The three questions a CEO should ask about their AI agents

Executives who are trying to get their heads around the security implications of agentic AI should start by asking three questions, Todd McKinnon says: Where are my agents, what can they connect to, and what can they do?

But McKinnon, who runs the $14 billion digital identity management company Okta, adds that CEOs are unlikely to get the answer from their in-house IT experts. In most companies, he says, “they don’t know.” And that poses growing risks, as his customers let more AI agents loose on their most prized data and critical systems.

The promise of “superagents” like OpenClaw that can execute tasks autonomously on a user’s behalf have encouraged companies to grant their agents much broader access. But letting bots crawl through your data and systems can invite security vulnerabilities, McKinnon warns.

The challenge of understanding what this digital workforce looks like, what it can connect to, and what actions it can perform on your applications is not trivial, he says. But it can be managed, he adds, if executives prioritize increasing their organization’s tolerance for change, and its ability to react quickly.

McKinnon describes himself as a technology optimist who is on a mission to “free everyone to safely use any technology.” Here’s how he sees the agentic era’s risks, and why he thinks the most flexible companies will come out ahead.

This interview has been edited for clarity and length.

Andrew Edgecliffe-Johnson: What marks this particular moment in terms of the challenge of how everyone can safely use technology?

Todd McKinnon: The platform shift to AI is the most amount of change, and has the biggest potential, [of any technology shift] in my career. Clients’ awareness is very high. That’s not the problem. There are wildly divergent ideas of how it might unfold. At the high end, there’s a lot of self-promotion from people that are selling models who are talking in wild extrapolations of what could happen. And then at the other extreme, you still see people that think it’s more incremental. That probably tells me we’re early in the cycle.

What’s your own idea of how it might unfold?

The way to thrive is [to understand that] there’s going to be a lot of change. So you need to increase your organization’s ability to change and tolerance for change, and its ability to react quickly to how things are unfolding. I strongly believe that the most flexible, open-to-change, and quickly-adapting organizations are going to thrive.

Do you think it is possible to build a secure agentic enterprise?

I do. I think the industry needs a blueprint on how to do it. [It’s going] to take a collaboration of vendors. Okta can’t do it all for customers, it’s just too broad and too complicated. Microsoft can’t do it all. Amazon can’t do it all.

What does that blueprint look like?

A simple way to think about it is you have to answer three questions. The first is, how many digital workers and AI agents do I have and where are they? Some of them are on Salesforce, some are in ServiceNow, some are in Amazon, and some of them my IT team built. The second question is what can they connect to? What data and applications do they have access to, and what’s the blast radius of what they could do? And then the third question is, what can they do with that data? What actions can they perform? The tricky part is that it’s pretty hard for a large company with a lot of technological complexity to answer those questions.

How fast are the security risks growing?

They’re growing quickly, and they grow in proportion to how powerful the agents become. In other words, to make an agent better, you have to give it more access to more data and more access to more systems. And then the risk grows, because if you don’t know what the agents can access and what they can do, then you’re in trouble.

OpenClaw is interesting, because it showed everyone this dynamic that the more data agents have access to, the more powerful they are. So it’s like a starting gun just went off in these companies and inspired everyone to say, we should connect these agentic things to everything. But the chief information security officer sitting in the middle doesn’t even know what agents they have.

To what extent should this issue come to the CEO’s desk?

It’s absolutely a board to CEO thing, because agentic digital workers, digital customer experience, and digital sales are going to impact every company’s strategy.

There’s another, more personal dynamic, which is that CEOs don’t want to be left behind. They’re putting a lot of pressure on their teams to do stuff with AI. They read the news. All the cool CEOs are doing AI stuff. They don’t want to be left out. And the problem is that’s pushing down into these organizations. So everyone has come up with these AI prototypes and AI concepts, and boards and CEOs get super excited by that, because they see the demo that was vibe-coded in a week, and it looks great. But then they say, OK, great. I want to go live with this, and now the team has to hook it up to real databases and real applications. And that’s more risky.

Is there a mistake you see companies making that CEOs should be avoiding right now?

There’s such a wide range of possible outcomes for AI, it’s stalling people out. And my advice is, get your organization more comfortable with change and start iterating, because there’s a high unknown. So the best you can do is set your organization up for change and rapid iteration. And if you do that, and you respond to the market dynamics quickly, and you do it in a way that’s obviously responsible and secure, you have a really good chance of benefiting from this.