In an interview with CRN, Okta CEO Todd McKinnon says don’t believe the predictions that AI will reduce the need for developers: As the efficiency improves, ‘the demand for what the software developers build keeps growing.’
Okta CEO Todd McKinnon has a message for anyone worried that the widespread adoption of GenAI-powered tools in software development will end up reducing the need for developers: Don’t be.
In fact, it’s far more likely that the opposite will be true, and that the industry will need many more software developers in coming years as a result of increased usage of AI tools, McKinnon said in an interview with CRN.
[Related: GenAI Risks To Software Security On The Rise: Experts]
“I definitely think that there’s going to be very many more software developers in five years than there are now,” said McKinnon, who co-founded the identity management and security vendor in 2009.
While GenAI tools are dramatically boosting productivity for developers, this doesn’t have to lead to a net decrease in developers because the increasing demand for software will likely balance things out, he said.
“What happens is that the demand for what the software developers build keeps growing and growing and growing,” McKinnon said. “That’s what I think people miss. They think, ‘The efficiency is going to improve [for developers], so we’ll have fewer of them.’ What they don’t realize is that, as the efficiency improves, the demand for what they could build grows.”
Speaking with CRN, McKinnon also discussed the security implications of AI agents as well as the biggest opportunities for solution and service provider partners in working with Okta — including in the AI sphere.
“I think we need a lot of help from partners. Everything we’ve talked about — it’s very complicated, and we definitely don’t have all the answers,” he said. “So we’re investing heavily to make sure that partners are enabled and that — from the largest organizations in the world down to the smallest companies we serve — we have the right partner relationships.”
What follows is an edited portion of CRN’s interview with McKinnon.
What are the biggest developments that you are watching when it comes to AI and agentic?
I think it’s really interesting right now what’s happening in AI. Everyone knows it’s the next platform shift. For a while, everyone thought it might be crypto. That turns out to be not true — it’s really this AI wave. And you’re seeing it build out in multiple layers. The infrastructure layer is GPUs. Then the next layer above that is the models. We’re obviously still figuring all these layers at the same time. There’s iterations, there’s Moore’s Law, there’s people investing in crazy GPU capacity. There’s models, and there’s all kinds of open-source innovation. But I think what’s happening now is, we’re starting to get interest in that next layer up — which is, what are the apps? And how are people going to build these apps? With all this talk about agents, it’s really talking about apps. I don’t mean apps on an app store. I mean, things that actually do things for users. You could substitute “agent” with, “things that actually benefit users.” And that’s what everyone cares about. No one cares about GPUs, per se. No one cares about models. It’s all about the apps [when it comes to] agents. And we’re starting to get into that layer, which is quite exciting. Where are these apps going to come from? There’s two philosophies. Is it going to be packaged — is it going to be Salesforce and Workday and ServiceNow, and they’re going to package up these apps? Or is it going to be custom-built — is an enterprise going to build their own apps?
Do you have any sense about whether packaged or custom agents will become dominant?
It’s hard to know. But the reality is, it’ll be somewhere in the middle. There’ll be a bunch of packaged apps, and there’ll be a bunch of custom apps. My advice to customers I talk to is, “We know the following is going to be true: We know that security is going to be important — and we know that within that, the identity of these agents, these apps or these service accounts and these people, are going to be really valuable.” So you’re going to get packaged apps, you’re going to get slices of packaged apps, you’re going to want to build your own agents and your own apps. [And so] as all this stuff is moving around, the more flexibility you can maintain, the better. The less you get locked in into one stack, the less you get locked into Microsoft or Salesforce, and the more you keep flexibility on different models and different agents and different login systems — it’s really valuable. And that’s our pitch. Our pitch is neutrality. Identity is important — so you should trust us with your identity and make all the other choices around us, and that’s going to lead to the best outcome for you.
Given how powerful and connected agents will likely be, what are your thoughts on the security of the agents themselves?
In security there’s two layers. There’s the known things and there’s the unknown things. We can’t forget about the unknown threats. But let’s put that aside for a second and let’s think about the known things. So we know some things. And let’s make sure that we have enough effort to shut down these known, exploitable things first. We know that in any enterprise, there are a bunch of non-human accounts that are not being managed. They don’t have the right kind of authentication controls. They’re authorized for too much access. And it’s even doubly worse, because these things are used by machines — so usually you put the password in code, or you put the password in Slack, or you put the password in a file on the system, so it’s easy to find the secret to log into them. This is a big problem, and it’s there today. We know there are best practices and there are products and Okta sales products to help manage non-human identity and help make it more secure. And that’s a problem.
Now what is an agent? An agent is basically a piece of software that logs into a bunch of other systems on your behalf. We know that this is going to drive way more of these non-human accounts — service accounts, APIs, tokens. Whether it’s using these packaged applications — like Salesforce or Microsoft or ServiceNow to do more agents — or it’s custom development to build your own, we know there’s going to be way more tokens and OAuth that’s going to be managed. So this is a good place to start, and in fact, this is what we’re focused on. We’re focused on systems that can detect these things, and we’re focused on tools to help developers build agents that will use these secrets and use these APIs in a more secure way. That’s really important.
Then beyond that, there’s the unknowns. And I think for the unknowns, as an industry, we have to stay really attuned to the use cases — and just think in this adversarial way. All these new use cases are going to be exploited. What does it mean when you’re on your phone to ask Siri to look into your email and schedule some appointments for you? What does it mean if there’s an email that’s sent to you that has some kind of script that will be run, that will do malicious things on your phone? These are the kind of things that are the unknowns that we’ll have to figure out going forward.
But it does seem like that could pose a massive security risk if an agent could be compromised and exploited?
Yes. But I think there’s a lot of basics we can clean up before we even get to [that] issue. The basics are, you have a bunch of API access tokens strewn all over your company — whether it’s in emails or in Slack or in source code control. You’ve got to get those under control and clean those up. Because once you start having these agents, the number of those things is going to be far greater, so the risk is going to be higher. So cleaning them up now and having a program to clean those up is really good. [These other threats] are even more sophisticated. What people are going to do is, they’re going to mitigate the risk by narrowing the guardrails on what the agent can do. It’s going to be like, “OK, we’ll let it schedule calendar appointments, but we’re not going to let it send emails.” Or, we’re going to let it answer customer support requests, but if the thing goes on too long, just escalate to a human. One of the things that I think is interesting is, how do you give developers a way to let people ask for human approval really easily? When you write an agent, how do you ask for human approval really easily?
So the bottom line is that securing agentic will be a big focus for Okta in the future?
I think it’s a huge focus for everyone. Because where this is going is [that] there isn’t going to be a product that doesn’t have AI in it. It’s kind of like, 30 years ago, internet was a new thing and not everything ran in a web browser. Now everything is an internet product. It’s going to be the same thing with AI. And I think it’s going to be just meaningless to say, “My product has AI in it.” Of course, all products do.
What are some of the other impacts you see from AI and agentic on the tech industry?
I definitely think that there’s going to be very many more software developers in five years than there are now. Yes, the tools are going to make software developers super productive, but that’s been happening for 50 years. But what happens is that the demand for what the software developers build keeps growing and growing and growing. That’s what I think people miss. They think, “The efficiency is going to improve, so we’ll have fewer of them.” What they don’t realize is that, as the efficiency improves, the demand for what they could build grows. I think it’s the same thing with a lot of apps. Yes, your customer support people are more efficient because they have better tools. But I think there’s other things we can do to make the customer experience amazing that the people can work on.
In terms of your partners, what are the biggest opportunities for them in working with Okta over the next 12 months?
I think we need a lot of help from partners. Everything we’ve talked about — it’s very complicated, and we definitely don’t have all the answers. We have our opinions. In our business, it’s always about the partners that are trying to bring this home to the customer in a way that is very relevant for the customer and fits their specific needs. So we’re investing heavily to make sure that partners are enabled and that — from the largest organizations in the world down to the smallest companies we serve — we have the right partner relationships. A lot of the focus recently has been on the global systems integrators and the largest organizations in the world, because that’s where a lot of our business is increasing. The fastest-growing cohort of customers we have is the cohort of $1 million dollar-plus a [in ARR with Okta]. And then global systems integrators are really important there.
What are some of the complex issues you’ve been working on with partners recently?
The AI agentic stuff is very early — so most of the effort today is actually on the identity and security foundation for that. So we’re working with big customers to rationalize all the different identity vendors and all the different identity workflows and the account creation and the service accounts and the non-human identities — and get that all coordinated. Because usually it’s super spread out and fragmented. [We] get that all systemized on one platform across their company. That’s going to make them more secure, and it’s going to make them have a better foundation for all the APIs they’re going to create and build all this agentic stuff on top of that. [As] I call it, we’re in foundational mode with them.
But it sounds like it’s getting accelerated by the need to get ready for AI in a lot of ways?
Yes. I had a customer tell me a few weeks ago, “What are we talking about this AI stuff [for]? We have to clean up our identity before we even have a chance [to do AI].” And I think that’s resonated with a lot of customers — identity is foundational.