Why Okta is a go-to cybersecurity tool for AI startups

• Okta's latest business trend is evidence that AI companies — many of which are still startups — are trying to build cybersecurity into their systems from the very beginning.

Details: Okta — which provides identity tools like multifactor authentication and single sign-on to consumers and companies — now counts as customers "a few dozen" AI companies, including ChatGPT maker OpenAI, Scale AI and People.ai, McKinnon told Axios during an interview this week.

• Many of these clients use Okta's Customer Identity Cloud manager, which provides developers with tools to embed login authentication tools into their products and a way to securely store user data.
• In the case of OpenAI, the company started using Okta three years ago and has since adapted the identity tools it uses based on its changing product needs, McKinnon said in a recent earnings call.

The big picture: AI developers are up against the tough challenge of trying to keep their systems secure as they rapidly build and create new products.

• Okta is far from the only company that's capitalizing on the growing interest in securing AI models and tools, as a new crop of startups and VC investments is entering the market.
• But McKinnon said that AI developers are flocking to Okta's products because the tools free up developers' time to focus on new innovations rather than studying the ins and outs of identity security.
• "It's much less about going after AI companies and more about going after developers," he said of the company's marketing strategy.

What they're saying: "The reason that these companies are our customers is because when they were just getting started, it was super easy for them to find us on the web and use the APIs and use the product and get going with it when they're very small," McKinnon said.

• "Not only that, but as they grow, [Okta] scales with them," he added.

Yes, but: McKinnon said Okta's internal security program is already where it needs to be to combat the potential influx of attacks looking to target its AI customers.

• "Our bar is as high as it can be," he said. "We have governments, we have the largest companies in the world; the bar can't be any higher."

Between the lines: Stolen passwords and identity-based attacks still make up the bulk of cyberattacks across all organizations.

• 49% of all data breaches between November 2021 and October 2022 involved user credentials, according to Verizon's 2023 Data Breach Investigations Report.

The intrigue: Hackers have found ways to target Okta's customers without even infiltrating the company's systems, creating a unique challenge.

• Last year, hackers targeted more than 130 companies and netted close to 10,000 employees' credentials as part of a wide-reaching phishing campaign targeting Okta's customers.
• Okta also told Reuters last month that five of its customers, including casino giants MGM Resorts and Caesars, had suffered breaches due to a social engineering scheme.
• Okta has rolled out new phishing resistance tools in the last year to help combat these types of attacks, and the company is investing more resources to educate customers about the security tools at their disposal, McKinnon said.

Zoom in: Okta's competitors mostly target larger companies, and it doesn't appear that any of them are competing, at least publicly, for the business of fast-growing AI startups.

• Some AI companies seem to be working with multiple vendors, like Microsoft, Google and OneLogin, to support single sign-on for their enterprise customers.