The kill switch is a manual administrative action and does not trigger automatically. Administrators must manually disable the AI agent record, the linked application, and the associated authorization server to stop the agent from obtaining new tokens.

• Okta Identity Engine (OIE)
• Okta for AI Agents

Policy violations, anomalous behavior, or runtime signals do not automatically trigger the kill switch.

How is the Okta for AI Agents kill switch manually activated?

There is no automated kill switch in Okta for AI Agents at this time. The kill switch refers to the ability to manually disable an AI agent. Manually disable the AI agent by deactivating the AI agent record, the linked application, and the associated authorization server.

1. Disable the AI agent record.
2. Disable the linked application.
3. Disable the associated authorization server.

When administrators disable all three components, the agent cannot obtain new tokens. Existing tokens remain valid until expiry unless administrators explicitly revoke them.

How can an Okta Administrator obtain a near-real-time response for the Okta for AI Agents kill switch?

Administrators must configure monitoring alerts for near-real-time response.

Administrators who require near-real-time responses to agent misbehavior must configure Security Information and Event Management (SIEM) monitoring alerts and maintain a manual response runbook until Okta releases automated triggers. Automated behavioral kill-switch triggers are on the Okta product roadmap but are not yet available in any current release.

Related References

• Update AI agents