what it describes as a phishing gap.

Credential-based attacks remain a central risk. They account for 60% of all security incidents and 88% of web application breaches, reinforcing the importance of login controls and authentication policies in reducing exposure.

At the same time, the data suggests companies are putting more effort into stronger authentication methods. FastPass phishing-resistant authentications grew 81% year on year, pointing to increasing adoption of passwordless and phishing-resistant approaches.

These shifts come as regulators and policymakers place greater focus on accountability in AI systems. For businesses operating in Europe, governance around access, authentication and oversight is likely to face closer scrutiny as AI compliance obligations take shape.

Regional stakes

The report places particular emphasis on EMEA organisations as they assess how identity controls apply to AI tools and agents. The issue is not simply whether businesses are adopting AI, but whether they can establish clear lines of control over systems that may act autonomously across applications and workflows.

Industry forecasts cited in the report point to further growth in this area. Gartner predicts that 40% of enterprise applications will feature task-specific AI agents by the end of 2026, up from less than 5% in 2025, suggesting identity governance questions are likely to spread well beyond early adopters.

That projection helps explain why senior executives are paying closer attention. More than half of C-suite leaders surveyed, 52%, said IAM is very important to AI adoption, up from 46% in 2024, indicating growing concern as AI moves deeper into day-to-day operations.

For Okta, the results underline a tension between adoption and control. Businesses appear willing to introduce AI agents into the enterprise, but many have not yet matched that rollout with the same governance discipline used for employees, contractors or conventional service accounts.

Matt Ellard, General Manager EMEA at Okta, said: “For organisations across EMEA, the challenge now is to make sure governance catches up with AI adoption. As AI agents take on more operational roles, identity is what gives businesses the visibility and control to deploy them responsibly.”

The man – who lives in St Clement’s and did not wish to be named – has said that Royal Mail has been putting his post under a communal door despite him repeatedly asking the company not to.

He lives in a six-flat building and explained that previously the postal worker would gain access to the building by ringing the outside doorbells and then would post the letters into each individual flat.

READ MORE: Driver in the rough after police chase through Oxfordshire golf course

However, over at least the past month he said that this has not been happening and the man claims this is a “safety and security risk”.

“The postman is just chucking them under the door,” he said, adding that there could be anything in the letters including bank cards.

The Oxford man has complained his post is not secure (Image: Contributed)

He said: “Anybody could go through it.

“Anyone who knows anything about the door could through at any time or they could even get a stick and get the letters through to them.”

READ MORE: Bake Off star appears at water event with Channel 4 campaigners

The man said he had repeatedly complained to Royal Mail about it but the issue has persisted.

The company has since promised to look into the complaint.

A Royal Mail spokesperson said: “We will look into this with the local delivery team, as while there can be occasions where access to a building isn’t possible and items may be left in a communal area, our aim is always to deliver mail as securely as we can.”

A report has revealed the extent of the Glasgow-founded firm’s debt as its 40 UK stores are days away from a decision over their fate.

The companies linked to Quiz Clothing, and its stores are currently being managed by administrators Interpath.

Concerns over closure if a rescue package is not agreed have been raised.

Interpath is expected to update on the administration within days.

All 40 stores are at risk of closure. (Image: Newsquest)

The firm was appointed administrator to Orion Retail Limited, Tarak International Limited and Zandra Systems Limited, collectively trading as Quiz Clothing, in February.

The retail firm, operating for 33 years, has seven concessions in Ireland as well as its 40 stores across the UK, employing 565 staff.

At the point of administration, there were 109 redundancies across Quiz’s head office in Glasgow and distribution centre in Bellshill.

The administrators’ report for Orion Retail Limited shows that in December sums owed to connected parties of £15.4 million and trade creditors of £6.1m outweighed debtors at £13.5m – understood to represent sums owed by other group entities – and stock of £6.7m.

The report covering Tarak International Limited, which operated the group’s website and its overseas concessions, showed debtors at £11.1m and stock of £1.4m, principally, were outweighed by sums owed to connected parties of £9.5m and trade creditors £3.7m.

Zandra Systems Limited has no employees and its sole purpose is to hold an IT records contract.

The Zandra report stated: “To the extent the company has required to meet any fees and costs, we understand that, latterly, these would have been funded via loans provided by the company’s sole secured creditor, Zesta Ventures Limited.

“We understand Zesta Ventures Limited is owed approximately £6m by the group – albeit, we have yet to receive details of its indebtedness at appointment.”

The administrators said in the March 16 report: “We presently anticipate the administration trading period could last until mid-May 2026.

“Albeit, and with support from Hilco, trading performance is being monitored on a daily basis and paring back of operations will be implemented as it is considered necessary over the coming weeks.

“During the period immediately following our appointment – with news of the appointment having received local and national media coverage – we liaised with several parties who had expressed an interest in the company’s business and assets.

“To date, no offers have been received for the company’s business on a going concern basis.”