A

Support for the show comes from Odoo. Running a business takes everything you've got, but a lot of the tools out there that promise to make your life easier aren't great at talking to each other, which means you end up having to toggle between a dozen different apps and services just to keep the lights on, Odoo says. Enough of that. They're in an all in one fully integrated platform that might actually help you

B

get it all done.

A

Thousands of businesses have made the switch. You can too. Try Odoo for free@odoo.com that's o d o o.com support for the show comes from Anthropic, the team behind Claude. You know how sometimes a problem just grabs you? Like you sit down thinking it's a quick thing, then suddenly it's midnight? That's exactly the kind of mind Claude is built for. People who don't just want the answer, they want to chase the thing that's underneath it. Anthropic positions Claude as a thinking partner, not a search engine. It works through the problem with you, and it doesn't try to just wrap things up in an easy answer. Get started with Claude for free at Claude. AI decoder support for the show comes from MongoDB. If you're a developer stuck fixing bottlenecks instead of building the next big thing, then you need MongoDB. MongoDB is the flexible, unified platform that gets out of your way. It's ACID compliant, enterprise ready and built to ship AI apps fast. It's trusted by so many of the Fortune 500 for a reason. Ask any developer. It's a great freaking database. Start building@mongodb.com build

B

hello and welcome to Decoder. I'm Neil Apatel, editor in chief of the Verge, and Decoder is my show about big ideas and other problems. Today I'm Talking about Todd McKinnon, the co founder and CEO of Okta, a platform that lets companies manage security and identity across all the apps and services their employees might use. Think of it like login management. Actually, that's a great way to think about it, because the way most people encounter Okta is that it's the thing that makes you log in again right before joining a meeting several times a week, which makes you late and then you have to apologize. Can you tell we use Okta? Anyhow, all that is a big business. Okta has a $14 billion market cap, but big software as a service, companies like Okta are suddenly under a lot of pressure in the age of AI. After all, why would you pay their fees when maybe you could just vibe code your own tools to do similar things? This is the so called saaspocalypse. And Todd himself recently said he was paranoid about it on Okta's most recent earnings call. So we dug into it and how he's putting that paranoia into practice inside Okta, what he's changing and what new opportunities he's going off to to head off the apocalypse. The the biggest opportunity that Todd's thinking about is some deep decoder bait. The idea that it's not just people whose access and security credentials need management, but also AI agents inside a corporation. This concept has really gotten traction recently with the rise of OpenCloud, which comes with a ton of security challenges. Can any company keep their users platforms and data safe? If people are just gonna go buy a Mac Mini, hand it all their credentials and let OpenCloud do its thing, is simply installing a kill switch at the agent or login level as Todd suggests going to be enough? You'll hear Todd say that agent identity is something between a person and a system, which is in fact some of the richest decoder bait possible. So we spent some time digging into that. It also seems like we're on the cusp of some of the goofiest org chart ideas in history as folks start to manage hybrid teams of people and agents. And I wanted to know how Todd was thinking about that inside of Okta. Like so many of our guests recently, it's clear that Todd's a decoder fan. So this one got deep about the very nature of building software itself and what it means to run a software company in 2026. That's right, episode got emotional. Hang on. It might surprise you. Okay, Okta CEO Todd McKinnon. Here we go. Todd McKinnon, you're the co founder and CEO of Okta. Welcome to Decoder.

C

Thank you for having me, Nilay.

B

It's great to be here. I'm excited to talk to you. I feel like a real theme of decoder lately is just me being emotional about the nature of software in 2026. And. And I can't think of anyone better to do it with than you. Because when I think of emotional software development, I think of big enterprise software CEOs.

C

Would you like me to soothe your emotions or cut your emotions?

B

I'm going to start with your emotions. Actually. We're going to get right into your feelings, Todd. A few weeks ago.

C

I'm really good at talking about my feelings to massive groups of people so late on well, you did.

B

Here we go. We're going to just jump right into it. A few weeks ago, octahed earnings. You're on the call. They asked you about the SaaS apocalypse, which I want to talk about in detail. But this was your response to SaaS apocalypse? This is why I was starting with feelings. You said, quote, we are paranoid and we're making sure that we're using all the latest technologies, LLMs, et cetera, to make sure that we have something that's resilient and secure but has the best features and best capabilities. This is you talking about Agentix. Software development is real. The idea that our customers would build their own tools instead of paying us for these tools is real. We're paranoid about it. We've got to compete with that. That's a big thing to say, talk about where you are in SaaS apocalypse because I want to start there and then I want to zoom out to basically the nature of software in general. But that feels like a big thing for you to say, like you need to be paranoid about this threat.

C

Let's start with me personality wise and how I operate. I'm very much challenge driven and I think a lot of people are in our business and just like what's the next challenge? And what I see right now in the world is huge challenge and a huge opportunity. It's like a huge mountain to climb. And that is at the fundamental level is that I believe strongly that the pie for technology is expanding greatly. Like the pie that what we can do for people and companies with AI and the common things people talk about, agents. This is a massive change, massive disruption. It's bigger than cloud computing. It's. You could talk about is it as big as the Internet? It's big. So now capturing that and leading a company that thrived company Okta's had decent amount of success. 3 billion in revenue, growing over 10% last year. Established brand, 20,000 customers had some decent success. I think the opportunity going forward with all this change and all this disruption is, is massive. It's huge. Technology's getting way bigger. There's all kinds of new categories I think are emerging. So for me personally it's an incredible opportunity and challenge to lead the company through this and to go from what is a mid sized successful SaaS company to be what I think could be one of the most important companies in the world. So that's a huge challenge. It's a huge opportunity. It's also daunting because in some way it'd be great if things didn't change that much. And our locked in position was, you know, more stable and we could plug along. But there's a huge prize. The prize is massive and that's incumbent upon us to face this challenge and to go get it.

B

You've talked about this in terms of the pie. You've said that the total addressable market for software is growing. I have a lot of questions about Okta in that market as it's growing. I know you have some announcements about agents and verifying agents and having kill switch for agents that I want to talk about. I just want to come back to SaaS Apocalypse in general. I understand SaaS Apocalypse for a run of the mill productivity tool. We use a lot of run of the mill productivity tools here at the Verge. They're all fine, right? And I'm always joking that enterprise software CEOs don't love coming on the show.

C

When I grow, I want to be run of the mill.

B

Right? But they're all fine. Like you can take one piece of project tracking software and replace it with another. And the idea that you're going to get anything more than a 5% productivity improvement I think has always been illusory. Maybe you'll get some better pricing. The idea that I can just vibe code a Trello and now I don't have to pay Trello because I just have a Trello. Like I understand that argument. Okta to me has seemed much more insulated from that. Right? Because you have identity and you have to protect. You have to do security at a scale that most people can't consider doing security. There's a lot of reasons why me paying you to take that liability on is a good business, regardless of whether I can build it myself or cheaper. What specifically has you paranoid about Agentix software and your customers building their own tools like Okta? Because to me that's actually a little more opaque.

C

I mean if you look at what these tools can do, it's amazing. The cloud code and cowork and codex and these are, I mean from my grew up as a software engineer and that whole world is being revolutionized. So I built a company as a product developer and as an engineer. And so if you don't question and look at how you've built your own company and thinking and realize that that world is changing, you're just naive. Now we can talk about the reasons why. I think Okta is very well positioned and has attributes of the market and attributes of the product that make it very resilient and hard to replace. But just Got to look at the technology and look at what's possible. And if you're not, if you're not circumspect about what got you here and what your modes are and what the upstart would be doing if they were trying to compete with you, I think you're just naive. So I think it's a healthy paranoia when you look at the. I think there's the features and functionality of our products and then one thing that's maybe misunderstood about what we do, or maybe the buyers understand it, but in general might be misunderstood. You can build the features and functions, but the last thing you have to do is you have to connect it to everything. Thousands and thousands of different applications and services and pieces of infrastructure. It has to be connected to the last mile. So that is, you know, and that always changes. So you have to keep that integrated and you have to make sure it's always up to date with the latest changes of all the ecosystem. And so the integration part and then this other part is that it really, it has to work. It's mission critical. So even if you're building something that looks like Okta, getting the features to work is like 10% of the battle. Making sure it works 100% of the time takes years and years and years. And there's also a reputational thing. It's like, what are you going to trust? Are you going to trust the proven solution that's been out there for years? Are you going to trust something that your team just cooked up? So infrastructure software in general, and then cyber software, I think is also very well insulated from people vibe coding it themselves. Just because you're talking about things that are purchased on. There's a lot of a brand that goes into it. Like, what cyber company do you trust? What cyber company do you trust to be secure itself to? What cyber company do you trust to be up to date on all the latest threats that are buying cyber tools? They're going to have to look at their bosses and their boards of directors and say, what did you pick? Oh, we got breach. Well, what did you pick? Well, I wanted to save a little bit of money to vibe code it so that the category of security and infrastructure software, I think is a little bit different from some of the app categories that you were talking about.

B

There's a little bit of no one ever got fired for picking IBM in there. And then I think more cynically there's, I want a vendor for this stuff that is rich enough for me to sue them if something goes Wrong. Right. Like it's in there. I hear it from the industry.

C

Or the more like glass half full would be. Can support me?

B

Yeah, it's one or the other. Your job is to have the glass be half full. I have the other job. I'm trying to connect the dots between what sounds like a good case for being insulated from the market and what you're describing as healthy paranoia. Like, there's a new generation of software tools that will help people build competitors to Okta, whether those competitors are just the next N+1 SaaS competitor, or whether it's the internal team at a company saying, we'll build our identity solutions. What's the mechanism that is leading you to say we have to be vigilant? Is it the new generation of SaaS companies will just be cheaper, they'll have fewer people and they'll build something comparable to Okta that is just vastly cheaper per seat. Is it? The companies will realize, oh, we can just build all these connectors and cloud code is going to traverse our intranet and lock people in manually and maybe that'll be more costly in tokens, but the front end will be cheaper if you have the insulation. What is the mechanism that might be a threat to Okta?

C

I compartmentalize it in two different areas. The first area is just probably the more important area is job as CEO. Is most important job is figure out strategy, which means which market you're going to be in and how you're going to win in those markets. And for us, there's a big new emerging market which is AI agents need to log into stuff. And AI agents need to have a system to keep track of them and define their role and define their permissions and what they can connect to and what they can do. So that's a big new market. So getting the company oriented on that massive new market. And that's one bucket, which markets. The second bucket is how we execute to go capture that market. And I think the main theme in the second bucket is it sounds basic, but I think basics are important, which is it's very clear that especially in software development and innovation, the technical shift is very significant. So the number one thing that organization has to do is turn the dial in terms of how much change it will absorb. So in normal operating mode, let's say you want 20% change, 80% stays the same. You need to turn that dial up now. You need to change more, whether that's your team structure, whether that's processes, whether that's the technology you're Using, you have to turn up the change quotient. So what I tell the team is it's got to be at least 60, 40, if not more. And then with that, it's like you give them the freedom to experiment with new technology, learn from what's happening out there. By the way, I think one of the most important things is while you have a healthy appreciation for the change and the impact, you can fall victim to believing what you see online or what you, what you hear. Because everyone's trying to sell something, everyone's trying to make their company sound cool and they're embracing the change. So when you hear companies, especially big company CEOs, say, oh, AI is writing 90% of our code right now. They're trying to sell something, whether it's their own substance as a leader or their own organization's ability to innovate. So you got to take that with a grain of salt and say, hey, the art of the possible. But like, you know, as we change, what are we embracing? What's working for us, what's not? But it kind of all comes back to giving the teams freedom to change. And change is hard. It sounds trite, but you really, as a leader, you have to force it sometimes tops down mandates, right? I like to be bottoms up and empower people. But sometimes to get change happen, you have to push it.

B

Tell me about the change. It sounds very specific that you think the change here is there's going to be a universe of agents doing work inside of companies and they need to be permissioned and controlled and Okta should focus on that. And you're not so worried about, hey, a bunch of people are going to vibe code their own tools or a bunch of cheaper competitors are going to come up and disrupt us because they vibe coded a competitor. Okta. It seems like you're bracketing that and saying that's not a big problem for Okta. Right now.

C

We have the opportunity to win this battle to be the identity layer for AI agents. And if we win that, that could easily be the biggest category in cyber. I mean, Cyber is about 280ish billion dollars a year. Identity management is about, depending on whose number you believe, it's roughly 10% of that. This new agent layer could be the biggest category in cyber by far. So yeah, winning that is job number one for our company.

B

Tell me your calibration on how much it's acceptable to lose the identity piece of your business to whatever Vibe coding SAS apocalypse. People think in order to win the bigger market in agent control because right now, you know, the argument is why would anyone keep paying you monthly or yearly for X number of seats when they can pay a lower fee to some solution that someone has built cheaper? And then once that's done, it's done and you don't have to pay annually. Why would anyone keep paying you for that? If you think the market is bigger

C

for agents, they're not mutually exclusive. I think the attributes we talked about, whether it's reliability, trust, integration capabilities, you know, does the vendor you're going to trust have enough money to support you? That's a foundational thing in both of these markets. Whether it's people identity for customers and partners and employees, or it's this new identity type of agents and facilitating that. So they're not mutually exclusive. But I think that what's happening in the world right now is every organization, it's interesting, I would say they're universally aware of the potential of the agentic enterprise, which is essentially they want to make things more automated and they want to enhance their digital or enhance their workforce with digital employees, or they want to add new digital employees. So they're all clearly aware of this, but they don't, you know, they're getting a very mixed set of signals and a very messy story about how they do it. There's a combination of the big platforms, Amazon, Microsoft, Google are going to sell me agents. It's not even actually clear what an agent is. Salesforce has agent force, ServiceNow has agents. Every SAS company is building agents. So they're trying to sort through it all. But what they see is that they see a tremendous opportunity to automate things and to basically take labor budget and divert it into technology budget and make their companies grow faster and be more efficient. And now what they're looking for is okay, what are the foundational building blocks to wire that all together and make it work? What are the rails? And so that's where the big opportunity is to take the first steps on this. What could be the biggest category of cyber?

B

When you look at things like openclaw which obviously had a huge moment, and everyone is buying Mac minis so they can air gap openclaw from their production machine and then they're just giving openclaw all of their logins and passwords on the Mac Mini. Do you see that? Like I look at that, I'm like, you've accomplished nothing, right? You've, you've given it all the access over here and maybe it just doesn't have your file system with your photos on it. But it still has all the access to the tools. But that's where the excitement is, right? Is like the sort of like living on the bleeding edge of danger and saying the agent running on this machine can run overnight and invent its own tools and figure out solutions to problems. When you are looking at putting rails on that, it feels like you're actually going to foreclose some opportunities because we don't yet really know how the agents are going to work. How did you look at openclaw and the way people were giving it permissions? Is that sort of culture organically developed and how is it informing your thinking about building for agents at Okta now

C

it's the ChatGPT moment for agents and then ChatGPT was the Netscape moment for AI. So it's very significant. And the biggest significance I think is it opened everyone's eyes to the art of the possible. My son's soccer game, the parents were talking about openclaw and these aren't tech people, they're just talking about how they're going to automate all their tasks. And so these people are using in their personal lives and their consumers and their IT buyers at companies. So it's a really eye opening and definitional thing about what an agent can do and what it can be. And this is a tension when you get something like an openclaw and you try to experiment with it and play around with it, you say, oh, it's really not that interesting unless it has my data, unless it's connected to everything. And this is exactly what these companies or every enterprise is struggling with. It's like, hey, this stuff really needs to have my data, my 50 years of sales inventory and my customer data and my marketing data. And once it's all combined, these agents in the Sygentic layer can do things. Interesting. So what the Rails we're putting in place is actually, first of all, it sounds basic, but just giving enterprises a list of the agents they have sounds simple. But they need a list of the agents they have and then they need a system of record and a list for the agents they could use. So what is Salesforce doing? What is ServiceNow doing? What is Claude doing? What agents do they have? And then, okay, now what are they connected to? And making sure that we control and secure what the agents are connected to. Because again, the tension is between, between more and more data, more and more connections. This is, by the way, why the companies like Palantir and Snowflake and Databricks are doing so well. Because what they allow companies to do is instead of having to actually connect their agentic enterprise to all these separate systems, they pull it into one data warehouse. So that's one model. You can pull it all into one data warehouse and run the agents on that. But I think the longer term, more scalable model is you actually have the right permissions and the right access tokens to the agents to access the data directly. So when you go back to the example of openclaw, it's like mindset. Everyone knows what these things can do now. And you have to facilitate access and you have to facilitate making sure that these connections are made in a secure way, in a way that can be understood and monitored. And when things go too far, you can pull them back. And as you experiment in the lab, you can say, these are the connections we need. We should add more here. We should change this. We should fill, filter this permission. That's what companies have to do. And that's the rail. Those are the rails we're trying to put in place.

B

When I said this was going to be an emotional conversation on software development, the nature of our relationship to databases is at the very heart of that existential crisis that I feel every week on this show. Let me just get your answer to this directly. It sounds like you're saying saspocalypse might be real, but it's not real for Okta in the way that most people think sasspocalypse is real.

C

I think what people miss is that the pie is getting much, much larger. If you look at the amount spent on software, it's about if you DO infrastructure and SaaS and everything, hyperscaler software, it's about 1.2 or 3 trillion, 1.2 trillion, roughly. If you look at the amount of people, the services, the IT services market, it's about 1.8 trillion. So the markets are getting bigger. We're going to be spending more of that money on software and the pie is getting bigger. That's one thing that's true. The second thing that's true is that every piece of technology in the stack, whether it's SaaS, apps or whether it's devices or OSes or infrastructure, they're all going to get agentic features. They're all going to do things more on their own. You're going to be able to talk to more of them and they're going to optimize for agentic. I think the last thing is that there is a new layer and that is the digital, digital worker layer. And you know, some I'm sure. Some of the existing companies are going to make the leap and they're going to have real digital workers that are in there, you know, come from Microsoft and Salesforce and Amazon. I think it's probably more likely it's going to come from companies that kind of weren't born in the legacy way of building an app. I think it's hard when you grew up building an app in a certain functional silo, it's hard to build a digital worker because digital workers need to go across different things. That's why they're called workers. That's why they're not called one app. And so it's really hard for companies that have focused on collaboration or HR or one silo to say, hey, now my digital worker really can span all these silos. Because if you look inside those companies, the whole org structures of these companies and the politics of these companies are someone owns one silo. So it's very hard to break through and go broad. So anyways, I think everything is getting bigger. I think a lot of the apps will have agentic features. I think there's a new layer of digital workers. Now back to your question, which is like, what's going on with the SaaS apocalypse? The reality is there will be some losers and there will be some companies disrupted and there'll be new people take over categories that are now. But I mean, that's back to challenges and making it fun. That's what fires me up and I think it fires up a lot of people too.

B

We have to take a quick break here. We'll be right back.

A

Support for the show comes from MongoDB. If you're tired of database limitations and architectures that break when you scale, it's time to think outside of rows and columns. Because, let's be honest, you didn't get into tech to babysit a broken database. You got into it to actually build something. MongoDB lets you do that. It's flexible developer first asset compliant enterprise ready and built for the AI era. Say goodbye to bottlenecks and legacy code. Start innovating with MongoDB. There's a reason it's trusted by so many of the Fortune 500, and that's because it's a platform built by developers for developers. MongoDB. It's a great freaking database. Start building@mongodb.com build. Support for this show comes from Framer. If updates to your site are feeling harder than they should, Framer is the shortcut you've been looking for. Framer is a website builder that can transform your.com from a formality into a tool for growth. They've helped thousands of businesses, from early stage startups to Fortune 500s build better websites faster. Framer is an enterprise grade no code website builder used by teams at companies like Perplexity and Miro to move faster. With real time collaboration, a robust CMS and everything you need for great SEO and advanced analytics that include integrated A B testing, your designers and marketers are empowered to build and maximize your.com from day one.

B

Learn how you can get more out

A

of your.com from a framer specialist or get started building for free today at framer.com, for 30% off our Framer Pro annual plan. That's framer.com decoder for 30% off framer.com decoder rules and restrictions may apply. Support for the show comes from Anthropic, the team behind Claude if you've spent any time lately trying to get an AI to do something useful, not just sound impressive, but generally help you think through a hard problem or task, you may have heard the name Claude. Claude is made by Anthropic and they've got a few things going on right now that are worth paying attention to. First, Claude code. It's a command line tool for developers that understands your entire code base, run tests, iterates on solutions, and then handles complex tasks end to end. Developers have been using it for everything, not just coding, and that's exactly what led them to build something called Cowork, which takes the same agentic power and brings it to everyone else. No terminal required. You point it at your files, set a task, and Claude works through it autonomously in the background while you focus on other things. Less back and forth, more deep, sustained work getting done. Anthropic is committed to keeping that conversation ad free. That means no sponsored suggestions, no third party influence on what it tells you. Claude's only job is to help you keep thinking. Try Claude for free at Claude AI Decoder and see why problem solvers choose Claude as their thinking partner. Support for Decoder comes from Adobe. For every big idea, your Documents folder tells a story. Let's say you've just finished pulling together a brief, so you hit export on final version, but then you open the file and you immediately notice a typo. Several versions later you're exporting final v4.actual final draft PDF. Adobe Acrobat can save you the digital clutter with PDF spaces. It takes your documents and turns them into a living project that you can engage with. Get insights from and collaborate with others on. You can gather all your files into one workspace and have a whole conversation with your AI assistant about it and ask questions to get deep insights about your project. You can even invite people to your PDF space and let them add files, comments, notes, and more. You could doodle in the margins or even turn your project into your own personal podcast episode. Acrobat lets you generate an audio overview of your project in just one click. Learn more at Adobe.com do that with Acrobat.

B

Welcome back. I'm Talking with Okta CEO Todd McKinnon about org charts and how deeply weird they're starting to get. In the age of agentic AI. You have brilliantly opened the door to the decoder questions by talking about org charts. I actually think we're on the cusp of some of the weirdest org charts we've ever seen. So tell me about Okta. What was your org chart in the past? I mean, you founded the company. I'm sure you've gone through many iterations of it. Where are you at now? And as you talk about changing the balance of change in the company, how are you changing your org chart?

C

I think the guiding principle is try to give the great people area that they can be great in. So it's really kind of a people driven org chart. It's like reward people, promote people, bring in new people, give them an area that could really excite them and motivate them. And it's kind of people centric. The second principle is, is where possible, try to cluster things so you minimize communication paths and you let people be more autonomous in small teams. I found that's pretty hard, I think, pretty quickly. Unless you have very distinct separate business units and really almost separate companies inside your company, it's pretty hard to cut down on the lines of communication. There's got to be lines of communication somewhere. No matter how you slice the org, you're kind of moving around where the people have to cross org boundaries. But you do try to take that into consideration. And then I think beyond that, I think a lot of people think things that people try to do with org charts, whether it's get people aligned on goals and get a culture that is shipping things quickly. It's really not an org chart thing, it's a management thing, it's a leadership thing. And you'd better, instead of moving the org around all the time, you'd be better spent to make sure you have the right management team and the right leadership team to instill those cultural elements versus taking Your people team and telling them to move stuff around. To have a more nimble culture, you probably should just get the right managers.

B

So this is my joke on decoder, right? If you tell me the structure of a company, I can tell you 80% of your problems because the tensions just exist in certain structures in predictable ways. And it's at last 20% which is priorities in leadership and management. So it sounds like you're pretty functionally structured, but how is Okta actually structured? Are you structured by business line, is it? Or do you just have like a crack AI team that's off in the corner? Like how does this all work?

C

On the go to market side it's functional. On the gna side it's functional. On the R and D side it's by platform. We have two platforms. There's Okta platform and Auth0 platform and the R and D is by platform.

B

The other question I ask everybody who comes on decoder is about decisions. Again, it's always great to have a founder because your frameworks change as you come up with a company. How do you make decisions? What's your framework and how has that changed over time?

C

I would say we're doing an introspection here.

B

I told you to be emotional. Yeah, this is decoder. Decoder is just therapy for me personally at this point. It's just like you can tell what my problems are, right?

C

You're like casting them out amongst the guys. It's interesting. So when I started Okta, you know, I'd worked at Salesforce and I had a decent sized team there and felt like I was very decisive. I was like, we gotta do something. Here are the options. Decide. And then I started Okta and I found something interesting. My decision making process slowed down and when I was thinking about why, it's like I feel like I realized that when I was a Salesforce, my boss was always a safety net ultimately. Right. It's like if I was going to make a bad decision, there was theoretically a boss to stop me. But when I started doing Okta and the company started getting successful, I was, you know, my decision was like the decision and I better think about it and get it right. And so it slowed down, it slowed down and then the company got bigger and we got into this phase of, you know, we went public and got close to a billion dollars of revenue. And then I kind of thought, felt like maybe I needed more input and I really needed to get expert advice on a lot of things. And what I realized over those years is that my Instincts were still pretty good and I probably should trust my instincts more. And so I think that's kind of the mode I've been in for the last three years. Yeah, the company's bigger than it's ever been. I'm managing a company that's bigger than I've ever managed by definition. But. But I think I've been leaning into my instincts more and I think to inform those and then to put more detail on that. I think two things are very important. One is that you have to decide which decisions to make. So that's really important. So there's a bunch of decisions that I shouldn't be involved and I shouldn't be making. The inverse of that is super important, which is the ones that I am making. I better focus on them and concentrate on them and really get those right. And for me, doing that in an effective way, having a detailed grasp of what's going on is incredibly important. So being in the details and it's at a scale where it's hard to know every little thing, but you can really dive into areas and get enough details throughout the year so that when it comes to make those big decisions that you've narrowed down and focused on, you can use those details and use your judgment and trust your instinct to make good, high quality decisions. It's the most important thing I do. Deciding which decisions to make and getting a high success rate on them.

B

Put this into practice. For me, the big decision we've been talking about is, okay, Okta is going to chase the idea of being the framework for agents in the workforce. That's a huge market. It is so big that maybe you're not as worried about Cesspocalypse as some of the other enterprise CEOs that I talked to. Because the market's going to grow so big and we're going to force change the company from the top down to make sure that the rate of change is higher and we're all focused on this opportunity. How did you make that decision? Was it. Did you stare at the ocean for a while and it came to you in a lightning bolt? Like what was the process there?

C

The high order bit there is recognizing a world where everything in the stack is going to change. And I think it's kind of similar like when I started Okta. I mean, you never want to exactly follow the past because history doesn't repeat. It rhymes. But a lot of it was. I remember in 2009, I was looking at the world and saying, hey, there's going to be a Cloud version of everything in the stack and what are the big unique opportunities there? And what's happening with Agentic, call it Agentic, is that everything is going to be revisited in this agentic world, whether it's current solutions are going to have agentic capabilities. I mean, it's crazy, like aws. AWS is like the infrastructure business, the most unassailable business that market is with all the changes with Agentic and people building agents and running models, it's up for grabs, which is crazy. So all this change and then you just look at what's going to be required in all this change and you say it's. It's these connections between all these agents and where they're running. The demand for that is going to be massive because there's going to be this onrush of agentic capabilities and there's going to be new stuff that's built, there's going to be native vendors that come out of nowhere and take market share. There's going to be new markets. And so it's a macro thing, but now it's like, all right, what do you know about the details of your company, Todd? What are you guys good at? You're good at building something that scales, building something that's reliable, building something that connects to a lot of different systems. How can you position yourselves in that new market? And I think those are the big essential things. That's the bet we're making.

B

Take me inside the moment, though. You're realizing this happens. Did you write an email? Did you open a Google Doc? Did you just dictate to ChatGPT and say, Fire off an email from me, agent? Like, how did that actually work at the company?

C

Last year I was in process of meeting all our hundred largest customers in person. And the purpose of the meetings was I wanted to tell them about our vision of this unified identity platform where we're the only ones in the industry that have all these capabilities across customer identity and governance and privilege. And, and at the same time, the teams were working on essentially agent identity and these meetings. I would pitch what I was talking about and then there would be interest in, oh, we should look at this, we didn't know how far along you were. And then I started throwing in this agentic stuff at the end of the meeting and whenever I would get to that, the, the people in the meeting would just stop and they'd be like, wait, talk about that some more. And then that kept happening and happening to where 25, 30 meetings, 40 meetings in, I would flip it around. And we would start with the agents and the new identity type and what customers were thinking about doing with agents and how they're seeing the potential of the digital worker and agents and all the confusion. And we wouldn't get to the other stuff. We had our big conference in the fall, and it was like the last vestiges of the old pitch followed by the agents. And after that conference, I just said, listen, we got to flip this around. People want to hear about the agents. That's the direction they're going, and that's what we need to pivot and totally focus on.

B

All right, so let me ask you my crash out questions about all of this. Here's my first one. And you're a great person to ask this question too, because you build a lot of software. You've built a company around building software, very bespoke, very complicated software, and you're trying to sell a lot of software to people who, like you said, like to replace labor with technology. Right. And that is, there's a lot there. I'm looking at the state of the art in AI right now, and I see some cool stuff happening. And I find myself constantly wondering, can the LLM technology we have today, that is the foundation of all of these AI systems, can it bear the weight of our expectations? Can it actually, on any reasonable timeline, do all of the things that people think it can do? Because I can see it doing some things and then I see it just hit walls over and over again, and I say, well, if it's brittle, people are not going to adopt it, because that brittleness is exactly where you want a human being to just be available to overcome whatever boundary the AI is going to find for itself. And I can give you examples, but I'm curious if you see that broadly and if you think the technology can actually develop to the point where the market becomes as big as what you're describing.

C

Absolutely, the technology can develop. I think there's a lot of wild extrapolations going on right now, but I think that even if you don't meet the wild extrapolations people are talking about, the market is still massive. And I think it's going to take a lot of innovation and good product work and good engineering work and good process work to make sure that the benefits that, that we can achieve these benefits, even though it's not some wild extrapolation of some magic LLM that can do everything in the world.

B

So I see one example. Every software developer I know is like, especially the senior ones are like, I'M now just describing software, I'm just like writing.

C

Yeah, that's a great example. That's a great example. So now I believe that is very real and very powerful. But I also believe that there's going to be more software engineers in five years than there are now. And the reason I believe that is not because I think those people are wrong, but I think that what's going to happen is there's, first of all there's just way more software that we need to build that can be built. And two, what's going to happen is the software engineers are going to be figuring out how to make it work at scale, how to make sure that systems can be maintained, how to make sure we understand how the agentic workflows, what they actually built and we need to modify them for the next way. No one's ever maintained an agentically developed system for five years. No one's ever figured out how to make it scale. That's where all the work is. And when you combine that on, we're going to build 10 times more software that adds up to more people being required to do it. So I think both can be true.

B

Where are those people going to learn

A

how to do it?

B

Right? You've already described this. The traditional career path and traditional org chart is breaking down. I think Meta announced that one manager will now oversee 50 ICs. When I say we're on the cusp of some wild org charts, that's what I mean. Like some very strange corporate structures are going to blossom here. If the problem is, okay, no one's ever maintained an Agentix system for five years and we need more developers to do it. Where are all those developers going to learn the skills to evaluate the code that agents are writing and deploying and saying, okay, you got it wrong, here's how you need to maintain it.

C

It's, you know, maybe not what everyone say because people like to extrapolate and say everything in the world is changing, the education system is going to change, everything's going to change. I think a lot of the things where people learn, they'll learn. Like in college, I think we'll still teach computer science, it'll just be different. Just like 50 years ago we didn't teach modern compilers, we taught machine code and assembly, right? And so now we'll teach how do you coordinate agents and how do you architect systems and how do you. You'll probably take some Java development classes, kind of like when I was in college I took machine code classes to understood how it really works under the covers. But you have to learn the new way. It's modernization. You'll have to learn new challenges. And I think it'll be better because we're going to learn how to build stuff at scale, not just in terms of the amount of load it can handle, but build a large complex system at scale. Learning that in college and learning that on the job and people that are early in their career leveling up. There's also this narrative out there that, oh, we don't need any entry level developers anymore. That's a bad mindset to have because first of all, those are the people that are probably most open to doing things differently. They're the least set in their ways. So I think entry level folks will learn how to use these tools and command these workflows to do things at scale in a way that people that learned 10, 15 years ago didn't.

B

When I think about the value of agents going out in the world as you've described, they need access to a lot of data. The notion that my company has a bunch of disparate databases and that I should hire an agent to go look at all those databases and put them together and use the software, the thing that gets me at that every time is the notion that they're going to build software because I'm not sure the agents are building software for anything but agents to use. And at some point that software just gets very specialized and very narrow and it is access to the databases that becomes the most valuable thing. One of our own designers here at the Verge said to me right before I came to talk to you, he heard I was talking to you and he said all software development in 2026 is just calibrating the interface between your brain and a database, right? And like right now all AI development is like, would you like to just chat with this database? And the answer in the enterprise appears to be yes. Like, let me just talk to my analytics database directly like a person and it will give me some insights. And the answer in consumer maybe is no, right? Like Google Photos just walked back its AI search because it turns out people prefer the regular search. And I, I don't know which one is going to win out over time. And we're at habits for everybody across work and their personal lives will change. But the notion that the database is the important thing and that's where the value is. Because anybody can ask an agent to go make a bespoke piece of software to do some business function, doesn't it seem likely that the database Vendors will just raise their prices or increase the barriers to access or find other ways to extract more value from having that data, because that's what all the agents really need access to.

C

I think there's data and then there's intelligence. And I think a lot of the intelligence now in the past has been codified in the application. Raw database is not that helpful. I mean, when you say you want to talk to the database, what you're really saying is you want some kind of analysis or intelligence done by something. You don't want to have the ones and zeros in gigabytes of data coming at you. So you're really talking about intelligence. And that's the big debate about SaaS apocalypse. Who's going to do that intelligence? Is it the app vendors we have now? Even I mentioned the data warehouse companies like Databricks and Snowflake and Palantir. They're not really. I mean, they're selling essentially they're selling some kind of intelligence. The valuable part of their business is not the is at the ones and zeros. So the question is like, who's going to do the intelligence? And I think that the application companies are going to add some to their capabilities and there's going to be new ones and there's going to be new ones. That intelligence actually becomes work, not in the sense of app work, but sense of work people would have done.

B

We're going to pause here for one more quick break. We'll be back in just a minute. Foreign.

C

This episode is brought to you by Indeed.

B

Stop waiting around for the perfect candidate.

C

Instead, use Indeed sponsored jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C According to Indeed data, Sponsored Jobs have four times more applicants than non sponsored jobs. So go build your dream job team today with Indeed. Get a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.

A

Spring starts at the Home Depot and we are bringing the heat to your backyard this season. Fire up the flavor with our wide variety of grills for under $300. Like the next grill four burner gas grill. That's perfect for hosting your spring cookout. Then set the scene and turn your outdoor space into the go to spot the patio sets. Free for every budget. Bring it this season with grills that deliver flavor and patios that set the vibe from the Home Depot. Start your spring with low prices guaranteed at the Home Depot exclusion supplies. See homedepot.com pricematch for details.

B

It's not just something you made. It's the privilege that you get to work with your hands. It's building something that serves a purpose. Proof that you have the grit to keep going. At Timberland, we understand you take your craft seriously. And we do too too. Which is why our products are built to the highest quality. We put in the work so you can perfect yours with purpose, in every detail and crafted with intention. Timberland built on craft. Visit timberland.com to shop.

C

Zootopia 2 has come home to Disney.

A

Let's go get ready for a new case.

B

We're the greatest partners of all time.

C

New friends Gary the Snake and your last name.

B

The Snake Dream Team. The new habitats Zootopia has a secret reptile population.

C

You can watch the record breaking phenomenon at home. Zootopia 2 now available on Disney Plus. Rated PG. And right now you can get Disney plus and Hulu for just 4.99amonth for three months with a special limited time offer ends March 24th. After three months, plan auto renews and 12.99amonth, terms apply.

B

Welcome back. I'm talking with Okta CEO Todd McKinnon about the uneven, messy shift into a tech world may be driven by AI agents. When I'm saying I'm having like an existential crisis like I have as a tech journalist, I have understood software in one way for my entire career and it's been a pretty good career because the software industry and the tech industry has grown so fast in the 15 years since we started the Verge. But every conversation I've had decoder over the past few months is some CEO of like a web 2.0 company that put a beautiful mobile app interface on top of a database and that thing felt like the application and they built huge businesses on top of it. And you can describe this in all kinds of way. We just had the CEO of Zillow on Zillow is just a beautiful interface to a database and that's a really good business for them. I'm asking, okay, if you have agents and you're like, go find me a house and order me a sandwich, you're going to end up in a place where it might just want to use Zillow or it might want to cut Zillow out and go directly to the underlying.

C

Or Zillow might build the killer agent,

B

or Zillow might build the agent. And I'm just not sure how any of that plays out because what you're really doing is unbundling the data and the intelligence that acts upon the Data and the interface to that data into three very different things. And everybody still wants to make money and not go out of business. And you're sitting right at the center of it, right? You're providing access to everyone. How do you see that playing out right now?

C

A different way to frame what you're saying is that there's an unbundling and there's like a data layer and an intelligence layer and a front end layer. But what also is happening is that it's all kind of getting more connected. We think of an app and a database and a user interface as one thing. But as that unbundling happens, what really is happening is all the apps that you thought were in various silos are connecting to each other. And that's because there's agents on top of them that are connecting to all those silos. There's. The apps themselves are becoming more agentic and you know, and we're as okta. As a company. This is, this is why I'm so excited about this agentic identity and these guardrails we've talked about. It's also why we're. This, this needs to be standardized in the industry. There's no good standard for how. We have pretty good standards now for how, you know, when you single sign on into your applications, how that interaction works between you and your browser and your phone and the applications. There's no good standards for how agents connect to a bunch of other systems they need to get their data. So there's some standardization that's required here too. But I mean, zooming out, it's like, isn't it exciting? It's such a challenge. It'd be much easier if things were just stayed the same and we could kind of keep in our own little lanes.

B

I agree. It's exciting, especially because I think we're going to see a wave of new companies and new ways of thinking, and certainly we'll see new ways of computing, which is. That's why the Verge exists. Like, we were built around the concept that mobile phones would be important, which when we launched the site was not. People are like, what are you talking about? It's hard to even say now, but this was like a real thing that we said that we got question marks around. What I would temper that with is when I have CEOs on the show and they say companies are interested in replacing their labor budgets with technology budgets. That is a pretty huge threat. When we talk about how much work will be automated by running around the agents and doing intelligence, one, I wonder well, who will be spending all that money if no one is making any of that money? And then I think very importantly, this comes back to me asking about, can LLMs do it? I wonder if any new ideas will be generated in that process at all. Right. If we're just going to automate our way into something that seems pretty boring, right? We're just going to run a bunch of business logic and no one at the bottom who's actually operating the business logic will think, oh, I could do this 10 times cheaper if I start my own company and go start a new company company. And there's something about all of that that I think I hear from our audience is that's why AI polls as badly as AI polls. Even though the opportunities look exciting, there'll

C

be a wave of people building agentic systems and agentic systems to do the jobs people do now or help people do the jobs people do now. Then there'll be another wave of things that are automating processes that weren't possible before. We're still in the early parts of that second phase where we're thinking about, hey, we could build this new set of digital workers and going to get productivity. We really haven't gotten to this point where what is the process that should be happening in all these workflows if it could just be agentic from the start?

B

So OXA is a nats, a blueprint for agentic enterprise. It's basically got three big pillars, right? It's how to onboard agents as an identity, which I'm very curious about what you think about the difference between agent identity and an actual person to standardized connection points, which you've talked about a little bit. And then lastly, and this one is great, is to private a kill switch in case your agents go rogue. So talk to me about the first one. You want to create a new identity for agents in the workforce on your network. What does that look like? Is that how is it defined differently than an employee or a person?

C

Agents are a new identity type and it's kind of like a combination of it has some attributes of a human identity and some attributes of a just a system. And it's basically a hybrid of both. And so from a definition perspective, it's pretty simple. I think where it gets interesting is it becomes a map that centralizes the list of agents from all your vendors so it can represent agents from all the big platforms. It gives you this central way to kind of keep track of it all. And that's what companies are struggling with. They hear all the Announcements and they're very excited about this. They just need a place, hey, let me bring it in centrally and let me see what I have. And now once I see what I have, I can, you know, some of these things are very much just one to one with people. Some of them, there's a set of agents that multiple agents that work with one person. Some of them are totally headless and they're just on their own thing, automated some things, and they need a human in the loop and, and you can kind of start to organize things that way. But it's all kind of framed in this concept of mapping across different silos. So you have agents you built yourself, you have platforms you're using like Amazon or Microsoft or Google. You have big apps you're using like Salesforce and ServiceNow. And it lets you centralize all that in a way that doesn't lock you into one of those silos. And then like you said, it can help you say, all right, all these things unequivocally need to connect to more things. And I can control where they connect to, when they connect to that data warehouse, what permissions do they have in that data warehouse. And then across all the different various technologies. And then like you said, stuff is going to go wrong and there's going to be issues and threats and prompt injection. And when that happens, it gives you the ability essentially pull the plug, like, take the connections away in terms of like, oh, this agent is doing something we didn't expect. Now what we can do is we can pull away its connections.

B

How do you detect whether it's doing something you didn't expect?

C

We don't have a magic solution to that because it kind of depends on the point of the agent. And that's kind of dependent on the person that wrote the agent and the system it came from. But we're working on standards for people to raise that issue. No, not from a technical sense, like raise an alert and have the other elements of the system respond to that.

B

So is the kill switch just, we're pulling your access, your fired, get your stuff and go.

C

Pulling the access to everything the agent can access, not access to the agent.

B

Right. So it's just saying we've revoked all your passwords. Agent. Yeah, you're out of the system.

C

Now when you say almost like you would take a machine off the network,

B

when you say that the agent identity is somewhere between a person and a system. Go into that in more detail. What specifically do you mean when you

C

think about having a system that controls what something has access to a lot of it's very similar to a person. Meaning that, you know, just like you would give a person access to applications and then inside of those services and applications you would say here's their role, here's their group, here's their profile. That's a lot of the way these agents are being built and modeled. The reason it's not like a person is because you have relationship between the people and the agents in a way that they're on behalf of. And you want to always take the identity of the person and pass it to the agent and have it use that. And sometimes you want the agent to have its own identity. And the systems that tech talks to do their permissions based on what the agent is. And then it goes back to the person as a human in the loop. So there's different patterns. So that if you actually look at the physical directory of agents, some of the elements are very much like a person. And some of them are only because there are these agents that can be on behalf of people or they can be connecting to other agents and they're more kind of like systems versus people.

B

When you look at how the agents operate, you can go look at the chain of thinking at any one of these systems. A lot of times they're just talking to themselves in weird ways. I feel like you're provisioning identity. Obviously Okta doesn't think about identity in the most deeply philosophical ways. Anthropic is very happy to hint that Claude is alive. When you think about, okay, I'm a provider of identity to these systems that are a hybrid between people and something else. Does it ever occur to you that they might be reasoning in a way that is more human or not, or that you need to address that in some way in the architecture of how you permission them?

C

We're pretty pragmatic about it. Meaning that we know that the behavior of these systems is non deterministic. And it's all about getting this balance right between give it flexibility to what data and systems and things it can access and do and what operations, but then having the ability to rein it in when it goes too far. I think that's the right, ultimately that's the right way to balance effectiveness of these systems and the risk. There's no free lunch. You have to give it the data if you want it to be effective. And you kind of have to decide if you have zero tolerance for non deterministic behavior. You can't give it the data, you can't give it the permission. And so that's kind of the balance that we're helping customers strike.

B

How do you think about, you know, Okta sits in the middle. You were talking about, I don't know, there's Salesforce that has its own agents. There's other vendors that have their own agents. They are not going to want those agents to work across their databases. Right. This comes back to, like, I think the central challenge here and the reason why something like OpenClaw was able to be so powerful so quickly, because it had nothing to do with any of those companies or those platforms. It was just clicking around in a browser.

C

So it was an actual.

B

Right. And it was because there was no security built into it. And instead of acting on behalf of a person, it just represented itself as a person and it was off to the races. You know, Salesforce can't keep an actual human user from using a different system or orchestrating in their own head. Right? Well, when you build the agents inside the corporate network, you can absolutely do those things. And Salesforce can absolutely write a terms of service that says, we don't want the agent from your rival vendor using our system as well. Are those just politics? Is that negotiation? How's that going to work?

C

There's only one thing. It's customers. I mean, customers have to have. The customers will have the leverage eventually. And if the customers in like a market mechanism don't have the leverage, the government will step in and do antitrust. I mean, the reason we have. The reason we have a software industry. Do you know why we have a software industry? Because customers finally got fed up with IBM and said, you have to sell software, operating systems and applications independent from the hardware. So this is like 50, 60 years ago, 70 years ago. IBM is like, there is no software, There is no applications. There's this IBM box and you get it. And we are technology. And customers want a choice. And finally the government stepped in and said, you got to split it up. Got to have operating systems, you got to have hardware, you got to have software. And so I think similar thing. It's like, yeah, of course, every big vendor that's trying to protect their entrenched things, whether it's Microsoft with their new bundle where they're trying to lock everyone in, they're going to say, it all has to be on our thing. And you can't use other agents against our agents because our agents are better, because they have our data and our workflow. And ultimately it's going to be customers that demand change. And if there's so much monopolistic lock in that, that we have to rely on regulators to come in and fix it.

B

Well, I do think this is history that you've just made. You're the first CEO of a multi billion dollar enterprise software company to advocate for vigorous antitrust enforcement and decoder. So I'm just going to hold that close to my heart.

C

I do think if the market doesn't work, if customers can't force the choice,

B

I do think the sort of like pre Reagan antitrust environment that led to IBM being unbundled is very different than today. But we will set that aside.

C

But I did impress you with my historical reference.

B

It was very, again, the reason I didn't answer your question correctly is very surprised that you went to antitrust. That doesn't usually happen on the show. Isn't there going to be just some weird pricing war in the middle of all that where Microsoft says sure, let your other Vendors agent into 365, we're just going to charge you a massive access fee to do it?

C

Yeah, I think that's very likely, yeah.

B

Do you see that playing out now or you just see it on the horizon?

C

I don't, not yet. What is happening now is that people are just getting familiar with the, call it the siloed agents. They're just getting familiar with the agents in Microsoft or the agents in Salesforce. We're not really to the phase yet of really multi silo agents, agents that can go from stovepipe to stovepipe and do these in cases there are. But that agent or that era is still ahead of us. And I think as you get more to that era, some of these issues have become more significant.

B

Isn't that again just to bring this back to OpenCloud, which I think think probably most of the audience is most familiar with that is the promise of that system. Right. That's why it lit everyone's brains up because it was running just from system to system and then doing some logic and coming up with some outcomes.

C

The thing about that, and I think a lot of these trends and ideas, remember is like that, you know, no one cares about the infrastructure, no one cares about the. Well, this is obviously a dramatic statement. I'll explain what I mean. But people care about the app in the sense that they care about what it can do. And the reason why Open Cloud was such a lightning in a bottle is because they saw what was possible. They saw what it could do. Now the fact that it had to do that by connecting to all these systems and it required access and there were security issues it's like that's infrastructure and people, once their mindset gets set on the possible, then it's up to industry to figure out how it all works under the covers. But people care about the possible in the apps and I think that you're going to see it ripple through. I think it's, it's like I said, I thought it was the chat GPT of agents and it's very exciting.

B

So you're kind of saying now is the time to build the guardrails.

C

Exactly.

B

Make sure these actually work. Can I ask you about the flip side of that? You know, the promise of agents, broadly, AI maybe broadly, is we will, we will remove these intermediaries.

C

Right.

B

The thing I keep saying is that your computer will just go access the databases all on its own. You don't need these app intermediaries or whatever. And we're going to reshape the app economy. Then I look at, okay, there's a bunch of scammers online who are just setting up like fake hotel service numbers and calling grandparents and like stealing bookings with like AI receptionists by just doing SEO hustles and collecting pennies. And like OKTA has a role to play there too, right? By saying, okay, this is fraud, this is scam, you shouldn't hand over your identity here. I'm not sure anyone is paying attention to that, but I see it ballooning every day like just AI powered scams and frauds and identity theft. The idea that, you know, someone's going to call me and verify me by voice is under threat by AI in very specific ways. How do you see the flip side here of making sure that the core business OKTA is in, which is making sure it's a real person doing the thing they're supposed to do at the right time, isn't just totally upended by the amount of AI powered fraud that's occurring.

C

40% of our business is authenticating and validating customers logging into customer websites and mobile apps. And this area is changing a lot with AI as well. And I think what you're seeing is that the offline identity, driver's license, passports, these are rapidly digitizing. And I think it's coming at a great time too because it gives us something to offer people that really want to do a better job differentiating between agents and openclaw and bots logging into their sites, real people. And so as the offline identities digitize, people have mobile driver's license, the smartphone wallets are getting pretty capable now. And you can do fancy things just like you do Apple Pay, you can do a biometric authentication into your mobile driver's license. And then that becomes a very powerful thing to present to a website that will actually prove you're a person or in a better sense than was possible before. So it's a big deal. People need to really know in certain use cases is when it's an agent, when it's a bot. This bot problem is not new. It's like the old problem on Twitter and X. And Elon Musk is on trial for talking about bots and how many bots there were. And now I think with AI, it's becoming supercharged. And I think with what we have with these national IDs and passports and mobile driver's license being digitized, we might have a, a shot to actually bring some sanity to that world.

B

There's some real debates there, right, about privacy, about surveillance, about.

C

Yeah, what does it mean to actually digitize identity from a credentials perspective?

B

Are you guys in that mix? Is that something Okta is actively thinking about or are you waiting for that to sort itself out?

C

I mean, governments are deciding and governments are deciding on that. They want to digitize, they want to issue these passports and these national IDs, and in Europe, it's certain standards across the EU. In the United States, States, it's very much at a state level and our customers are really excited about it. And we're giving them all the capabilities to take advantage of this stuff without really specific judgment about how they should do it. We're just trying to arm them to make sure that they can accept all the regulatory requirements and also all the identities and the digital formats that their users and their citizens want. So it's a big part of our future and we're working hard on the.

B

That right next to that is, you know, there's a big fight over age verification in the United States and the app stores and who gets to use what apps. Discord just had a big controversy because they went to an outside vendor. People had a lot of feelings about that outside vendor and Discord rolled that back. Are you seeing any of that controversy come your way around age verification?

C

We work with the vendors that, that are trying to log people in and they want the best tools and technologies to, to do age verification. So we're going to make sure we, we equip them with that. It's a lot of times not a technical issue. It's like, what ID system do you trust? And is there an ID system for someone that's 12, 13, 14 years old. And so I think one of the challenges has been out of the scope of a lot of the driver's license based or passport national ID based discussions. But I think that'll be a use case that'll be covered, I think by governments fairly quickly.

B

Do you think it's possible to do age verification and still protect people's privacy?

C

I do, yeah. There's technical solutions, there's also process and regulatory parts of it. I think ultimately the most privacy preserving thing is like no technology. So there's going to be a trade off. If you are trying to automate something and you're trying to bring technology to something, there's going to be a risk of centralization and privacy controls. But I do think it's possible to get the bones right.

B

It seems like that's just the other front. Right. The computers are going to get way more capable on their own and then we are very interested in limiting what the people can do with computers and like very specific ways. And it does seem like you sit at the middle of it. So Todd, we're going to have to have you back. I feel like there's yet more emotional crash out for me to have with you. Tell people quickly what's next for Okta? What should they be looking for?

C

I think they should be thinking about how they build the secure agentic enterprise and how they can use the blueprint we're proposing to the entire industry and how to make that possible. We're excited to work with everyone in the industry and particularly the tools and technologies and products we're going to be building to make sure that reality comes to fruition.

B

Amazing. Well, like I said, we're going to have to have you back to see how all this is going because it feels like it's going to change really fast. Thank you so much for being on Decoder.

C

Thanks for having me.

B

I'd like to thank Todd McKinnon for taking time to join Decoder and thank you for listening. I hope you enjoyed it. Let us know what you thought about this episode or really anything else at all. You can drop us a line, you can email us@decoderge.com we really do read all the emails. Or you can hit me me up directly on Threads or Bluesky. We're also on YouTube. You can watch full episodes at Decoder Pod. We also have a TikTok and an Instagram. They're at Decoder Pod as well and they're a lot of fun. If you like Dakota, please share it with your friends and subscribe wherever you get your podcasts. Decoder is a production of the Verge, part of the Vox Media Podcast Network. The show is produced by Kate Cox and Nick Statt. It's edited by Ursa Wright. Our editorial director is Kevin McShane. The Dakota Music is by Breakmaster Cylinder. We'll see you next time.