Okta Aktie

Thanks, everyone, for joining us. With me today is Eric Kelleher. He's the COO and President of Okta. So Eric, thank you again for joining us.

Great to be here.

I will maybe kick it off. There's so much going on, and there's a lot of questions I was putting together, but I really wanted to start from your perspective, there's so much has changed with AI. So if you think about the identity market year-to-date, what surprised you the most in terms of like the changes that you're seeing?

I think for year-to-date, so if you go back six months ago, prior to the beginning of this year, our conversations with customers were fairly broad. And Okta has grown over the years from providing basic access management to also providing workforce and customer identity.

And then also adding in identity governance, privileged access management and new security products like identity threat protection, identity security posture management and developer products with the Auth0 platform. Our conversations prior had really been about the breadth of all of those use cases for customers. And we would talk about the Identity Security Fabric.

And that fabric was the combination of all those capabilities to help customers solve identity and secure identity for all their use cases across all their products and all their technologies. What surprised us this year, to your question, is while all of that is still true, and we continue to innovate and develop for the Identity Security Fabric and all those use cases, the only thing customers want to talk about today is how to protect themselves from the AI problem they know they have within their companies. Their employees are using AI.

They're turning on agents internally. 91% of them report that they know they have agents that are live in production and 22-ish percent of them believe they have them secured properly. And so that's what people want to talk about. They have an exposure today, and they need to contain it. And so I guess what surprises us about that is just how acute that transition has been, and it has really dominated our conversations.

And as Todd mentioned in the call last week, it's really been a driver of pipeline for our new products. We brought Auth0 for AI agents to market in November and Okta for AI agents came out last month on April 30. And so those products have really been built in consultation with customers talking to us over the past six months about how specifically they need us to help them secure AI.

So maybe we'll stick with the AI theme. And to your point, it was AI agents GA for a couple of weeks, on the call last week that it's the largest, I guess, pipeline build for a net new products. So in terms of like how you go to market, like what are your reps doing to convert pipeline to actual dollars? And we'll talk about the monetization, but just curious more so like what does that pipeline look like? And how are your sales reps converting that?

Yes. And it's interesting because the space is so new, and it's evolving so rapidly and the underlying technologies are evolving. So a few months back, Gemini was the predominant platform and conversation and Anthropic would leapfrog it and now ChatGPT 5.5 Cyber is out.

And our customers are living in this world where they're not sure which technology is going to ultimately land. And so they need the flexibility to be able to protect against all of them. So our conversations have largely been talking to them about the importance of neutrality and the importance of having a broad solution that can allow for the rapid evolution of these platform technologies.

And one of the challenges we have addressed and continue to address with this particular pipeline is it's a newer motion. It's adjacent to conversations we've had about securing human identity and securing nonhuman identity and service accounts. But agents are newer conversations. So for our sellers, they don't have depth years of experience positioning these products.

They are new products that are just coming out. And so one of the things we've done to help them is we've stood up a tiger team of resources from a sales standpoint, a product standpoint and engineering standpoint with forward deployed engineers that are working actively with early customers and early enterprise customers to help us both design and build the products and convert pipeline.

So that team has been really driving our strategy and our engagement and our specific feature prioritization over the past many months, which is why we're confident that the product that we brought to market is going to fit the need because it was really designed collaboratively with customers.

The -- I know it's a small sample set, but on the call, a lot of investors kind of focused on the commentary where I think you said if there's -- I think it was more so on the call back, which was a customer comes in for an upsell, they buy IGA, if they were to attach AI, that component would be larger than the upsell.

I know it's a small sample size, but can you just provide some color on what you meant like when you say larger in size, I assume absolute dollars, but to the magnitude, and again, smaller sample set, but can you touch on that a little bit?

Yes. What Brett talked about in the call is that it's about 40% larger, significant. And it is -- it really is a testament to the value that customers place on the exposure that they're working to mitigate. And as every successful cyberattack earns a headline, customers get more and more aware of the fact that they have an exposure that they need to mitigate against.

And so that helps them understand they need to control for all the use cases. The challenge that customers have to -- enterprises have today is that they can't control their employees. Employees are able to spin up an agent and give it access to their e-mail and access to their calendar and access to their Google Drive, which contains things that they don't even know they have access to.

And so as that becomes more prominent and more acute and as there's more issues in the press, companies don't want to be tomorrow's headline. And so they know they need to invest to put themselves -- to increase their security posture and put them in a position where they can protect against having their own agents compromised or over-permissioned or impersonated. And so that's really what we're seeing and the level of investment we're seeing is that's where customers see the biggest exposure to.

And then if you think about Auth0 and then Okta, where -- it sounds like Okta is having more success early on with AI, just given the deployment because it's more internal versus Auth0 side. But maybe walk through those dynamics. And does that shift over time? How do we...

I don't -- I wouldn't agree with the premise of that question. We're having good success with Auth0 for AI agents as well. We're -- you might not have heard us talk about it as much on the call because that is -- it's an upstream product.

So Auth0 for AI agents is a tool for developers that helps them develop agents that can be secured. And it allows for example, for fine grained authorization, where you validate -- when an agent takes action, you validate not only that it is who it says it is, but also that it has the specific permissions to do the thing it's trying to do.

That capability is hugely important. Token vaulting, which is included there is hugely important. So -- we've had -- we continue to have good success with that product as well. From an enterprise security exposure standpoint, the more acute challenge our customers are facing right now is that they don't know 3 things.

And we call answering these 3 things, the blueprint for the Secure Agentic enterprise, where they don't know where their agents are. They don't know what they can connect to and they don't know what they're authorized to do. And so Okta for AI Agents is a platform that addresses those 3 areas, helping with the problem of discovery, how we find what agents are live in production for your company and then helping with the problem of connection and ensuring that you know what those agents are able to connect to and then helping with the problem of authorization and knowing what they're authorized to do.

I guess the question I have is, and I want to ask within identities, if you think of privileged access, which you have, IGA, which you have further along the maturity curve and think about your core, it's more important or a bigger priority for customers in terms of securing AI.

In terms of securing AI, so governance continues to be a very strong contributor for us, and we don't see that slowing down. In addition -- and governance plays a role in securing AI as well. And for example, one of the use cases there is just-in-time provisioning. So one of the challenges with agents is typically -- not typically, often, agents are configured with standing privileges, meaning you allow an agent to connect to one of your systems and it just has access to that system, standing access to that.

One of the areas we can address that with governance is through just-in-time provisioning and deprovisioning, where you wake the agent up when it needs to do work and then you turn it off immediately afterwards. So you solve the problem of standing privileges to that. So governance is an inherent part of the solution for securing AI.

But then the Okta for A Agents platform helps you -- again, helps with those fundamental questions. First of all, knowing where the agents are so that you know which ones might have standing privileges and you know what to look at, knowing what they've been given access to, what they can connect to. So again, you can help you understand what that exposure is and then knowing the verbs, the actions that they're allowed to take.

So is the analogy where it's everyone needs governance, but not everyone needs privileged access, meaning maybe the CISO, someone in the security team, I don't personally need access to turn it on and off MFA. So does that mean IGA is probably a bigger upsell than privileged access? Or do agents need both?

There's aspects of privileged access that really help with AI and especially in particular, token vault is a feature of privileged access and also a feature of Auth0 AI agents. And that token vaulting allows an agent to have credentials, which are managed in a secure location and have business rules that requires them to be rotated. And if you go back 10 years ago, people would configure a service account and hard code a user ID and password in a config file and be done with it and that would live that way for years.

We've all learned as an industry that doesn't work. It's a huge exposure. So privileged access will become increasingly important for more of those use cases over time. As far as our business is concerned, it's a newer product for us yet. It's not yet a land product. We have now matured Okta Identity Governance to where it's now a land product for us. And in addition to being a frequent cross-sell for existing access management customers, we're also going in to displace entrenched legacy deployments from other vendors.

So governance has matured to the point where it is now a point of entry for us, which is great. Privileged access is a couple of years behind governance in its maturity. It's certainly not -- we don't consider it a land product for us today. But for the use cases that it supports around access management and governance, it's been very effective.

Could you share what percentage, I guess, of net new customers come through IGA?

We don't break that out. Keep me honest with that, [ Dave ]. So no.

Maybe talk about the monetization. This whole conference, everyone has been talking on the software side, how this plays out over time. How are you thinking about monetization of these agents, consumption, usage-based? Maybe just walk us through what that trajectory looks like.

Yes. Todd talked about that on the call last week. The -- one of the challenges the industry has right now is the economics of AI and inference and compute are such that most vendors are bringing to market their AI offer with a consumption-based model. The challenge with the consumption-based model is customers don't know how to budget for it.

And so leading with a consumption-based model slows down your sales cycle materially. And we have this issue internally as we're buying AI products and trying to figure out how do we budget for what our consumption is going to be. So what we're doing with these early customers is we are entering into 1-year terms, and we're only having a seat-based model for now.

And we've talked to all these customers coming in that for the first year, we're going to have a seat-based model, here's what it's going to look like, and they can budget for that. And then we have the understanding that during the year, we're going to learn their actual consumption so that if we were to add in a consumption-based component at renewal, they would have data to ground their budget cycle on. And that -- the reason that we landed on that is just by working with these customers over the past six months is what would make it possible for you to get started. And that's been very effective so far.

Okay. Maybe jumping to, I think, some of the comments you made on go-to-market. You've made a lot of changes over the past, call it, 6 quarters. Most of last year was kind of ramping some of these net new reps. You called attrition is basically at levels where you haven't seen it in a very long time. So we're seeing...

Good level...

At a great level.

To be clear, that could go the other way, right.

So you -- it sounds like you're kind of pulling back, I guess, a little bit on net new hires. Maybe just walk us through some of the commentary on the call in terms of why not step up.

Yes. It's interesting, we went through a couple of years of needed go-to-market evolution. And one of the questions we would get in these conversations is how much disruption is too much disruption? And are we -- how are we managing productivity and tenure and time and seat. And we're looking back, we're very confident the moves we made were the right moves.

So our waves of specialization, we're now in our fourth, which I'll get to, but our first a few years back was to carved out a set of sellers to focus on public sector, federal and state and local and international. And that team has had a very good run focusing on those buyers and that budget cycle and those purchase cycles. We then, 2 years ago, rolled out a hunter-farmer model in our Americas commercial business.

So we moved reps who had been accountable for all new logo acquisition and upsell, cross-sell and upsell, what we had found is that, that business was shifting so much in the cross-sell and upsell and largely as we brought more products to market, they had more to sell that we weren't spending enough time feeding the top of the funnel by bringing in new logos.

So we carved out a set of sellers and put them in a hunter motion where their focus was on new logo acquisition. And we've talked about, it took about a year for that model to get -- to really get running at full speed. And that's what we had expected and how we modeled and set guidance. And then this past year, 5 quarters ago, we rolled out a specialization model on our platform and our buyers.

So whereas previously, every rep sold everything, we divided the sellers into two populations, one that sells to the corporate IT and security buyer, the CIO and the CISO, and they sell the Okta platform to that buyer and one that sells to developers, whether it's software developers or B2B SaaS or even in-house developers, and they sell the Auth0 platform.

And that specialization we rolled out January of last year, and we talked about this throughout the year, it's proven to be very effective. So as a result of all of this, we have seen several quarters of improving rep tenure as attrition has gone down and tenure has gone up and productivity has gone up as well. And overall, when you talk to the field organization, I was just at our club event a couple of weeks back, you can feel the optimism and people know that they can be successful and know that they can make money.

And so when we look at capacity to get back to your question, we want to be careful to add capacity to drive up bookings, but not to add so much capacity that we disrupt territories that we disrupt books of business, that we have to reallocate accounts and then people have to reset new relationships.

We find that when people have accounts longer, they're going to sell more into those accounts. And we don't want to carve territories to the point where reps lose some momentum and feel like they're losing some opportunity to be successful. So we feel like we have that balance about right. We've added a bunch more capacity in Q1. We're adding less incrementally during this quarter and next quarter, but we're going to measure based on our pipeline to make sure that we're not leaving deals on the table. So we'll adjust as we go.

Where is the -- you talked about public sector real quick. We had a good strong Q1. What's driving that? It sounds like it was across the board, state, federal and local.

The -- overall, the team is well tenured and well productive, and they've got the product mix that those buyers need. I think one of the things to keep in mind also is Q1 is typically a low quarter for public sector. The federal fiscal year starts in our Q3. So Q1 is typically -- we don't typically have a lot of renewals or a lot of net new purchases at the federal level, certainly. But state and local continue to be active, and we had some good federal deals in Q1 as well.

The one thing that also stood out to me was just the step-up, I think, in partner-sourced bookings, multimillion, I think, was up year-over-year. Along -- I guess more so, that was part of your shift and I want to talk about shifting more of your pro services to your partners. Obviously, that broadens distribution, makes it a lot more stickier. They're going to push your products. What was the move behind that? And part of it was part of the go-to-market changes. But if you think about this the partner-driven deals, like what -- how does that look throughout the year?

Kind of -- it's 2 things. One, we've had for many quarters, we've had -- our most exciting growth has been at the top of the pyramid, it's been upmarket. We -- I think we did announce in this quarter that our customers over $100,000 in spend are now over 85% of our revenue. And our customers over $1 million represent over $1 billion in ARR. And so as we go upmarket, we're having bigger conversations.

And as our product portfolio has expanded, we're having conversations that span multiple processes and multiple departments and multiple use cases. And as that complexity increases, our partners have an increasing need to be working with a systems integrator that can span broader parts of their business.

And so we have been working with global systems integrators across all this. And what we realized this year coming into our planning cycle is that we could take a deliberate step to refocus our professional services resources on enabling those partners to get greater scale. And so that's the adjustment that we made where we basically shifted 1% of revenue capacity towards partner enablement and working with those GSIs and these accounts. And that played out as we expected. It's both financially and from an engagement standpoint.

We have active engagements at customers with all the major GSIs. And we're seeing that continue to improve. And ultimately, what will happen is as they build more experience, they build more bench capacity, they bring us more business, because the GSIs sell what they have in their bench. And as they build Okta capacity on their bench, they're going to be bringing more opportunities to us.

When does that become more meaningful in the model? Is that 2Q, Q3? Just maybe when does it really start to step up?

Brett's comments last week was that we expect to start to see that contribute in Q2.

Okay. Maybe going back to AI. The question I had for you, and again, it's been a question I've been asked all this whole week is incremental AI dollars being spent, where is that coming from? Is it being pulled from endpoint network? Or is it like new buckets of spend that CISOs are getting?

It's really from -- it's both. So it's people rebalancing their portfolio, but there is a lot of net new investment coming in. And it's coming in because this is a Board-level exposure. So as this market evolves and as threat actors get more published, boards understand that this is a real security concern.

The problem of having agents having standing privileges to corporate assets, the problem people are understanding that they're behind in data governance and ensuring that they have proper -- they're finding their humans have access to data they didn't know their humans had access to, but now agents are on they're 24/7 and they work at a much higher clock rate than their humans work.

There's increasing exposure that needs to be managed and invested in. And so we're finding Board-level engagement and investment in Agentic security specifically. So there's net new funding coming in. And then in addition to that, companies are looking internally at where they can harvest some savings to drive into this area as well. So we feel it's very much a tailwind right now for the product, which is why we've innovated the way that we have with the offers we brought to market.

So it sounds like consolidation is definitely a trend, platformization. Obviously, one of your competitors brought it up. But with that, I mean, I guess -- and within AI, where is the most success? Is there a specific geography, a certain vertical that you're seeing more traction today than you probably wouldn't have expected 3 months ago?

Not vertical or geo, these are pretty global needs. I think where we're having the fastest success in these conversations is where we're bringing in our specialists. And so the reason we've created a tiger team is they do nothing but talk to customers about this specific problem all day, every day. And so we direct that team to the -- what we perceive to be the largest opportunities. We have activity in all of our geos. But I wouldn't say that there's a single vertical right now that is standing out beyond others.

If anyone has any questions, feel free to jump in. The -- maybe let's talk about competition. I would love your input on what you're seeing or what your expectations from Palo Alto with CyberArk. Obviously, it's more on the privileged access side. [ Palo Alto ] is making a big push into identity. I think they came out with FalconID, which I think is more of your core but very low-end products. Where is this market evolving to?

First of all, it's a huge pie. The market is enormous right now. Second, the one core differentiator that -- and we talked about last week as well, is our neutrality is huge. And customers don't know which vendor is going to own which parts of the stack, and they know that they need to be able to solve and secure identity across whatever technologies are coming in and out of the mix.

So that continues to be a core differentiator for us. We also have, from a distribution standpoint today, over 20,000 enterprises that already trust us to secure identity. And so for them, expanding their secure identity to include a new use case with agents is a very natural extended conversation of the work that we're already doing with them. We've done a really great job building those connections. And then from a partnership standpoint, I mentioned we have over 8,000 applications that are integrated with us.

Those companies you mentioned, CrowdStrike and Palo Alto Networks, they're huge partners of ours. We have thousands of mutual customers. So those relationships obviously will evolve as they -- as we overlap more on the edges, but we see it on the edges right now, not in core head-to-head.

Okay. Where do you think Palo will have the most success with CyberArk?

I think where CyberArk is strong is on Privileged Access, as you mentioned. They have many years of incumbent access there. Their solution is legacy on-prem. They're work right now to bring it into a multi-tenant, multi-tenant SaaS, and that's taken some effort for them. It will continue to evolve with Palo.

So for firms that are Palo customers that have a privileged access specific need, they and now are going to be a natural offer for that. But again, that's not a land product for us today. So we wouldn't expect to be head-to-head in those transactions. Where we're broader on access management, governance and security threat protection and posture management, we'll bring those offers in to help balance out...

Yes. For your early identity customers to what extent do they have to have a consolidated identity stack across the 3 legs of the stool to make the best use of Okta's Agentic products?

The Agentic products bundle all the capabilities that are needed from those stacks. So if a customer buys Okta for AI agents, they get the components of access, governance and privileged access that are required to secure the Agentic use case. That's how we would package it that.

So could you -- if I had Salesforce for Governance and [ Cyber PAM ] and I use you for access, could I deploy your Agentic solution or I need to migrate?

No, you can deploy it.

Full feature set. Yes.

The Okta for AI agents, to be clear, Auth0 on the build side, but on the governance side, yes.

Can you maybe help us understand where does CrowdStrike compete? Is it more complementary? Is it more competitive? Where do they fit in the stack? And then how does that...

We don't see them head-to-head at all. We talked about this on the earnings last week. The one named competitor that we see materially is the it's always been is Microsoft. And the primary play they have is bundle, right? So for customers that are -- that have a very specific need for the small subset of capabilities that Microsoft can provide in the E5 and E7 bundle and are under cost constraints, that's a legitimate competitor, and that's something that we grapple with.

But our win rates against Microsoft haven't materially changed in many, many quarters. But that's something that is a constant conversation for us because if you're not using the breadth of our stack and you're only using a subset of access managements and you have -- you're already a Microsoft bundle customer, we have some exposure there.

So our account teams are very driven right now in driving our stickier products that get us great, things like workflows, things like governance and privileged access and our security products. And as we add all those in, we become even more of an established standard and people build on us.

Is there a stat that you can maybe share like how much overlap -- how many Okta customers are using maybe parts of Entra what Microsoft has?

We don't have -- published those stats, but we have many customers that are also Microsoft customers.

Is there a specific part of the Microsoft stack you're using that perhaps that you guys don't have? Like why would -- maybe walk us through like what -- if it's a Microsoft customer using Okta and Microsoft, where is the overlap?

It can be a customer that's migrating over time and coming more -- it can be a customer that has a legacy Microsoft app that they're using that has been previously configured that they haven't yet brought over. Those use cases are very, very common. But usually, it is either that or it is people not really using the Entra components, but they're using other components of the bundle.

Maybe talking about some of the cores. Look, maybe I'll start with Auth0. I mean that business has continued to do extremely well, checks in the channel on the developer side, just the library of applications. Where does that business trend? And what are the investments that you guys are making into Auth0 today that you think will kind of help sustain that growth?

Auth0 continues to serve its core audience, which is developers. Those developers historically, we've talked about Auth0 as a customer identity access management solution, which it is. And the reason that we've used to lump those in as almost synonymous once upon a time was because the primary use cases people were using Auth0 for was to build applications that serves customers in a B2C model.

That's expanding now. Developers are building additional things. So we have a focus on B2B SaaS providers, people that are bringing applications to market. And so for those customers, you asked about innovation targets, for example, we are investing to earn FedRAMP's authorization for the Auth0 platform, which it does not have today.

And the reason that we're doing that is because B2B SaaS vendors need to be able to sell their products to government. So we need Auth0 to earn FedRAMP accreditation so that they can sell their products to government. That's an important investment that's well underway for us right now. And so in addition to B2C, B2B, we are now seeing Agentic development as the net new category. And the reason that we've been investing in that product is specifically to serve that use.

I guess just like how do you manage that investments across Okta and Auth0?

Today, our -- the engineering teams are distinct. They both report into Ric Smith, our President of Technology. And Ric is -- and that's a recent change we announced a month ago. And Ric's charter with pulling them together is to make sure that we don't duplicate efforts. So for example, we've spent many years earning FedRAMP authorization on the Okta platform side. It's FedRAMP high authorized.

We don't want to have to repeat that and start from scratch with the work that we're doing on Auth0. So he's looking for programs like that where we can get some commonality and some reuse of the skills that we've already developed in-house, and that will work in both directions for us.

The other impressive, I think, stat in the quarter, net retention ticked up for the first time, I think 106% to 107%. It sounds like perhaps maybe there is an inflection maybe later in the year. But walk us through how much of that is the core buying net new seats? AI? Is it IGA? Is it privileged access? Like what drove the trajectory to take it higher and then throughout the rest of the year?

Yes. So we've mentioned we expect it's going to travel around here, plus or minus a point for a while. It's all the things that you mentioned. The -- although I would not attribute privileged access specifically to be a material contributor, but cross-sell and upsell across the entire new product portfolio had another really strong quarter for us, and that always helps. And we've -- as we've talked about in recent quarters, we've, at this point, flushed out the COVID cohort of exuberant purchasing and 0 interest rate days. That's helped us on the NRR side as well. So those headwinds have abated and the tailwinds of having new products that are available that are driving incremental value is really resonating as well.

Are there additional I guess why are you talking about maintaining the current level through your go-to-market large Auth0 customer loss in August, I think. So why wouldn't you expect improvement in the back half?

It changes every quarter based on the mix of new business and based on the mix of cross-sell and upsell. And so our expectation is for it to trend about where it is. We're pleased to see it tick up from 106% to 107%, and we're working to drive it further. But for now, we're calling it where it is.

If you think about the growth formula for the full year guide, how much of that is just maybe an uptick in net retention, better upsell and cross-sell, which you are seeing versus just net new logo growth? Like how should investors -- how should we think about the sustainability of, call it, high single-digit, low double-digit growth for the next 1 to 2, 3 years. Obviously, you're not guiding. Walk us through like where is growth coming from?

Get me out of trouble on this. What do we say on this one?

Yes. It's a confluence of all of the major initiatives that we've been investing over the last couple of years. So it's going to be -- what's going to come from improved go-to-market execution, new products, which includes some of the agent that bit further out, investing in the partner motion and shifting some of our revenue over to our partners and success of our businesses.

Yes. Channel is a bit -- we haven't talked about channel much here, but the channel for us as well has been an area where we're pleased with the momentum that we have, and we're investing further in developing that. The GSIs are one example of that.

What percentage of your bookings in today is partner driven? And what does that look like 12, 24 months for now?

Yes. We said that over -- I want to get the numbers right here. Over 80% are partner influenced, over 40% are partner sourced. So that's when they actually source the deal and hand it over to us. We believe we can get those numbers up higher over time. That's why you see...

Now the partner influence versus partner source, like who's getting the pro service dollars? Is that the partner sourced deals?

For deals sourced with SI partners, they take prime on those deals, and we'll support them with expert services. For partner influenced, it can go either way. It depends upon how the engagement is. Our preference is to prime as little as possible. We want to make sure we maximize the opportunity for our partners. But we -- there are some use cases that are either bleeding edge with new product capabilities or require deep work with our engineering team where it makes sense for us to be prime on those transactions. But we try to minimize that so that our partners have the opportunity to build their depth of relationship with customers.

Okay. Maybe one more financial question, and I'll just end it with another. Maybe you can help me keep me honest. So if you think about the margin guide, op margin guide, free cash flow margins now high teens, if not 20%. As you think about going through the year, perhaps if you then double down higher on go-to-market, new reps, the investments in R&D across Auth0, Okta, what's the sustainability of margins and the trajectory there?

We manage to Rule of 40. And we -- so we balance the growth and free cash flow, and we work to keep them in balance and make sure we manage the Rule of 40. Right now, as we've talked about, we have -- we believe we should be growing faster. And so we are indexing our investment to elevate our growth rate as fast as we can. And we feel confident we've demonstrated we can generate cash when we choose to generate cash. But what we want to do is while we're focusing on efficiency, we want to make sure we don't starve investment opportunity that could accelerate our growth rate. So that's how we think about that balance right now.

Okay. And maybe the last question is what's your pitch to investors today? Your stock has obviously outperformed since you guys reported. Execution has been a lot more flawless and more consistent over the past couple of quarters. So if you look at the stock today, your guidance, kind of the tailwinds from AI, the monetization opportunity, I think most of us see within security because every agent needs identity authorization, you need to authenticate what every agent has. So maybe what's your pitch today? And then what does the story look like?

That's a pretty good baseline right there. So securing identity has never been more important than it is right now. Human identity has -- we've known that's been important for a while. Nonhuman identity and service accounts over the past 7, 8 years, people have realized they have huge exposures there.

And now Agentic identity and exposure has really poured gasoline on the fire. So from that overall perspective, there is an acute awareness of the importance of securing identity right now, which is going to help Okta. And I would say in addition to that, the challenge that new players are going to have in this space is the challenge of distribution and connectivity.

And our neutrality and our -- the depth of our network effect of our existing integrations makes us almost plug and play for any customer with all these use cases. And so we believe we're very well positioned to take this market. And we're working our a**** off to make sure that we do that, excuse me. Todd mentioned on the call last week, we don't get paid for pipeline. We got a good -- our pipeline right now is really healthy. We've got to convert it to bookings. And so we're very focused on doing that.

Maybe just one last follow-up. You talked about the monetization. One question I get often is, I think SailPoint puts out their metric is for every one human employee, there's anywhere from 5 to 40, I guess, agents or Chatbots, Copilot to test. What are you seeing today?

It depends who you talk to. The IDC's projection is that we'll have -- collectively, we'll have 1 billion agents live in production in 3 years out. So it's hard for people to project. And as you just mentioned in the question, it's also important in how you define an agent. What's an agent versus a Chatbot versus a piece of software tool that you use.

We -- I expect personally, and I can say on behalf of Okta, we expect there is going to be a lot more agents than there are people. And all those agents bring with them security concerns and security exposure and they expose data governance concerns and data exposures.

And so we believe all of that is going to bring Agentic identity security to the point where it becomes much more of a prominent conversation even than human, which is already critical for folks. So one of the areas that we talk about frequently that remains true is over 80% of successful cyber attacks, over 80% of successful cyber attacks start with compromised identity. And as the industry has learned that, as the industry has become aware of that, they understand that they cannot have a secure company if they're not properly investing to securing identity. And we believe we have the right to earn that business to be that solution for them.

Quantum question. I know it's like a couple of years down the road. Is that a concern at all for customers today as you think about quantum breaking through any -- basically any kind of encryption?

From time to time, I'll talk to CISOs about their thoughts on quantum. But what I can say is it's not a -- I'm not experiencing it as a top-of-mind concern today. It's on the radar, something they should probably be thinking about, but it's -- they have acute issues to manage today, and that's something to think about in the future. Not there yet.

If there's any other questions? I think we could end there. Eric? All right. Thank you.

Thank you.

[Presentation]

Hi, everyone. Welcome to Okta's First Quarter Fiscal 2027 Earnings Webcast. I'm Dave Gennarelli, Senior Vice President of Investor Relations at Okta. Presenting in today's me will be Todd McKinnon, our Chief Executive Officer and Co-Founder; and Brett Tighe, our Chief Financial Officer. Eric Kelliher, our President and Chief Operating Officer, will join the Q&A portion of the meeting. At around the same time, the earnings press release at the wire, we posted supplemental commentary to our IR website.

Today's meeting will include forward-looking statements pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. A including, but not limited to, statements regarding our financial outlook and market positioning. Forward-looking statements involve known and unknown risks and uncertainties that may cause our actual results, performance or achievements to be materially different from those expressed or implied by the forward-looking statements. Forward-looking statements represent our management's beliefs and assumptions only as of the date made. Information on factors that could affect our financial results is included in our filings with the SEC from time to time, including the section titled Risk Factors in our previously filed Form 10-K.

In addition, during today's meeting, we will discuss non-GAAP financial measures. Though we may not state it explicitly during the meeting, all references to profitability are non-GAAP. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. The reconciliation between GAAP and non-GAAP financial measures and a discussion of the limitations of using non-GAAP measures versus their closest GAAP equivalents are available in our earnings release. You may also find detailed information in our supplemental financial materials, which include trended financial statements and key metrics posted on our Investor Relations website.

In today's meeting, we will quote a number of numeric or growth changes as we discuss our financial performance. And unless otherwise noted, each such represent a year-over-year comparison.

And now I'd like to turn the meeting over to Todd McKinnon. Todd?

Thanks, Dave, and thank you, everyone, for joining us afternoon. We're pleased with the strong start to FY '27. Consistent with recent quarters, our results were driven by strength with enterprises, partner engagement and contribution from our newer products. Underpinning this performance is the durability of our core business with the Okta and Auth0 platforms, both contributing to steady momentum across our entire portfolio. That said, the #1 topic of interest from customers to investors is Okta's AI strategy. So today, I'll focus my remarks on how Okta is uniquely positioned to capture the AI opportunity.

The future of technology is agentic. For Okta,, this represents a tremendous opportunity and an even greater responsibility. Every agent inside an enterprise is a new identity. Today, AI agents are the fastest-growing identity in the enterprise but also the least governed. Okta helps bring agents under control by treating them as first-class identities that can be managed and governed by their existing identity management system.

We believe, over time, most large enterprises will have more agentic identities than human ones. This shift broadens the attack surface because every agent comes with credentials privileges, and the ability to act on a user's behalf. In turn, this raises the strategic value of the identity layer because governing autonomous systems requires the kind of control, audit, continuous intent-driven authorization and real-time enforcement only an identity platform can deliver.

To help our customers confidently secure this shift, we're building on 3 unique advantages, each with powerful network effects: distribution, product breadth and neutrality. Today, I'll cover all 3, starting with distribution. Okta pioneered identity for the cloud era. Over the past 17 years, we've built the most modern and comprehensive identity platform, which is now the identity system of record trusted by more than 20,000 customers. In the agentic era, identity becomes even more foundational. When a customer secures their agents with Okta, they are not taking on a new platform; they are extending the trusted foundation they already rely on with Okta.

We've already seen how our customers benefit from this expansion in other parts of our business. Customers are finding value in Okta's unified identity system as Okta in governance was once again the leading contributor among our new products. This distribution flywheel is evident in our results.

Our new product portfolio represented approximately 25% of Q1 bookings, a meaningful increase from Q1 last year. We see a 40% ACV uplift when new products are included in a deal. The same customers who trust Okta for workforce and customer identity are extending that trust into agent identity.

Our second unique advantage is product breadth. We are the only vendor with solutions that address both sides of the agent security problem. Okta for AI agents, which became generally available last month, gives enterprises a single control plane to discover, govern and manage agents across their organization. It is the first and best implementation of the blueprint for the secure agentic enterprise, an industry framework for bringing agents under control by answering the three questions that have dominated my customer conversations over the last several months. Where are my agents, what can they connect to and what can they do?

Enterprises need to maintain visibility and control over their sprawl of agents, ensuring they have governed identities, consistent access policies and ways to shut them down to secure every agent to end. Okta provides customers with centralized visibility into agents with identity governance capabilities, including ownership assignment and life cycle management while giving IT and security teams, critical security controls to deactivate rogue agents.

For developers building AI agents, Auth0 for AI agents provides the identity foundation to ship secure agents inside their products. Auth0 for AI agents secures agents, APIs and users effortlessly for B2B, B2C and internal apps, all backed by the enterprise grade Auth they already trust. In tangible terms, pipe generation in Q1 was strong, driven in part by these 2 new products.

The third unique advantage is neutrality, which is more important than ever. The AI landscape is opting rapidly. Customers need an identity solution that frees them to choose whatever technology serves their business best without fear of vendor lock-in. As the leading independent and neutral identity platform, Okta gives organizations the flexibility to do exactly that.

In the same way, enterprises run workloads across multiple clouds. They are deploying agents across various platforms like OpenAI, Anthropic, Google, Microsoft, Salesforce and a growing set of open source frameworks. Managing and securing an autonomous workforce requires a neutral, independent identity layer that others can't provide.

In practice, cloud providers, all providers and agent platforms are partnering with Okta to securely manage agent identities as they continue to proliferate across the enterprise. Okta is the only [indiscernible] platform purpose-built to sit above the agent ecosystem, and it federates with whatever identity provider a customer runs. That means the opportunity for Okta for AI agents is not limited to our existing workforce customers. It extends to every enterprise with a multi-platform AI strategy.

These 3 advantages are unique and mutually reinforcing. The more organizations use Okta to secure their agents, the more identity signals flow into our platform and the stronger our governance and detection becomes, and our neutrality allows us to secure current and future agent frameworks for customers, allowing Okta to capture more of the addressable market.

Neutrality becomes even more important when it comes to technology partnerships and integrations, like the traditional cybersecurity landscape, no single company can address the agentic security market alone. That's why we've partnered with AI leaders from ISVs to hyperscalers to frontier AI vendors, and I'd like to highlight a few of those partnerships today.

We've entered into a partnership with ServiceNow that integrates their AI control tower product with Okta for AI agents. Our partnership with Google brings centralized identity guidance and access control to Google's agent gateway. Okta for AI agents now integrates with Amazon Bedrock Agent core to provide customers with identity governance capabilities for their agents.

We were a launch partner for OpenAI's release of GPT 5.5 trusted access for cyber. And finally, we're collaborating with Anthropic in a number of ways to testing Anthropic's preview model as part of Project Glasswing to a new integration between Okta Identity Security Posture Management and the Cloud compliance API.

It's still early days, but the agenetic era is fundamentally transforming how we deliver success for our customers. By leveraging our unique advantages, great products, deep partnership and industry expertise, we are well positioned to help customers thrive in this fast-moving landscape, which will unlock a new growth vector for Okta.

To wrap things up, FY '27 is off to a strong start as we look to build on our momentum as we move through this year and beyond.

I want to thank the entire Okta team and our loyal customers and partners who put their trust in us every day. And now here's Brett to cover the financial commentary.

Thanks, Todd, and thank you, everyone, for joining us today. The investments we've made in product division, our go-to-market team and partner network are yielding tangible results. We're pleased with the strong start to FY '27 and are confident we're on the right path to accelerate the business. My commentary will provide insights into our Q1 performance and then move into our outlook for Q2 FY '27. I'll start by highlighting the strength we saw in our go-to-market performance.

As a reminder, at beginning of Q1 last year, we further specialized the [indiscernible] team into Okta sellers addressing security and its Auth0 sellers addressing developer buyers [indiscernible] are now fully settled into place, allowing us to start this fiscal year with far less change.

The stability of the sales team, coupled with strong execution led to positive go-to-market KPI improvements. including increased sales productivity, strong pipeline build and low AE attrition.

We're also seeing the investments we've made in our partner initiatives take root as partner-sourced bookings experienced a meaningful increase including multiple dollars million plus deals in Q1.

Moving on to our balance sheet and capital allocation. We had another strong quarter of cash flow in Q1 and ended the quarter with a very healthy balance sheet consisting of approximately $2.6 billion in cash, cash equivalents and short-term investments. Next month, our convertible notes reach maturity, and we will settle the remaining principal amount of $350 million in cash.

Over the course of Q1, we repurchased and retired just over 3 million shares for a total cost of $241 million. $608 million remains under the $1 billion repurchase program that we launched in January as we look to take advantage of what we believe to be an undervalued share price. We continue to regularly evaluate Okta's capital allocation priorities to ensure we're well positioned to sustainable long-term value to shareholders.

Now let's turn to our business outlook. Our guidance philosophy is unchanged as we continue to take a prudent approach to forward guidance.

For the second quarter of FY '27, we expect total revenue growth of 9%, current RPO growth of 11%, non-GAAP operating margin of 26% and free cash flow margin of 20% to 21%.

For the full year FY '27, we now expect total revenue growth of 9% to 10%, non-GAAP operating margin of 25% to 26% and a free cash flow margin of 27% to 28%. As I called out last quarter, the FY '27 revenue guidance includes about a 1 point impact related to a strategic decision to shift more of our professional services business to our partners, specifically global systems integrators. This change will result in lower professional services revenue and is expected to start to materialize in Q2.

In addition, the FY '27 free cash flow margin guidance includes about a 1 point impact related to lower interest income due to the combined impact from the stock repurchase program and our intent to settle the remainder of the 2026 notes in cash.

To wrap things up, we're optimistic about the trends we're seeing in the business. We've been disciplined with our cost structure while investing for growth, putting Okta in a great position to extend our leadership in identity security.

We've demonstrated exceptional leverage in our model and are positioned to deliver profitable growth for years to come.

With that, I'll turn it back to Dave for Q&A. Dave?

Thanks, Brett. I see that there are already quite a few hands raised, and I'll take them in order until the top of the hour. And in the interest of time, please limit yourself to one question. So with that, we'll take the first question from John DiFucci at Guggenheim.

I guess I'm going to stick, I was going to, a couple but I'm going to ask one, Dave. And it's going to is going to lead into what Todd was talking about with AI. It's not won I'd like to ask usually, but I think, based on our work anyway, you guys have done a great job of gaining AI mind share among the channel, like the channel is talking about what a good job you're doing that and getting in front of customers, but we realized it's still early. Can you talk about how this is materializing in the market? How are customers actually at the point where they're actually securing agents yet, are they just talking about it? Or are there a lot of them that have already been really doing that and you're trying to make sure you're in front of it?

John, let me set the stage for you out there. I've spent the last 6 months, I'm on this goal to talk to in-person face-to-face with our top 100 customers, about 75 customers in. And when you mix that with a bunch of other conversations, here's what's going on, everyone is deploying agents in some way, shape or form. But they're really just starting to think about and put in programs in place to lay out the rails of governed managed adoption. So a concrete example is you'll have a development team that is using cloud code, but it's connected to GitHub and their JIRA system with static tokens in the local developer box. So that company is viewing agents, but they've really done it in a haphazard nonsecure way. And what's happening now is they're figuring out those rails. They're figuring out how they're going to have secure connections, have a system to monitor where all the agents are, have the ability to support it for multiple platforms. And that's why you're seeing the record interest and the record pipeline for what we do with Okta for AI agents and Auth0 for AI agents.

The reality is of these products, it's still early. They're not materially contributing to the business in Q1. In fact, we're still being prudent in our guide. They're not even -- they're a little bit in the guide, but not significant in the guide but it's going to be big. We're putting a lot of R&D effort into this and focused on it. And the interest is super high unlike you've ever seen. And I think it's because we focused on it, we have a good story and good thought leadership, as you mentioned, with the channel. But I think another big reason is that it's ours to win because they're used to looking to us for trusted infrastructure that they use to connect their employees and their customers to all these resources. So it's very natural to say, who can really manage these connections and give me these governed rails for all these secure connections, where my agents are, what they're doing, what can they do? It's a natural fit for us. So I think as they build out this infrastructure, we're in this really great position to have to be a super, super meaningful part of the business and TAM over the next several quarters and several years. And that's why we're working so hard to take advantage of it.

Todd, that all makes sense. If you could just, in this same topic, when do you think this will start to happen in mass? And like I said, you're up ahead of it.

Well, one thing that's already happening is that we're already starting to get pull-through in the sense that these agentic AI conversations are raising the strategic importance in many of our customers' eyes of what Okta is beyond just workforce, access management to this really, hey, these guys could be this broad platform across governance, privileged posture management, identity security, identity infrastructure, and that is having an impact. That is in the numbers now. Like if you look at our 12% revenue growth, you look at net retention inflecting up to 107, cRPO of 12% that's being driven by Okta being put in a more strategic light because of this thought leadership in AI, and that's and that's going to continue throughout the year as well.

Thanks, John. Next up, let's go to Brian Essex at JPMorgan.

I wanted to follow up on John's question a little bit. So Todd, I would love to know from a macro and spending perspective. I mean you heard beginning of the year, I think there was a little bit of caution around IT security budgets. And then we started hearing about security getting access to budgets outside typical budgets, whether it's like marketing budgets and so forth. And now we're starting to hear about like [indiscernible] or incident spend. Now that mitosis come out last week, which you mentioned, I think CIOs a little bit fearful of the, how the threat environment might accelerate. So could you tie that back into what you're seeing for demand and access to IT budgets? Are you getting that incremental spend? Is the panic around the threat environment a headwind to your sales cycles? Or are you benefiting from it? Would love to just get what you're hearing from customers.

So when we talk to customers, there are cyber professionals, and they're entrusted with keeping their organizations secure. So any kind of intelligence they can get any kind of like edge or information, whether that's something on the dark web or that some new model, they're all over it. And there's a ton of energy around getting access to meet those and Glasswing and OpenAI is a new model. So they're very interested in that.

That being said, I think the world in the population has extrapolated that from thinking that they're panicking and changing their priorities. And that is not true. I think what it's doing is it's -- everyone is reinforcing the fundamentals. They know what they have to do. There's been 0 days forever. And now there's going to be more, and we can debate how many more, but they've known what they have to do. They have to have a good zero-trust environment. They have to have solid identity. They have to make sure they have a patching process. They have to make sure they have visibility. So it's -- I think what I'm seeing is that Boards and CEOs are saying, we know this agenetic thing is real. We've got to put the guardrails in place for that. and we know that security is real, and we're going to spend money on that. And it's, the reality of it, Brian, is that it's the fundamentals. It's identity 80% of breaches are go through identity. And you know you have to patch your systems. You know you have to have a good multilayered defense and Zero Trust so you can defend for multiple ways. And so that's, I think that's why we're so well positioned to be that key identity platform in an unmatched way of products that no one has. No one has governance PAM, identity infrastructure. I did any security agents. So that's why we're really excited about what's going on.

That's helpful. But are you seeing that materialize in like accelerated sales cycles? Or is this more of a conversation?

I think this return to the fundamentals and known you have to fix our fundamentals is helping the identity market and the identity security market. I don't think it's necessarily showing up in agentic identity yet. That's still early. But it's accelerating the importance of investing in your identity infrastructure in your identity security.

Great. Let's go to Todd Weller at Stephens.

Todd, question for you on agentic. If you laser into kind of the run time authorization and policy enforcement area,, could you kind of provide some details on Okta's role in that layer? And then how you interplay with some of these embedded capabilities we're seeing in the hyperscaler and agentic AI platforms?

Yes. So sometimes it's all moving so fast and everyone's got their release and their announcement. And everyone kind of says the future of agentic is centered around what they traditionally have done, right? So it's a little bit hard to pull apart.

Here's what Okta does and it's very much a key part of what is needed. And that is we connect resources to -- we connect traditionally as people to resources, whether that was the apps you need to do your job, whether that was the apps your customers wanted to browse on your website or mobile app. And now it's very similar with agents. We tell you who your agents are. There's a directory of agents. We can scan multiple platforms and multiple systems and give you that source of truth of where your agents are and we can help you set a policy on what they can connect to. Agents can this from teams and they can read this from Slack, and they can read this information from Snowflake and they can you read this from GitHub. So it's like a single sign-on or access management.

Now all the protocols are different. So it's a new product capability and the way agents are built are different than some of these other apps are built. So it's a new set of capabilities, but it hits the same thing. And then you mentioned this last part, which is really key, which is like once you can get into these systems, what can the agent do, what types of data can they see? Is it read only? Is it read-write? How does it work? And so we can lay that authorization actually so we can surround the agents with an authorization layer that will control what the agents can do without having to go into these large enterprises that we're working with the FedExes, the Dell, the biggest companies in the world, they have thousands of applications. And it's not realistic to go -- require the customer to rewire all these applications to set up their agents. So we can surround the agents with an authorization layer that does that in a scalable way. So it's detecting agents, controlling how they can connect to things and then what they can do in there.

And there's a few fundamental truth that are going to play out. I think, one is that they're going to get agenda capabilities from many, many companies. They're going to have different platforms. They're going to have hyperscaler platforms. They're going to have Foundation model platforms. They're going to have open source platforms. They're also going to get agentic capability from apps. Salesforce is going to have there. Workday is going to have their ServiceNow is on and on. Everything is going to be agentic -- have agentic capabilities. But we know they're going to have a directory of these things or roster everything, a policy layer and they're going to have to make sure they can connect to things. And so we're seeing our customers -- it's a kind of a no-regrets move to pick this independent and neutral identity layer that can solve those fundamental problems without locking them in to, hey, you've got to be all agent core. You've got to be all Agent 365 or it's Agentforce. They want flexibility and choice across multiple things.

Let's go to Eric Heath at KeyBanc.

Congrats, everyone. Todd, just to stick with the theme, I wanted to ask about the pricing strategy for AI agents and understand everything is early. So just curious to get your perspective on where the market is in terms of figuring out how we're going to price these things? And then just any update you might be able to share on the uplift you're seeing from AI agent deals at this point?

One of our advantages is that we have 20,000 customers. And the way I've organized the team to attack this opportunity is all around focusing our strategy in our product road map, directly informed by active customer conversations. So we have an AI takeoff team that's out there having hundreds and hundreds of conversations with our customer base, figuring out what they're actually going to do with these agents today, what are their challenges today and tomorrow. So it's very informed by what the customers actually are doing, planning to do.

It's not -- I tell the team, in this area, there's so much hype and so much noise. It's a big risk of science experiments, building things that maybe aren't super useful that sounded like a great idea. So our approach is very pragmatic and focused on the real requirements. And so the way we've done pricing for our products is exactly in line with how our products have been priced in the past. They're priced on, it's an uplift to a named user or it's an uplift to a monthly active user.

Now you might say, "Hey, Todd, but agentic -- agents are this new thing and why are you pricing them on an active user or a named user price?" And that's for two reasons. One reason is that's the way customers want to consume it right now. And two, the majority of concrete use cases in the world right now for agents, it's on behalf of the user. It's an agent working on behalf of a software developer. It's an agent working on behalf of a support rep. It's an agent working on behalf of someone in accounting. So it's very natural how they want to buy it and how they're actually being used. So it's an uplift on a named user, and it's uplift on an active user.

Now we fully understand that, that's going to evolve. And there will be more autonomous agents that have to be priced not by user base or not an extensive user. They have to be the unit has to be the number of agents. It's a little bit tricky because it's very hard to define the number of agents because some person might say, "Oh, I have 1,000 agents, but it's really kind of 1,000 copies of the same agent or 1,000 instances of the same agent. In other cases, it might be literally 1 instance of an agent acting for many, many different use cases. So the industry is kind of figuring that out, and we'll figure that over time how to monetize and price that now. But right now, it's, we're pricing for market share and reducing friction and how customers want to buy. And that's -- we think that's the winning strategy.

The other thing, Eric, I would just add around your question around uplift and how that's going. The average deal size for these AI-specific deals is significantly larger than the average deal size for the rest of the company. So we are seeing a good uplift. Look, we're still early. So that has the potential to change. But the early signs are these deals are quite sizable, and that's one of the reasons why we're optimistic about the opportunity in the long run.

Yes. And we're just in a different, it's a different strategic conversation with customers where you're talking about we're going to be the backbone for your agentic control plane, and we're going to also do your customer identity in your employee identity versus, hey, we want some tactical multifactor authentication thing to pass an audit, and it's maybe done lower level in IT. It's a little different type of conversation we're in, and that's really driving a lot of this positive momentum in the business.

Then we Go to Adam Tindle of Raymond James.

All right. Todd, you mentioned a building pipeline on AI. I wonder if you might hope with the size of this maybe relative to other products in the past or maybe a different way to ask that to Brett.

The pipeline is bigger than anything we've ever seen, like we don't get paid for pipeline.

Very clear, very clear.

So it's not a pipeline problem. It's not going to execute on turning this pipeline into real dollars. And the reality is if you look at like it wasn't, the AI agent products were not materially -- didn't materially contribute to Q1. It's not -- there's a little bit in the guidance, but it's heavily discounted being pretty prudent there. But we're optimistic. We vote with our dollars, and we're investing a lot of R&D in these products. And if you just look at what is needed in the world and thousands and thousands of customer conversations, the need is there. And customers are going to lay down these rails. They're going to lay down these rails of security and identity for their agents, and we're there to convert that pipeline as soon as we get the opportunity.

And I see it in Brett's guidance is about 100 basis points above where we would normally guide Q2 based on the past couple of years. So I can see some of that.

I guess the other part of my question I wanted to ask was the difference between AI for agents in Auth0 versus Okta, the 2 different platforms. Maybe just help us appreciate the technology aspect of that? And is there [indiscernible] difference in size of pipeline between the 2? Is one materializing faster than the other?

They're both healthy, the Okta pipeline is bigger. And I think that's because it's a little bit of a -- I think the companies that are figuring out how to manage and deploy internal agents are further along than people building agents into their products and into their websites. But I think that they're both going to be big opportunities over time.

Let's go to Josh Tilton that Wolfe Research.

Maybe I'll call it to 2 parts, so Dave can kill me. But the first one is just really strong short-term bookings. I think some of the strongest we've seen in a while. How durable is that growth? And then just maybe my second part, completely unrelated to anything we talked about so far on the call, but it kind of stood out to me in the prepared remarks. Large customers represent 85% of ACV now. I think you guys used to call out 80% of ACV. Maybe just help us understand like what's driving that mix shift there.

Yes. I mean I can take the mix shift. Todd, if you want to take the first one?

Yes, for sure. What -- you want me to talk about short-term bookings or...

Yes, absolutely. I can get into too as well.

Yes. I mean I think that the performance in the business, we think, is very, very durable. We don't -- like if you look at the -- particularly the AI landscape, I was having dinner with a bunch of CEOs of companies, different sizes, and everyone is super worried about their spend in their products and their revenue in their products being not durable because it's token spend, and they worry about the products being used and then and maybe someone is going to look at the spin and stop spin the token spend, and we don't have that. This is critical infrastructure. This is -- these are -- whether it's just core identity, infrastructure for people or for customers, the -- it's like good news and bad news. The bad news about identity is it's pretty hard to put in place, and it's pretty hard to change. So it takes longer than some of these other categories.

The good news is that once it gets in is sticky and you're not going to take it as long as you kind of keep innovating at a reasonable level, you keep good customer relationships, you're going to have a very profitable long-term relationship. So yes, we're very confident that the -- in these trends of the business that are durable and sustainable and in a lot of ways with what's going to happen in this AI wave just getting started.

One of the things I'll add to the durability comment as well is in our results for the quarter 1, we reported that our new product inventory overall accounted for 25% of our bookings. So while we're not yet seeing a material uplift specifically from our AI products given that they're newer to market, that's continued growth trend in the diversification of our product portfolio. And Todd talked about that today in his opening comments. Customers are continuing to look for us to solve the breadth of use cases they have across all their technologies and all their stack. And knowing that Okta is going to continue to be the neutral identity provider growing from access management through governance, and we continue to have a great quarter for our governance portfolio and into privileged access, we had some great wins in the quarter for Privileged Access as well, all of that is continuing from a durable momentum basis.

And then as Todd indicated, the additional products now entering the mix with Okta for AI Agents and Auth0 for AI Agents provide further upside to that. So we're very optimistic on the durability of the results we saw for Q1.

Yes. All right. So I'll answer a little bit on the first and second question actually. So Josh, I would say in general, if you look the strength across the quarter was fairly broad-based. As -- for Q1, usually, Q1, as you guys all know, is seasonally a low are of the year, right? But if you look at a lot of the metrics in Q1, they were quite healthy, whether it's the pipe gen, whether it's the bookings number, whether it's the AE attrition, AE productivity, across the board that's pretty good for Q1, which we're really pleased with, which is why you hear all the optimism in our conversation today and the prepared remarks and you see it in the numbers, frankly. So I think it's very exciting from that perspective.

In terms of the 80% to 85%, it's something simply we've been working on very hard over the last few years. We've talked to you a lot about large customers, right? We've talked about the investments we've made into those large customers and getting more large customers, and so it's really the result of the hard work that we've been doing over the last few years. You can see it in the $100,000, which is what you talked greater than $100,000. You can also see it in the greater than $1 million customers. So obviously, that was growing quite nicely in the quarter as well. So I think it's just the result of our hard work.

If you look at our strategic initiatives this year in FY '27, large customers is on the top of the Board as well. right? AI and large customers are really the 2 of the main 4 on the board that we've talked with you guys about in the past. So it's -- I mean, it's not hugely surprising numbers are out there because of all the hard work we've been doing over the last couple of years. So hopefully, that helps, Josh.

I'll just -- hearing that commentary, one thing I want to throw out there is that the large enterprise opportunity is still -- we're still relatively early. We've done really well in the mid-enterprise, and we have a lot of opportunities still in the Global 2000. So it's paying off, but we still have a lot of upside there as well.

In addition to all that, we also talked about the fact that we had a great quarter in pub sec in our federal and state and public sector business as well. So across the board, we're very bullish.

Okay. We'll take the next question from Roger Boyd at UBS.

Todd, in your prepared remarks, you talked about Okta's ability above the agentic ecosystem that Okta for AI agents is not necessarily limited to your existing workforce customers. I guess are you seeing your thought leadership and the conversations you're having with customers around agentic Identity starting to influence broader identity deals or creating or competitive wins down the road?

Yes. I think we're definitely seeing that. We're seeing that the products we've offered for AI agents in this blueprint, this vision we have for the industry and agents is raising the strategic level of conversations, which is pulling in other products and helping us displace legacy faster and sell more of our existing products and our newer products into new customers in the base than we would be otherwise.

I say that because to make it clear that the AI agent products are still, is still immaterial, the contribution with Okta for agents going GA in April. They had a good quarter, but it's still a small base. So the pull-through is real already though.

We'll go to Peter Levine at Evercore.

Maybe for you, Eric, just to kind of piggyback off the prior question. We've talked about, I think, Todd, in your prepared remarks, bookings. So maybe just talk about IGA PAM. Like are these competitive displacements versus greenfield opportunities? Just curious to see how much of your IGA product today are you seeing customers attach as a stand-alone similar to the Privileged Access product. I know that's not as mature, but you're really seeing a lot of traction of IGA. So just curious what you're seeing from a competitive displacement versus greenfield? And are you getting net new customers coming in buying these problems?

We are. Thanks for the question. The reason that, I mean, that comment to the par is I didn't want the breadth and success continued momentum with governance and Privileged Access and the rest of our portfolio to get drowned out with all the conversation we have about our AI products. We're very excited about our AI products. But governance continues to be a strength for us.

We talked over the past couple of quarters about how governance has evolved from being primarily a cross-sell add-on product to also now being a land product. And we are seeing sizable land opportunities, starting with governance at some companies that are displacing systems that they've had in place. So we're very excited about the enterprise readiness and robustness of our governance product and the rural deployments. We have some very large customers, including Fortune 100 customers who are consolidating all of their identity use cases onto Okta, including governance and including privileged access, and we're very excited for where we get to. As you mentioned in your comment, privileged access is further behind governance on that maturity curve. It came to market a little bit later. We're continuing to invest heavily in it and we did an acquisition back Q3 at Axis to add capabilities to that. And we're continuing to invest in that breadth of portfolio, kind of rounding out the identity security fabric in addition to all the momentum that we're seeing with our great success in the AI product. So we expect that new product portfolio contribution to continue in future quarters and not be limited to the conversation we're having about.

Great. Next up, we'll go to Shrenik Kothari at Baird.

So among the enterprise partnerships that you announced, and given your strength, the ServiceNow Control Tower sounds really interesting, especially because we have heard ServiceNow is talking becoming a workflow governance layer for enterprise AI already beginning to monetize it. So can you walk through the partnership dynamic? How is that passing or how do you envision reaching brand customers and budgets earlier in this AI governance process? As you said, it's a little players out there.

And just as a quick follow-up, also tying to your earlier comments, are these strategic partnerships also weigh because managing identity is being pulled into a broader identity of workflow transformation programs instead of now stand-alone, is it something which is showing up in these kind of partnerships?

ServiceNow is, as you mentioned, super interesting. They are -- their product strategy is they want to be the control tower for all AI agents. And what is, what they were really interested in was this kill-switches capability. When agents go awry and agents aren't following the policy, how do you shut them down, and that can mean a lot of different things. That can mean actually stopping the running of the agent that can mean quarantining the agent at a network level, there's many different strategies.

The one thing we do really well and that they wanted from us is the ability to sever the connections, the access tokens, the actual logical connection at the authorization layer to the back-end resources, and we're really good at that. That's kind of the core of our product. What can these things connect to, what can they do.

And people -- everyone is trying to figure out who's going to be the winner, who's going to be the losers and how is the competitive dynamic going to play out. I think there's going to be way more working together than people think. We're really excited about our conversations with Amazon and their agent core, ServiceNow, Agentforce from sales force. And the message from customers is clear, they want this identity layer and this connectivity layer to be independent to give them more flexibility. And I think the industry is coalescing around that, and we're leading the way there.

Yes. And what I would add to that, Shrenik, is, this is something can does really like we talk a lot about the importance of neutrality and our philosophy that we want to meet our customers where they are with the technologies that they're deploying within their companies. And we want to make sure that we provide the identity control plane across all of their use cases and all their vendors and all of their stacks. And so you'll see, just with our highlights during this quarter, we're really engaging with and partnering with all the major platform players that are active in the space right now. And that's one because our customers wire it and it's important for neutrality. And it's two, it's something Okta has been really good at throughout our history.

We are an integration company. We have 8,000 integrations for our core products through the Okta Integration Network available today. So for us, expanding those integrations with the active providers who are gaining traction right now in this time is something that's very natural to us and something we expect to continue as these tools are evolving. And as you all know, the landscape has been very dynamic with different vendors leapfrogging each other. We expect to be partnering with all of them going forward as well.

Okay. We'll go to Yun Kim at Loop Capital.

Right. Great. On Brett's earlier commentary that average deal size when AI products are included as much as the regular non-AIR deals, I am assuming that the actual AI deal itself is small and it's still very early. So is the larger deal sizes mainly driven by customers adopting Okta platform as they adopt AI security solution? So in that way, is your AI agent in a way, driving the customers to adopt auto more broadly? And is there like a specific go-to-market or a push to do this prospect is showing interest in your AI agent product?

To be very clear, and I'll let Todd comment on the second part of it. But the AI product itself what I'm talking about when I say the average deal size, that -- I'm only talking about the AI line on the deal. I'm not talking about the broader deal. And so it's a very sizable deal just for the AI products themselves. And so then you heard Todd talk about earlier about how we're getting this concept of pull-through, like, which is what you're, exactly what you're mentioning, which is AI as part of it in some of these deals, but also it's forcing customers to modernize their tech stack to be able to look at identity and really examine it and make sure it's working for them then that helps the other side of the platform as well. So I just want to make sure that was clear in you can add anything I might have missed. But that's the general idea of it is just the line item itself is a pretty large line item at this point. Granted, we're still early on potential for it to change. But right now, it looks pretty good.

Yes. In the early days of, it's early days for Okta for AI Agents and Auth0 for AI Agents. But as we scale it up, as we kind of convert this record pipeline, it's about doing more deals. It's not actually about doing bigger deals. The deals are big, which is a little bit different actually than other new products. And even governance 4, 5 years ago was the initial deals were small. Then they got big, then we did more of them. So this one is they're already big. We can do more of them.

Okay, great. Looking forward to the progress.

Just one additional comment as it ties back to a couple of the questions we had from earlier in the session. questions around budget durability for customers. This is one of the reasons that the deals are big. And one of the reasons we've had great momentum and success with hundreds of enterprises we're engaging with and one of the reasons our pipeline, we feel very strong about our pipeline, as Todd mentioned, we haven't seen a pipeline like this for a new product ever. And all of that is because of some of the statistics we shared in the opening video, which is customers have both today. They have a problem today where over 90% of them have agents in production, and only 22% of them are confident to have them governed. That is a real problem. It's a measurable, quantifiable exposure customers have right now within their companies, and they need to invest to fix it. And we are working very hard at Okta to meet them at that need to make sure that we've got the products that are going to help them address that exposure. And we're very bullish about being able to continue that as we help more and more of our customers secure -- become what we call the secure agentic enterprise.

Great. Next up, we're going to go to Junaid Siddiqui at Truist.

Todd, the role of the model providers is hotly debated within cybersecurity, even though it's early days. But to what extent is your participation in initiatives like Project Glasswing and trusted access for cyber translated into measurable improvements in win rates or competitive positioning? And more broadly, how do you see their role evolving in the broader cybersecurity landscape?

That's a really good question. I don't think it's -- these partnerships have moved the needle yet in real customer conversations. I think we have such an interesting vision and our blueprint is so helpful for customers. that's what's driving it. I do think we need to partner with everyone, including the model providers because they're going to be providing platforms and a agentic scaffolding and infrastructure, and we're going to fit well with that, and we're going to make sure that we can take that from a model provider or from an app company or from an infrastructure cloud and make sure it can help the customer answer these questions. Where are my agents, what can they connect to and what can they do when they do connect?

And I think in terms of the model providers, how they're going to play in the broader cyber ecosystem, it's going to take a village. I think we've seen that in cyber forever. I think consolidation in cyber never seems to work. All seems to be -- gets to a certain point and then new threats emerge, and the companies that are trying to consolidate cyber have such a hard time integrating amongst themselves. It kind of fractures a part. And I think that will continue. I think cyber in the agentic world is going to take a village, and we're going to have to make sure it's integrated together and make sure we have layered defenses. And that's why I think it's really healthy to be coming into this conversation with this open mindset of, hey, we have our lane, we're going to try to provide the best identity foundation in the world and then connect around that in a standard way that helps customers get great outcomes.

All right. Let's go to Fatima Boolani at Citi. Fatima are on? If not, we're going to go to Gray Powell.

Congratulations on the results. It's good to see. So maybe just sticking with the AI topic. In RSA this year, the messaging from just different identity vendors on agentic security. I mean I have to admit, it all sounds pretty similar. Everyone is talking about some form of agent discovery, guardrails, identity governance. And along the CISOs that we speak to are just, well, they're confused. So I understand you have strong relationships. I guess my question is like how does Okta cut through the noise in the market, differentiate yourself and get to the people that are actually in charge of making decisions?

First reason, that's why we wrote this blueprint, Gray. We're trying to -- people want a blueprint. In fact, it was based on a customer conversation ahead. This guy, he was a great customer of Okta, and he's been in the value visiting a bunch of companies, and he said the same thing you said. He's like, "Todd, I don't know how you're saying, you're all saying the same thing. It's like, you should really, you should come up with like a blueprint for us." I said, "that's a great idea." So that's why we made this blueprint. And it kind of tries to -- make clear -- tries to define the swim lanes. And it's been really well received, and it kind of -- it makes it very clear that there's a bunch of stuff you need to do. Here's the different roles and here's the different ways to do it, and here's what Okta is doing, and here's, so yes, that's one way.

And the second one is just customer traction, as we get customers live, and we keep saying that the agent products have -- are just getting started, but there's still many, many customers on them going live. And so once that happens, that's going to be very valuable. That we're going to tap those stories and make sure everyone else in the world knows about them, and that's how you set standards, and that's how you go from like a blueprint and a concept at an actionable implementations that people can pivot off of and have their own success. So that's the plan.

And like I said, a lot of it is it comes down to the reason -- I believe strongly that the reason why we're seeing so much pipeline and early momentum is it's partly because, like I said, we have a good product and a good vision, but it's also -- because we're in the right position, and people give us the credibility to do this. We've been connecting people to all these resources in a way that's scalable and neutral, and the agentic problem is pretty similar. I mean it's different protocols and how they speak and some of the development tools are different, but conceptually, they think of it in the same bucket, which puts us in a good position, I think.

That's one thing I was going to highlight as well, to your point, Gray, about how we cut through the noise is the first point that Todd talked about in our differentiation is our distribution and our footprint right now with over 20,000 enterprises that already trust us as their provider to secure identity for their humans and their service accounts. And for those conversations, these customers are going to look to us first as the natural partner for them as they think about how they secure agents in their model as well. And so we really had very engaging conversations across the board on this. And because we're responding so directly to what we're hearing these customers need, we've had great success in turning that into pipeline. And so that's why you hear some of the commentary we're sharing today.

Okay. I see the Fatima back. Go ahead.

I apologize for the kerfuffle earlier. Todd, this question is for you. It's a strategic question. I know you've made the choice to offload professional services to some of your DSI partners, but it's an interesting dynamic we're seeing in the broader cyber space and even with larger tech companies that are actually leaning into services on a more direct basis. So I'm wondering if there's still an opportunity for you to maybe take a more strategic and architectural stance as it relates to building and defining strategies around a agentic identity cybersecurity architecture. So just curious about that dichotomy because you've decided to step away from it, but all your peers are kind of leaning more into it.

It's the great irony of our industry right now. We're going to automate all the jobs except for the forward deployed engineer. We need people to do that, right? And so we're doing -- our services team is evolving into that architectural over, giving the overall high level of consulting and helping the GSIs get enabled to do that and then do that on their own. That's exactly where we're going.

Think about it as we're not getting rid of our services. We're repurposing them so they can be in this architectural consultative type role. And then the GSIs can help us just get the scale. Because overall, there's -- there needs to be way more capacity to do Okta work in the world, and then we need to improve that and increase that and that's what this move is try to facilitate that while at the same time making sure the thought leadership and the architecture and the strategic stuff can still be done by our the core of our team here.

Also keep in mind, it was a decision to try to get the partners sourcing more business for us. And if you remember some of the comments we had earlier, we talked about partner source ARR in Q1 did really well. And part of pipe gen in the quarter also did really well. And so it's only 1 quarter, let's not get overly excited one way or the other. But it's a nice first data point for us to suggest that the strategy is the right strategy to go down the path of. And obviously, we'll update you guys as we go through the balance of the fiscal year. But that was also another reason to do this. And we see these early data points that are suggesting that it was the right decision.

And just one clarification for the way you frame that question is I wouldn't, we wouldn't describe it as we're stepping away from services. As Todd mentioned, we are focusing on the high-caliber work that you described with our customers and partnering with the GSIs to give us the scale, as Todd mentioned. So we're very aligned with the scenario that you identified.

Okay. Next, we're going to go to Gabriela Borges at Goldman Sachs.

I have a different Glasswing question. Todd, when you and your R&D team when you got hold of some of these next-generation models, what are you doing internally either from a vulnerability management standpoint or from an R&D road map standpoint? And Brett, the follow-up here is how do you put the right guardrails on your insurance costs such that you don't find yourself spending on tokens inefficiently?

Yes. So we're -- like everyone else, we're using these models. We're testing our own stuff. We finding some interesting things. But I think what people miss is that there's a lot of 0 days out there. And we may debate how many more we find with these new models, but it's not taking the number from 0 to 10. It's not 0 to 1. It's -- there's many out there. And so everyone has to have guardrails in place and everyone has to have capabilities in place to defense fast patching, multilayer defense. So we're no different. We're putting those guardrails in place in our products and our processes, et cetera, et cetera. The cost thing you're talking about is real, the inference costs and the AI tooling and what it's driving in terms of expenses. And I think you're going to see at Okta, and then over the whole industry over the next 6 to 12 months, you're going to see a little bit more scrutiny in terms of what are you getting from all this, the inference cost you're spending? How is it translating, which is not surprising given the amount it's rising across the industry. And we're going to come out the other side with more balanced ROI-driven investment portfolio of how we spend these things. And we're optimistic about how it's going to work out very well for us.

Yes. I would just add, remember, one of the, the #1 thing we've talked about for years has become one of the most secure companies in the world, right? So it's still priority #1. And this is just another tool for our security teams to try to achieve that goal, right? So just like Todd is saying, we're going to prioritize it and develop an ROI and all that good stuff like any other investment but it is still in service of that goal of becoming one of the world's most secure companies out there.

Yes. In that example, it's not limited to the Glasswing, but also ChatGPT 5 cyber, and we continue to make those investments.

Okay. Next, we're going to go to Rudy Kessinger, D.A. Davidson.

Congrats on the quarter. I'm curious as how you are approaching pricing some of these agent deals. In terms of the number of agents, we've heard in some few conversations. You guys are doing deals where basically the contract is for an unlimited number of agents. The good thing is in those deals, I'm hearing that the spend is very, very high relative to your existing spend and other products. But the risk there is what if the customer doesn't get to unlimited agents, so there's downside renewal or other things that could happen. So how are you approaching that dynamic with customers in factoring in the contracts?

There's no unlimited. If there is unlimited, it's time bound. So there have been some deals where we've done like a year, and then it's like we're going to figure out after a year what the -- how the use case really unfolded and how to snap it back to the kind of normal pricing model. But there's no -- it's not unlimited in the sense of time and volume. But I think that's just because it is an early market, and there are some uses and some environments where there is more experimentation that's needed, and they want to sign a deal, we want to work them, and so we'll do maybe not a multiyear deal, but a 1-year deal in that fashion.

Okay. Next up, we're going to go to Ben Bollin at Cleveland.

You referenced a bit of a return to fundamentals in relation to, I think it was Mr. [indiscernible] question on Mythos. Could you talk about how this is influencing the core workforce CIAM and CIAM pipelines and the opportunity, in particular around CIAM maybe disintermediate some of the DIY Frankenstein solutions?

Yes. I think the CIAM impact of this is it's not as big right now as the governance and privilege and access management. I think That's, call that core cyber, core cyber hygiene and identity infrastructure, identity security. I think that's getting more pull-through at this point than the CIAM side. But I think the CIAM side is coming because I think a lot of agents and agenetic workflows right now are internal automation opportunities. But you're going to see better customer experiences, you're going to see better support experience. So that one is actually further along than some of the others customer support. But I think it's going to be a big pull-through for CIAM as well. And it's like you said, it's the pace of change and the pace of innovation. Once -- before your competitors have a better agentic customer experience, you got to get your experience it quickly, and you're not going to have enough time to really you're on, you're going to have to use a packaged solution. I think that will happen eventually.

At the top of the hour, we're going to take one more question from Jonathan Ho at William Blair.

You mentioned multiple times the stability that you've seen in sort of your sales workforce with some of the transitions that have happened there with the lower it, higher productivity and pipeline build. I'm just trying to understand how you feel relative to where your go-to-market is today versus historically? And can we see more benefit from this over time?

Yes, we feel very positive on the state of go-to-market right now. We spent a lot of time last year explaining our expectations of the impact of specializing on our buyers for IT security with the Okta platform and developers with the Auth0 platform. You also heard us talk about the importance of continuity and giving people time territory and time with their accounts and time to ramp into productivity. And you've heard over the past few quarters, we've shared our positive view on the improving trends in sales productivity and an AE retention, the inverse of AE attrition. So we feel very strongly that, that engine is where it needs to be right now.

Because of that, we added some selling capacity in Q1. We spoke about that last quarter. And we're continuing to lean into the model that we believe is working. So we're optimistic we can continue to see increased retention and increased productivity as people get more and more time within their territories and with the expanding portfolio of products they can bring to their customers as well.

I think we have the right team and the right organization to convert the use pipeline. We're excited about doing that.

All right. That's all the time we have. I appreciate it. Before you go, I just want to let you know that in addition to hosting on-site and virtual bus tours this quarter, we'll be attending the Evercore TMT Conference on June 3 in San Francisco, the Nasdaq Conference on June 10 in London and the FBN Virtual Technology Conference on June 10. So we hope to see it one of those events. Thanks.

Thanks, everyone.

Thanks, everyone.

Please welcome Okta's Vice President of Federal, Amy Johanek.

Hello. Welcome to Okta Gov Identity Summit. Thank you for joining us today. This is our fifth year hosting the summit, but this year marks a deeper milestone. For the past decade, Okta has partnered with you to secure federal identities, evolving alongside the government's highest security standards. That's a decade of building together and a decade of earning your trust. What that decade has taught us is simple. The safest missions don't choose between being modern and being resilient. Modernization and cyber resiliency are deeply intertwined and the common thread is identity.

From advanced governance and threat detection to moving to the highest national security workloads, we are extending the identity security fabric to where your mission lives. You'll see these innovations in action throughout the day. And more importantly, you'll hear from government leaders and strategic partners on what identity-first security looks like in practice.

Before we look at the agenda, I want to recognize the sponsors who made today possible. Thank you so much. Now let's look at our day. We'll kick things off with Okta's Deputy Chief Security Officer, Charlotte Wylie. She'll detail how we are elevating your mission requirements into a truly secure operating model. Following that, I'll be hosting several conversations focused on reframing identity in Zero Trust posture as the foundation of mission agility. Later today, Okta's Director of Defense Intelligence program, Sabrina Lea, will explore identity and distributed environments. Then we'll have Okta's Senior Vice President and General Manager for Okta for AI Agents, Harish Peri, take a look at the future of agentic identity. And to close our day, former Commander of U.S. Cyber Command and former Director of the National Security Agency, General Paul Nakasone, will lead a deep dive into the wave of change driven by AI and other emerging technologies. It's a full day designed to give you actionable insights.

So to kick us off with a vision behind today's summit, please join me in welcoming to the stage, Charlotte Wylie.

Thank you, Amy. What a tremendous commitment to agency's modernization journey. In those 10 years, we've watched you expand across every identity, every use case and every resource. So whether you walked in today from a digital transformation office or fraud investigation unit or a cutting-edge lab, we've all been operating under the same principle. Identity is security. But here's the question that we now need to ask ourselves. How does your strategy hold now that your digital workers have shown up? For decades, identity was straightforward. You logged in, you have permissions, you did your job. Identity determines who access what, when and why. The control and visibility required were universally understood by the teams managing it.

Never trust, always verify. One entity permission enabled thousands of citizens to receive their benefits. One role certification meant that entire agencies could operate with confidence. Every mission-critical function was built around it, every decision, action and outcome traced back to identity. Then your new coworkers arrived. The access being requested isn't for a person. It's for AI agents with pervasive intentions. The permissions needed are no longer tied to a role but a purpose, unconstrained by title or department. The governance applied through periodic reviews can't be applied to unknown or known agents whose identities, access and privileges are inherently unmanaged. Managing agentic identity demands a blueprint. I'll come back to this in a minute.

Many of you in this room have been building towards this exact moment, applying Zero Trust principles, prioritizing phishing-resistant MFA and tightening data sharing controls. That work is the foundation. We're here to talk about what goes on top of it. As an identity company, Okta's concern starts before deployment. We see how agentic AI extends the attack surface, accelerating the buildup of identity debt. Every agent connected without governance, every unmanaged token, every over-permissioned bot, it all compounds the risk. But we're not asking you to chart this journey from scratch. And we see this reflected in your own directives.

The latest guidance on accelerating the federal use of AI rightly encourages agencies to scale the tools you already have for AI governance. All while organizations lean into agile acquisition to ensure secure cutting-edge tech reaches our war fighters faster than ever. We believe the identity security fabric already securing your human identities, workloads and applications, is the single control plane that can also be used for agentic identities. You get a unified approach while strengthening protection, end-to-end security needed to safely leverage AI across every use case and resource.

But let's be honest about where most organizations are right now. Instead of relying on enterprise-grade methods for securing AI agents, most organizations are using authentication protocols that expose highly privileged secrets. It's like using a residential lock on a federal building. It works but they're not fit for the job. These legacy approaches fail to provide standard centralized policy control, compromising the auditability and oversight required for enterprise security. And what makes it harder is agents don't just log in. They appear everywhere. They connect to everything and they act on their own. Which means that the strategy that you've relied on for identity doesn't hold. So you have to ask, where are my agents? What can they connect to and what can they do? Those 3 questions deserve a real answer. And this is a blueprint for secure agentic enterprise.

Instead of building a bespoke plugin or a one-off manifest, imagine a single standardized way for agents to connect to any system. So developers, the ones that are automating multi-step government service transactions for citizens or detecting payroll anomalies, helping workers process controlled and classified information, they spend their time building capabilities, not plumbing integrations. Instead of building a new physical key for every door, imagine a universal key system, one that every agent can use, every system can trust, and every admin can control. That's the principle behind a centralized approach to agent security, leveraging vaulted credentials to help ensure that an agent's identity is not exposed even whilst it's in use.

Even before we reach peak agentic where all software is inherently AI, we've already moved past that binary choice of whether to connect. The key question is control. When an agent is taking action, is it operating within its mission parameters? Or is it stepping beyond what it's been explicitly permitted to do. The consensus that we're hearing from you is that agents can't be fully autonomous. And this is where the governance kicks in. You want to treat agencies like first-class identities, not just connections. You need an automated kill switch that stops rogue agents in their tracks. And CISOs need the control and visibility that we are duty bound to protect. There's a lot within a single unified control plane, and you'll get a deeper dive on this later today.

In this era of escalating threats, the security provider that you choose must be as unshakable as the mission itself. You need to know that the fabric connecting your force is built around the same rigor that you expect of your own systems. And that difference matters because federal technology leaders and security innovators share the same mandate, impact at scale, sustain hardening, battle-tested. That's nonnegotiable. That is the duty that we have. The relentless pursuit of secure, scalable identity is exactly what we have been working towards for the last 2.5 years, the Okta Secure Identity Commitment.

The Okta Secure Identity Commitment is our pledge to secure identity in the age of AI and whatever comes next. It's built on 4 pillars: secure products, hardened infrastructure, customer best practices and industry leadership. This is our long-term promise to secure our enterprise and build secure products for you as AI reshapes the digital landscape. We've been solely dedicated to securing identity for almost 2 decades. And with your most critical use cases in mind, I want to zero in on how this promise mirrors how your missions operate. It is anchored on accountability because we believe security is an operational commitment. Our security is your security, and we can prove it. We hold our internal people, processes and technology to the same rigorous cyber threat profile as our customer-facing environment, holistic inside-out security.

Operational resiliency is the backbone of all of this, building corporate infrastructure that actually holds up to the pressure. Our Zero Trust approach to security is identity-first security. As Customer Zero, we secure our own global infrastructure with the same products that we deliver to you, from passwordless rollouts to self-service governance. Think about it as our own OIG audit. We stress test our solutions and find and close gaps, ensuring that the hardened result is what you receive. This isn't about just a testing ground for our products. It's forming a framework for your own Zero Trust implementation.

We've updated our Security Technical Information Guide to include specific hardened guidance for nonperson entities, providing a standardized framework to secure automated identities and deny adversaries a foothold in your network. We've launched our threat intelligence capability to produce advisory and in-depth research for the world's largest threat schemes. From exposing nation-state facilitators using AI-enhanced tools, to place operatives and engineering roles, to identifying illicit earnings that are being flowing back to hostile regimes.

And this is where it converges. The cost lever, preventing incidents before they happen and the risk lever, reducing the attack surface systematically. These aren't just security metrics. They merge into a single truth. Agencies that deliver identity-first security protect missions, and they accelerate them. But accelerating mission surfaces the real challenge that you're facing. It's not lack of innovation. Your teams are innovating at scale. The real pressure is interoperability, the friction of pulling autonomous systems, legacy infrastructure and compliance into a coherent operating model without slowing down.

That's the power of flexible SaaS. Flexible SaaS means identity adapts to your mission, not the other way around. It's one identity fabric governing everything: humans, agents and legacy systems without forcing you to rearchitect how you work or sacrifice security for speed. Flexible doesn't mean loose. It means configurable. It means a civilian benefits agency and a defense logistics command can both deploy the same identity fabric, but tuned to specific classification level, their compliance framework and their mission tempo. One configuration for citizen-facing passkeys and scoped agent tokens, the other for CAC-based authentication and air gap workflows. Same platform, same security commitment, different mission expressions. This flexibility is what allows your defense to evolve as quickly as the threat landscape. That's identity-first security and it's the vision that we're building together. An identity fabric as resilient, battle-tested and mission-focused as the agencies we serve.

I asked Okta's Federal Chief Security Officer, Sean Frazier, to join us and bring some of this to life. What you're about to see is a tool that can defend your Okta tenant from bad actors. We're talking about an adversary-in-the-middle phishing campaign, the kind likely targeting your admins today.

Sean, the floor is yours.

Thank you, Charlotte. Good morning, good morning. As you can see, I'm going to tell you something you don't already know. As you can see, identity attacks are on the rise, both from the perspective of being more sophisticated as well as being higher volume. Attackers are using AI the same way we're using AI to drive down cost and to increase capabilities. When Charlotte talked about the Okta Secure Identity Commitment, one of the core pillars of that was to help our customers with their security journey. And to that end, we've created a tool for our customers to navigate through this called the Threat Exposure Assessment, or TEA, because who doesn't love a good acronym.

The Threat Exposure Assessment is a security-focused health check that analyzes a tenant configuration from password policies to network controls to help ensure the customers are optimally protected against future attacks. Here are some examples of configurations that the Okta Identity Defense team have observed during real-world incidents to highlight some of the issues identified in the TEA report. Let's look at the demo. We grouped this example configuration into 3 phases of the authentication pipeline: before the login, during the login itself and after the login. Our TEA report recommends a defense in-depth approach across this entire life cycle. For before the login, in this scenario, ThreatInsight was enabled but stuck in audit mode. The admins wanted to observe the logs before putting into enforcing mode, but it fell off the priority list as things tend to do.

On the networking side, they're only blocking some IP address ranges for attackers networks that they've known because they saw it in the course of an event. They're not using some of the advanced features like geolocation. For the login itself, the user base was familiar with SMS, OTP, onetime passwords. So they enabled those initially, but these low assurance factors are easily phished. We often hear from Okta admins during an incident, they have a backlog or a road map item to migrate to phishing-resistant factors, but life got in the way and they just were never able to do it. For after the login, in the name of good user experience, the tenant had long configuration global session policy token issuance. To make matters worse, they never enabled end user notifications when end users would discover that something was going on with their account. So the end users were never able to let the Okta admins or the security team know that something was going on, and they're your first line of defense.

For tenants configured in this manner, there are multiple identity attacks that could cause headaches at a minimum or at a maximum lead to a security incident. There was a 61% increase in brute force attacks last year based on data that we've gotten from the Okta Threat Intelligence team. With these low assurance factors like SMS or e-mail OTP and when they're not enabled, there are a variety of attacks that can manifest themselves, things like account takeovers, credential harvesting, those types of attacks. It doesn't take a really sophisticated actor to launch a brute force password attack or a password guessing attack or credential stuffing attack.

And more advanced attacks, such an adversary-in-the-middle can be used to bypass the low assurance factors like SMS and e-mail onetime passcodes. In the adversary-in-the-middle attack, a proxy server intercepts a password and the OTP in real time to authenticate with the legitimate site. By stealing the resulting session cookie, the attacker bypasses all the MFA requirements to hijack the account. This has become a lot cheaper for attackers to implement. With phishing infrastructure, a threat actor can take over an account and change the password or reset the MFA factors, and they can block the legitimate user from access to their own account.

Let's look at what the TEA report might recommend for the previous list of misconfigurations we discussed in order to mitigate these potential threats. Again, back to the 3 examples of the authentication pipeline. The TEA report creates and provides a lot of guidance and a lot of information for you, but I'm going to only focus on a few of those today. Before the login, TEA would recommend putting ThreatInsights into blocking mode. On the network zone side, anonymizing proxies should be blocked and the combination of these 2 controls will help mitigate against credential stuffing attacks. For the login itself, TEA would advocate for phishing-resistant factors such as Okta FastPass, WebAuthn biometric or YubiKeys. This helps protect the end user from phishing and adversary-in-the-middle attacks.

For after the login, TEA recommends setting up the global session policy expiration that aligns with NIST standards. Notification should be enabled so that end users can report suspicious activity directly to their Okta admin and their security team right from the phishing e-mail. And Identity Threat Protection or ITP session protection and detection should be enabled. With ITP, you get Universal Logout. Universal Logout can automatically be triggered to terminate sessions and revoke tokens for various cases such an end user reporting suspicious activity on their account.

Threat actors are evolving. They're evolving their techniques and their tactics, frequently changing them to avoid detection. But the good news is that Okta has released a number of features like ITP, Identity Threat Protection, that will help protect against these kinds of attacks. And the TEA report will help protect against these kinds of attacks and let you know exactly what to do in your configurated tenant. So the call to action today, reach out to your customer success manager, ask for a TEA report. You can also request this directly from your support ticket by opening up in your tenant.

As Charlotte mentioned, we also released the updated version of our STIG 1.1, which includes nonhuman entity. So please make sure if you haven't downloaded that and applied that to your tenant, do that now. Be aware of the pitfall, set and forget it. Take advantage of cutting-edge features and security features specifically that we released in the Okta product all the time. And don't wait until you're dealing with a security incident, be proactive and start today. Thank you very much.

This presentation contains forward-looking statements. We reserve the right to change the information in this presentation. More information can be found in our securities filings. Please welcome Okta's Chief Executive Officer and Co-Founder, Todd McKinnon.

It's great to see you all showcase. We're going to talk about our industry, and we're going to talk about our products. And in November, we introduced Okta for AI agents to the world. And it's our most important product ever, our most important product ever. It's simple on the surface. It's in the name. Okta connects your people to your technology, your customers to the technology they need to interact with your organization. And so it's Okta for AI agents. AI agents are the future exciting foundational technology and Okta for AI agents makes that connections for agents. And the response from all of you and the industry at large has been unlike anything I've seen in my career. It's the interest and the relevance of this product. And it's -- we've had hundreds and hundreds of meetings to talk about this product. It's been purchased by dozens of companies, and it's in production by several companies at this early date, getting real value securing and managing their AI agents, which is incredible uptake.

And it's not surprising because if anyone that's paid attention to technology, we know that the future is agentic. The future is agentic. And there's different takes on this. And I think it's important to understand how we view this to put the broader context of what we're doing and frame it up for everyone. People talk about agentic as a new thing. It's a new layer. It's a new set of capabilities. I see it differently. I think it's the future of all of technology. By the way, all of -- not just enterprise technology, but all of technology. AI agents and autonomous behavior of technology is where the world is going. It's going to change how we seek and find information. It's going to change how products and services are delivered to customers. It's going to change how companies are getting productivity out of their workforces, how they're automating things, how they're getting insights, how they're fundamentally rethinking the core of what they do.

And it's not like it's going to be delivered by one company or a set of companies. Everything is going to be agentic. Your existing vendors are going to overhaul their software to have autonomous agentic capabilities or they're going to be disrupted. Start-ups are going to have new agentic services and solutions. There's going to be existing categories change, categories are going to merge. There's going to be whole new categories of true digital workers. that are going to push existing vendors. You're going to build your own agentic systems. You're going to have -- create much better customer experiences. So it's a profound change.

In fact, I think in 5 years or so, we're probably not going to refer to agentic technology. It's just going to be technology. So we're talking about the greatest transformation of technology in my career. I've been working professionally for 30 years now. So I've seen Internet, I've seen cloud, I've seen mobile. And this is by far the biggest change. It's changing at so many levels. It can be daunting and overwhelming, but it can also be very exciting. And the people gathered here today are the people at the forefront that have to make this all work. And hopefully, you share this excitement with us.

With this new era of technology comes a lot of risk. It's not a surprise to security professionals and cyber professionals that there's a lot of trade-offs. There's risk and there's opportunities. And this is no exception. This kind of autonomy, the kind of access these agents get, the connections they make can lead to bad things. In fact, you're starting to see this pop up in the industry already. Anthropic released a very good report last fall, talking about a massive cyber attack that was perpetuated using the Anthropic models and Claude Code. And so this is a massive scale agentic system. automating work, automating software development, and it was used for a massive cyber campaign. And this report details what they found and some lessons learned about how to prevent it. And I think the biggest takeaway here is that these systems, while they're powerful, can be used for bad things. So we have to have a good concept of risk management and put the right controls and governance processes and controls in place to make sure it's secure.

The threat actors in this case actually -- as you would expect, Anthropic has a ton of controls in their models and frameworks to make sure that they can't be used for bad things. And the attackers in this case, actually socially engineered the model. They socially engineered the model to trick it and say they were a respected threat research firm using this for research capabilities while they were really using it to actually prosecute this massive campaign. It wasn't -- it was using the normal tools and techniques available to the industry hooked up to the model. So they weren't using any novel times of -- novel types of zero days or types of tools to actually perpetuate the attacks. It was just the fact that it was all hooked up to the scalable agentic framework that was socially engineered that kind of made it all work.

The other interesting thing about this is that throughout the process Anthropic -- and Anthropic published this, by the way, so we could all learn from it, and they could share with the industry some of these risks. But they also noticed that during the execution of this attack, the model was actually overly confident about the targets it was finding to try to attack if the attacks would work or not. So it was tricked, it was overconfident, all while under the guise of being massively scalable and massively controllable. So it's quite interesting. I suggest you take a read.

There was another interesting survey by a small company called Gravity that did a great job surveying you all. Do you all participate in these surveys ever? Someone calls you up and get your professional opinion about IT. I see a lot of heads nodding. This was about 1,000 people, and it was VPs of IT, directors of technology, CPOs. And the survey asked them basically about how their agentic deployments were going. And they noticed a couple of interesting things. The first thing they noticed was that almost 9 out of 10 people said there was already a security issue in their agentic systems. So this could be something as simple as an agentic system was overprovisioned for access. It didn't have the right visibility and controls about what it could do, 9 out of 10, which is quite high. And then only 20%, roughly 20% treated these agents in their agentic system with complete identity control. So identity is a first-class thing for these agents.

In the vast majority of cases, the agents were using reused API tokens, common access to systems that were shared across multiple agents. So there's no tracking and control and accountability for these agents when they were actually doing their work. So this is a problem for the industry. So I think what we need to do collectively and what Okta is focused on is making sure that as we all build this future, as we all build this future that we all know is powerful and profound, this future of agentic enterprise, we make sure that at the same time, we make it the secure agentic enterprise. It sounds simple, but we have to do both. We have to do both. This technology wave has a tremendous amount of potential. It's inspiring. It's exciting to all of us, but we have to make sure we put the right controls and foundational groundwork in place to make it secure as well.

And if you think about the arc of Okta, Okta is 17 years old. And I feel personally and the company feels personally very blessed and very fortunate to be at the right place at the right time through multiple technology waves in those 17 years. Okta was born out of the cloud. The idea was cloud computing and the adoption of cloud for every layer in the IT stack would require a new kind of identity system. Everything was outside the firewall, you didn't control the servers and the resources. There are all these SaaS applications. You had to have the best identity ever created to secure and control that. And Okta's early success was really born on the back of the cloud adoption. We helped the cloud be adopted, and we were also benefited from it being adopted at scale.

Then came the mobile revolution. Again, more devices, identity gets more important. Then there was COVID and work from home, identity gets more important. So through the arc of our history, identity gets more and more important in every technology wave. And this agentic enterprise, where every AI agent that is working with your employees and performing digital work, identity is more important than ever. So we are perfectly positioned. I mean who spent 17 years connecting people to technology. And now as we try to supplement those people with agents, who is perfectly positioned to do that. We couldn't be more fortunate, and we are not going to waste this opportunity. We're pouring all of our energy and effort and resources into making this agentic enterprise a secure agentic enterprise.

And one of our fundamental things we're doing is we're working closely with all of you. All of our customers that are on the leading edge of this and that have taken this product, Okta for AI agents and are working with us to build out the next set of capabilities and features in a way that will most benefit you. There's -- what's the right way to put this? There's a lot of hype in AI. There's a lot of hype. And I think one of the key things we need to do is make sure that the product we build here is directly linked to the concrete value and the capabilities you need now. So we don't spend 4 years building a science experiment. We build something that you can use now. And we're very lucky here. We're very lucky. We know what problems you have and what solutions that we need to build for you. And they all kind of center around 3 really important questions.

The first one sounds simple. What agents do I have? Every vendor I've ever talked to has agents. I want to build my own agents. Do vendors are saying they have agents and my people around my organization are adopting them. Where are they? Where do they come from? The second question is what can they connect to because that's the keys to the kingdom. Just like people, what resources they can connect to, customers come into your mobile app or website, what can they connect to? What your agents can connect to is absolutely critical. And the third thing is what can they do? So once they use that access, what can they actually do with it? So those are the key questions informed by our conversations with amazing customers around the world.

And it's very confusing, especially some vendors propose to answer some of these questions. Some vendors say other questions are important. Some vendors say they have everything covered. And it's quite daunting. I think it was summarized nicely by a great customer of ours, S&P Global, Seth Fox is the CTO there. And I was sitting talking to Seth, and he said to me, he said, it's very -- there's a lot coming at us, Todd, and it's very overwhelming. So it's like what you need to do is just write down a reference architecture, like just summarize the landscape for us and tell me where you fit in, where the next vendor I'm going to see fits in. Compare what you're doing, what we have to what my friends company has, how does it all fit together? So that's what we've done, informed by hundreds and hundreds and hundreds of conversation along with work with our partners in the cyber ecosystem, partners in the application and technology ecosystem and most importantly, conversations with customers like you.

We're excited about this blueprint for the secure agentic enterprise. It is what it says. It's a blueprint. It's not a product. It's not a -- this is an Okta thing, it's an industry thing. We're putting forward and saying, this is the reference architecture. This is how the ecosystem together could build not only the agentic enterprise, but the secure agentic enterprise. And it answers these core 3 questions. Where are my agents? What can they connect to? And what can they do? And you can see in this blueprint, the capabilities on how you detect agents are broken down in logical categories, everyone from integrations with agentic systems to edge browser-based detections to endpoint network. We all have gateways and all the gateway vendors are helping out here. And then how do you assess risk of those agents. It's all -- the capabilities are outlined in this blueprint. And then one thing about -- I talked about Okta being perfectly positioned to help be the backbone of the secure agentic enterprise because we've spent 17 years connecting people to technology, and we're very good at that.

But we also know that agents are different. the protocols are different, how you build them is different, how they connect to things and how the interaction works. So that's all prescribed in the capabilities around what they can connect to. There's different capability. No person has ever logged into an MCP server, at least not that I know of. But agents do and agents also log into SaaS and how do you connect an agent to SaaS? Is it OAuth? Is it the API with a token? Is it -- how do you -- what is the catalog of things that are possible? What are the best practices? And how do you keep it secure? And then, of course, agents connect to agents, and that's a different set of protocols. And then you have legacy, you need to get these agents data from legacy systems and those legacy systems don't have OAuth, and they don't have these fancy rest APIs so that those are service accounts. And you have to vault credentials and it just orients the whole conversation in a way that makes sense of it all and lets us get to the business of making our -- not only our agentic enterprises, but our secure agentic enterprises.

And finally, we talk about what can they do? This is about fine-grained permissions. And this is about do you do the enforcement at run time? Or is it agent set up? And then what's the life cycle of an agent? When is an agent created? And how do you manage it? How -- people simplistically say, oh, it's like a person. And other people say, oh, no, it's like just a privileged account and a service account, but the answer is it's somewhere in the middle and the blueprint tries to lay that out. When do you get a human involved and how do you track and log things? So these are the capabilities. And there's a ton of details behind this and the flows and how they work together. I don't mean to gloss over the complexity. If you've ever looked at a blueprint, you know that on the first couple of pages, it's very -- it's like the site and like what materials are going to be used and who the contractor is and how it's definitely going to go over budget.

Not that I have any scarring about that. But then you flip through and it has other pages of all the details, the subsystems, the plumbing, the electrical, the foundation, the site details of the outside site plan. And it's the same thing true here. It's how these things fit together is prescribed in the blueprint because there is a lot of important capabilities here under the covers. Now this is a blueprint for the industry. And I don't purport to stand up here and say that Okta has a product that solves all of these things. It's definitely going to take a village to make this all work together.

But the reason I started my comments by saying I thought that Okta for AI agents is our most important product ever. It's because the potential of the agentic enterprise is so profound. And this Okta for AI agents has such a core place in this ecosystem, has such a core capability. It's connecting your agents to all of your technology and controlling how they connect and what they can do. So it plays a very important role. And now to talk a little bit more about that in details and the detailed capabilities here for Okta for AI agents is my amazing colleague, Shannon Duffy. Please welcome Shannon.

Thanks, Todd. So Todd just showed our amazing blueprint for the secure agentic enterprise, but I could just show you some product. And I am so excited about Okta for AI agents. This is the first and best implementation of the blueprint, and customers are already using it to see amazing success. And we're going to show you how that blueprint helps you answer those 3 questions. Where are my agents? What can they connect to? And what can they do? As we like to say in cybersecurity, you can't protect what you can't see. So let's jump into the demo and take a look and answer that first question, where are my agents? Okay.

So Okta helps you find agents in 2 ways, both the ones you know and the ones that you don't. Let's talk about the ones you know. So here we are in the Universal Directory, and this is your central system. This is your single source of truth. It's your agent inventory. And at Oktane, we showed you how you can register those AI agents. But we're taking it one step further. We're taking everything you love about the Okta Integration Network, the standards, the breadth, the flexibility, and we're extending it. We're essentially making it your agent integration network.

Now the thing about these agents is they can't live in silos, right? They need to be connected to the tools you use every day. That's going to make them more valuable and more powerful. So here, you can browse the agent catalog, and you can see all of the tools that your company is using. And as your team starts working with new platforms, those are going to be here as well. The point is we are focusing on identity, so you can focus on innovating with technology and you never have to worry about vendor lock-in. All right. But what about the apps you've already configured for your human users? Well, you can go right from the app integration page, and you can see a new tab, AI agent import. And with Okta for AI agents, you can import those agents and all the metadata with one click. So you're going to get the name, the title, the description. And the important thing to remember here is identity is managed separately. So if an app gets compromised, security is going to be centralized, right in Okta. Okay.

What about question number two? What about the agents you don't know about? Well, people in your company, I guarantee you, right now, as we sit here, People are spinning up agents in your company, and you need to know about them. So this is agent discovery. and agent discovery automatically flags OAuth grants. So when an agent is connected to an enterprise application, you are going to get notified. So you can see the scope and you can see the blast radius. But most importantly, you're going to get a remediation plan to take action. So you can go ahead, you can register the agent, assign a human owner and baseline security policies. Now the important thing to remember, this is not a onetime process. Discovery is running continuously in the background, so you can find all your agents, both the ones you know and the ones you don't. All right.

So now you know where your agents are, let's answer that second question. What can they connect to? Well, it starts with MCP servers. So you can model agents, but you can also model MCP servers, and you can search a catalog of all the ones you might want to use. But connecting the agents to MCP servers directly, that can be risky, which is why we're introducing agent gateway. And the first use case is managing access to the virtual MCP servers so that you can select exactly which tools and scopes can be accessed. And with Okta for agents, you can securely secure those third-party coding agents like Cursor and Cloud Code. But what about everything else your agents need to integrate with? Well, today, we have 3 ways to manage those connections, Okta Authorization server, API keys and service accounts. But now we're adding 3 more ways to integrate agents securely, Okta Virtual MCP servers, third-party MCP servers and ODIC accounts, OIDC apps. No custom code and no direct path from agent to MCP servers and security is centralized in Okta. Okay.

Question number three, what can they do? Well, you need to establish exactly what agents are accountable for and you have to cut off access if it goes wrong. So here's the governance dashboard. And you can see access on an ongoing basis to what these agents have access to down to the scope and tool level. And you can review their access to make sure they have access to everything they need, but nothing they don't. But if what if an agent goes rogue? Well, you need a kill switch. And with Okta for AI agents, you can trigger universal log out if an agent starts accessing things that shouldn't. It's automatically going to revoke the tokens and deactivate that agent access. So now you know what agents can do, but you can cut things off if something goes wrong.

And as your agent footprint changes, you are always secure. We are evolving right there with you. Okay. So you just saw Okta for AI agents in action and how it helps you answer those 3 questions. Where are my agents? What can they connect to? And what can they do? These are just a few of the ways we are helping you become a secure agentic enterprise, and this is how Okta secures AI.

Back to you, Todd.

Very cool. I love seeing that come together. Thank you all that have been involved in the early access of Okta for AI agents. As I said, it's really valuable to inform the product direction and help shape our view of the future based on substantive leading-edge conversations with real powerful organizations that are trying to build these agentic enterprises. And the team has made a ton of progress. And the most exciting thing at all -- the most exciting thing out of everything I'll talk about today is the fact that this product is going to be generally available to all of you on April 30. So that's amazing. You're all going to be able to get your hands on this. The world is going to be able to start going from agentic enterprises to secure agentic enterprises on April 30. So nice work, everyone that's worked with us on this and the teams at Okta that are building this together. So good job on that.

Okay. So we've talked about the blueprint for the secure agentic enterprise. We've talked about Okta for AI agents. And now we're going to ground it in one of those real concrete conversations with an amazing company, an amazing leader at an amazing Okta customer. And this is a conversation with John Roese from Dell. John, come on up here.

So let's start. Put the -- I want to put Dell in the AI context. So how do you think about the industry, the Dell's place in the industry, how the industry is changing? How do you -- where does Dell fit into there?

Yes, we're fairly central because you cannot do AI with the infrastructure of the past. And so our business is building out the IT infrastructure of the world, compute, storage networking and all things associated with it. And that's been good for business. We're doing very well. We are finding ourselves in an entirely new world. However, just building infrastructure for someone else would be difficult because you wouldn't know what to build. And so a couple of years ago, we made the decision to be customer zero that we would be the early aggressive adopter of this technology. And I took over -- I've been the CTO for quite a long time, but I took over as the Chief AI Officer about 2 years ago. And in that 2-year period.

Was there another person? Or is it a new position?

There was a person there for a very brief period of time that attempted to build consensus and didn't work, and then we decided to go top down. We tried bottom up, didn't work. We went top down when I took over, which fundamentally launched our journey, which was if we're going to build for this new space, we sure better understand what this space is as a firsthand participant in it. We could spend a long time talking about our journey, but the punchline is after 2 years of a very disciplined -- if you go look at my YouTube channel and listen to me talk, you'll understand we are somewhat militant and we are very focused on doing this thing in a very structured way that actually gets to outcome, gets to ROI.

But after 2 years of doing that, we just had our financial reports for the second year that we have done this more aggressive adoption of technology, but also changing our people and the process and redesigning our company for this era. Now we have 2 years in which something happened that hadn't happened in 41 years before that. And that was our revenue grew dramatically, first year, about $10 billion, second year, about $20 billion. And at the same time, our costs went down. We have never seen that happen. Every time revenue went up, costs went up with it. But when you redesign for the AI era, people, process, technology, funny enough, you decouple those 2 because the unit of work is no longer just a human being. It's an augmented human being or an agent. And that gives you tremendous leverage to grow your business and actually improve your cost structure at the same time.

Doing that is nontrivial. It required us to lean in to be as bleeding edge in terms of thinking as possible, but also very pragmatic about making sure that we didn't break the business that we did things that matter. And so one interesting statistic is for all that progress, we never used a single agent yet. where we built our first autonomous agents almost 2 years ago, but the ones in production are pretty minimal right now. However, given the fact that we've had that kind of impact without agents, we are extremely excited about this greater shift to autonomy, the kind of projects we can go after. In fact, we believe that AI can only be applied to a process and the only processes we could go after with first-generation tools are very simple processes that are very much tied to human work behavior.

When you move into the agentic world, you can go after the complex processes. You can go after composite processes, you can go after autonomous processes. And that opens up just a gigantic surface area that we're fairly comfortable is going to define productivity for the next -- probably the next decade at least.

When you think about the agentic technology stack, what are the key technologies? There's process, there's change management. There's strategic direction that has to be in line. And then there's the technology enablement. You mentioned a bunch of the stuff was done without even agentic. What are the key parts of the agentic?

Yes. You and I talked a while back, I think we -- I don't think we had published it yet, but at the end of last year, in October, we -- after working with these technologies and kind of thinking about what would we have to put in place to do this, we wrote it down, interesting enough. We have an internal set of agentic standards. And they're not high-level hand-waving stuff. They're very specific. And in fact, they included things like we decided all MCP servers would be centralized because at the time, MCP is just too risky to use without putting it in a safe space. That's a fairly straightforward decision. We now make that part of our architecture. We made decisions about having 2 kinds of agentic platforms, ones that we wholly own and operate, which we call inner ring, which are our control points and our ability to do things very specialized for Dell but then it would be surrounded by outer ring agentic platforms that existed within our partners and SaaS services, but we decided these would not be separate ships in the night.

They would be part of one topology under one architecture. And probably the single biggest decision we made, which is what we were talking about, which I kind of shared with you guys and maybe gave you some encouragement to go on the journey you're on is that we decided that every agent in the world that does work on behalf of Dell would carry a digital identity issued and operated by us. I don't care if the agent is a third party. I don't care if it's in a SaaS provider. I want control. I authorize it to exist. And the reason I wanted to do that is because I know agents will track where work goes on and work goes on in more than just my data centers and my core businesses, but yet I want to be able to have control over how that work is happening.

And what we realized is I can't control the underlying infrastructure decisions because those are third parties in many cases. I can't maybe even control the data APIs as well as I could. But if I control identity, I can do things like a kill switch. I can make an agent go away if it behaves badly, even if it isn't running on my infrastructure and fully under my control. And so that stack that has now formed, which is very much a modern AI factory underneath it to provide the engine to basically run it efficiently and scale it, what we call a knowledge layer, which are the knowledge graphs and the graph databases and the RAG systems that basically enumerate data that agents can use. And then on top of it, a control plane. And that control plane includes registries, but it fundamentally includes identity and access management and authorization.

And so that stack now is real. It is published. In fact, just recently, we started to provide it as a pseudo RFI to all of our partners to say, okay, you want to do business with us. This is our set of rules. And to my knowledge, we're the first ones to do that. We think the industry ought to take blueprints and use blueprints because everybody agrees on kind of the meta architecture. we can actually all line on getting it built because it doesn't fully exist yet.

Yes, it sounds simple. I'm an identity guy. You guys early on made the decision that agents have to have first-class identities. We saw the survey I mentioned earlier that 22% of -- only 22% of companies are managing agents as real identity things. And it's good to hear that you're seeing success there, but it's a subtle thing a lot of people don't get to. They try to treat them as more like software and their scripts and their service accounts, and it's a very profound thing that we can make it happen together. So when you talk about agents, you guys decided to -- the primary -- the platform and the use cases, a lot of them are internal. How do you think about agents operating internally for your enterprise versus agents outside your enterprise accessing your systems and the internal, external trade-off there?

Yes. I would say our first thoughts about agents over a year ago, we had this belief that we could build one platform and kind of run all the agents on it. By the way, we have a bias. We really protect our intellectual property and our data. I am very hesitant to let black boxes of magic touch my data. So I like doing things that I can control, whether they're in my data centers or in systems that I help design the architecture for a provider. But the bottom line is we very quickly realize, as I said, agents track. They are an entity that does work, and that work can exist in many places. Some of that exists in things I fully control and some I don't.

And so early on, we did pivot to have this 2 concentric ring model where there would be platforms that we fully controlled, and there would be platforms that we didn't control the platform, but we could control the agents on the platform. And that's where identity and access management became kind of this universal substrate. I think interestingly enough, I will tell you, just to give you some industry dirty laundry. We don't have full consensus in the industry about what even an agent is.

Stop, John. Stop. Breaking news.

Breaking news, agent washing, but it's even worse because some people believe agents are a feature of a model that's behind the black box of magic of the API, and you don't need to understand it. I completely disagree with that. We believe agents are software systems that can do autonomous work, and they do use large language models, but they also use knowledge graphs and other types of data expressions. They have a tool use interface today, primarily MCP. They have inter-agent communication with protocols like A2A. That is a system. And we're kind of -- the one thing we're struggling is we haven't quite got to consensus about which of those is the right answer? Is it a feature of a model? Or is it a software system that does work? I know where it's going to end up. I'm 100% confident the second is the right answer, but that creates tremendous confusion for people. It also makes it very difficult for me, interestingly enough, as I want to have ubiquitous identity and ubiquitous control, if you believe an agent is a black box of magic hidden behind a master account that is owned by a provider, it's very hard to reach into there and do authorization for what appears to be a knowledge graph that can I got to pull it out.

And so we are generally treating most of those companies, and they are our partners in this extended ecosystem, and we're deprecating them. They are not agents to us. They are just tools and the intelligence and the reasoning will happen on our side until they expose that underlying capability. So it's -- I would say, most of the enterprise ecosystem. We have 650 start-ups we're working with building enterprise AI stuff. They have all largely gravitated towards these have to be composable systems. They're software entities. They work together. They have this kind of composable architecture. That's good. Some of the bigger providers haven't quite got there yet. And so we have to figure out how to work with it, which is why it's so important in your framework that you don't just assume everything is a first-class agent. Some agents might not actually be expressable as agents because they're behind the firewall or unexposed to you. So treat them like a tool and then control the tool use access, which is another authorization tech.

It all blends together.

Exactly. Yes.

So you're the CTO, so your job is to predict the future. So tell us what's going to happen.

Well, here's the first thing. We have something in Dell called the 2-year rule -- sorry, Todd, we treat all AI decisions of having no more than a 2-year lifespan. And the reason for that.

It's good for us, we have to work our a** off to keep maintain your business.

You have to work in your business. You win, you get us for 2 years, and then we reevaluate because honestly, we can't predict that future. But what I will tell you is the one thing that is absolutely certain, and you kind of mentioned it in your keynote, we are in a period where autonomy is becoming the actual characteristic of these systems. It's not the technology by itself is that the technology can operate autonomously. It will operate in low-grade autonomy like a better tool or it can operate in high-grade autonomy like a full-on digital expert worker. It is inevitable that, that is coming and is happening. And so the biggest shift that we can see is we have to prepare for that. We have to rethink work. We have to rethink our infrastructure. The other thing that's interesting and an infrastructure guy is years and years ago, it's like 6 years ago, I'm on the record of saying something along the lines of there will come a time where the.majority of your IT infrastructure is actually in service of AI outcomes. And more importantly, when that happens, you will have to redesign your IT architecture to treat AI as the primary workload, not the secondary.

We are actually at that time right now. But I will tell you, the majority of the world's infrastructure was built before generative AI even existed. It was architected. We continue to apply architectural principles to it. So one of the biggest predictions is not only is this coming, but it is going to force a complete rethink of all the dimensionality of our IT environments, not just so that we can add a new capability, but so we can actually optimize the primary purpose of our infrastructures and IT systems to actually enable this autonomy. That is a big deal. If you read what I just said clearly, you're going to have to rethink everything. In fact, we encourage customers today that if you have an existing infrastructure and IT strategy, this is a very good time to pause because you probably made every decision in that list before generative AI ever happened. It's a great time to stop to get educated to rethink everything from identity to access control to telemetry to infrastructure choices to where the AI is run and where the data lives and what those data layers look like.

That is probably a terrifying prediction because it means we have a lot of work to do, but it's also incredibly exciting because if we optimize for autonomy, this thing accelerates. And when it accelerates, I will guarantee you the result is dramatic impact on GDP, on lifespan, on health care, the amazing things that can happen if we get this right by doing it securely will happen quicker, and that's a very good thing for all of us.

Yes, very well said. I'm very excited. The way I think about it is there are 1.1 billion knowledge workers in the world. We spend about $30 trillion, and they produce about $65 trillion, $70 trillion of wealth. So how about we cut the cost by 10% and produce twice the wealth.

Exactly.

That would be a pretty amazing future for everyone. So thank you so much, John, for being a customer and trusting us with helping you build this -- using Okta for AI agents to build this identity layer in your platform and be the foundation for the Dell Secure Agent enterprise.

Yes. No, thanks for having us, and we're super excited to see this go GA. We've been on the journey with you to build it. And I think if you haven't looked at it and see what's going on here, this is a pretty important kind of very early real example of how to do this stuff. So congratulations.

All right. John, thanks. I think this blueprint is really going to clarify a lot of things and make it easier for all of us, whether you're building technology as a vendor, whether you're implementing technology as a company, whether you're a cyber -- member of the cyber ecosystem to rationalize how it all fits together and more importantly, help us all move forward more safely and more quickly. And I'll show up a QR code in a minute. You can get a link to all the details behind this. We're really excited to work with the whole ecosystem and community to build this and keep working on it going forward.

And I think the big headline here is that Okta for AI agents is generally available on April 30. So if you're not using it already, make sure you reach out and learn about it and learn how it can help you build your secure agentic enterprise. And you can get all the information here. So we're very excited to help you secure AI. And again, thank you for being a customer. And if you're not a customer yet, I don't know what you're waiting for. We can take care of that. And thanks again to John for helping us out. And thanks again for Shannon and the whole product team and the marketing team for putting this on. And thank you very much, and enjoy the rest of the showcase.

Thank you for joining us today. Thank you for joining us today. Please join us in the foyer.

All right. Welcome, everybody. We are at the anchor spot of the conference and delighted to have Okta here with us today. I'm Meta Marshall. I cover networking and cybersecurity here at Morgan Stanley. We're delighted to have Todd McKinnon, CEO and Co-Founder here with us after a great quarter last night. So...

Thanks for having me. Nice to see everyone.

So Todd, it's great to have you here, not only after earnings that you reported last night, but just this is a critical time for the identity market, particularly as identity moves front and center in the AI enablement discussion. Just how are you thinking about what type of holistic identity solution the market needs in order to better secure agents? And just how are you designing towards that?

So first of all, when we talk about agents, I think some people I talk to think about them as a discrete thing that's going to be delivered in a certain way. When I think of agents, everything is going to be agents. I think every piece of what we think of SaaS now will be -- take agentic features, reinvented as agents, replaced by agents maybe. I think every piece of software built will have some agentic capabilities. So really -- we're really talking about the future of all of technology. Devices will have agentic capabilities, autonomous SQLs.

And so when we think about the potential of what we're doing with Okta for AI agents and Auth0 for AI agents, it's -- that's the long-term ambition. We want to be the identity layer, the identity infrastructure for everything. So what that means is simply put, it's -- a company would have use Okta as a system of record of how many agents they had, what they could do, how they're governed, how they perform. Right now, the product has a list of -- it's the key features that are resonating with customers is it has the ability -- it knows about what agents have been delivered by which platform.

So it can download agents and synchronize agents from Salesforce and Amazon and Microsoft, and it can give you a central view of all those agents. And then it can control what they can connect to and they can do that connection in a secure way, so you don't leak session tokens or leak API tokens. And the connections of these agents is really important because that's how they get all the context to make them super valuable. So that's -- it's a big opportunity. And we're really -- I'm blown away by the interest. And then in Q4, the actual sizable deals on the board was -- it was super interesting. Still early, a $3 billion run rate, product is still in early access. The Okta for AI agents is early access. Auth0 for AI agents is GA for about a quarter, but it's very exciting.

Yes. The identity market, maybe as we think of it more traditionally has been this best-of-breed market with distinct swim lanes. Does AI finally push us more towards the platform? And why do you guys think that you guys are in the best position to lead?

I think it does. I think -- but I think the linchpin of that is the, call it, the system of record or the registry. And that has -- if you can give that value to customers to give them this platform-agnostic independent neutral view of all their agents and let them control the connections, that's a very powerful position to deliver value. But that probably leads to more ability to cross-sell governance for people and agents and privilege for people and agents and core human identity probably makes it even having more. We're already seeing platform gravity with the multiple solutions we have with our identity products and this being a system of record for agents probably makes them more platform gravity. It's very early now.

I mean I think there's a lot of -- when I talk to hundreds of -- I've talked to hundreds of customers specifically about agentic and what their requirements are and what we're doing, big companies. And there is some spectrum of maturity from the most mature ones are -- have really thought through deeply how they can build an internal enterprise platform for agentic, including where it's going to run, how it's going to access models, how they're going to incorporate a system of record for identity into that, and they've really thought through strategically how that's going to all fit together.

But the other extreme is they're really -- it's really early and they're thinking about how can we control which prompts our employees are giving to the chatbot. So there's quite a spectrum of maturity. The early deals we've had with our agentic products have been with the companies in the former category. They've thought through the platform and they said, "Hey, we want to really holistically do this. We're going to do big time automation across our business. The future is agentic. What pieces do we have to invest internally to make this all work. And our approach really resonates there. So yes, it's -- we feel like it's early, but the signals are pretty compelling and clear that this could be a big deal.

Yes. And we had this discussion earlier in the year. But in the market, there's been kind of a lot of identity start-ups or acquisitions of kind of start-ups within the space. Just what do you think that people are missing about kind of what is necessary and what kind of others are doing with these smaller identity acquisitions?

You're talking about like CrowdStrike?

Or just...

CyberArk? CyberArk is not a small company. ServiceNow. Well, I think it's -- I think when you -- I think what's driving a lot of this is it's a big problem for customers. I think people don't -- Okta has a unique view of how messed up the identity world is out there for customers. So we've been living it for a long time. We see it. But I think people don't -- people underestimate how fragmented and confusing and the jargon, the vernacular and the acronyms, it's very complex for customers. And it's -- by its definition as an industry, it's in the middle of everything.

And so it's got this other dynamic of -- it's just -- it's very complex. And a lot of our success -- forget about AI for a second, a lot of our success is just bringing some simplicity and some sanity to that, which we've done a very good job of, which is like -- there's never been a company like Okta. There's never been an at-scale independent neutral identity company. They all got to a certain size and then some big platform scooped them up, happened back in client server days, happened in the web days, Oracle bought a bunch of them and then kind of killed them all. We're the only one ever. And it's because we've been able to make it simple and rational. And now we have multiple products across different categories, that's never existed before. So that's a powerful position.

So I think -- I'm sorry, it's a long-winded answer, but I think what -- I think people from these big companies, whether it's ServiceNow or Palo Alto or CrowdStrike, they talk to customers and they're getting a firsthand look into how messy it is. And then they're seeing all these breaches caused by identity. And so they're trying to react to customer demand and -- which is rational. But I think what they don't realize is that it's -- if you don't own and you don't operate the identity infrastructure, the directory, the connections, the core of what it is, it's much harder to do security around it.

If you own the infrastructure, you can make the infrastructure itself secure and you can build the detections and the monitoring and the posture management tightly coupled to that identity infrastructure, make it better versus if you're trying to do what some of the other folks are doing, which is trying to do identity security tooling across a broad range of complexity. I think we're in a better position to deliver that value.

Got it. It's great having you here just as a voice as a founder. We've seen kind of concerns of late of what AI can do to cyber. Just how do you see that discussion evolving? And how do you talk to your ongoing moats? And just do you think that the market is missing anything about that kind of AI eating software eating cyber?

Yes, everyone thinks about it. I think it's super interesting. I think there's so much -- I think that there's a lot of zero-sum thinking there, meaning that if someone builds something with cloud code or someone vibe code something, there's a zero-sum. It's going to replace something and that's -- companies are going to be cost cutting because they're going to take out some workflow tool or some infrastructure tool. I think in general, there's so much we can do with technology and so much power and automation and cost efficiencies and revenue -- I mean, the industry, technology industry.

I mean the technology industry, you all know this, you're conversant in the numbers, but the IT services, so the people doing IT work, implementing systems, designing systems, coding, it's $1.8 trillion. And so I think the zero-sum nature of it is people are getting that wrong. And then I think you get to -- when you're figuring out, there is definitely going to be -- like you heard me say it, I think everything is going to be a agentic. It's going to be what we think of as a SaaS app now will have to get agentic or it will get disrupted. Now -- but I think they will get agentic. Some will, some won't. Some will get more -- have the religion and get agentic faster.

There'll be more or less disruption. But I think what companies are going to have to do is figure out, okay, what am I going to try to build? What am I going to try to augment? What am I going to replace? And I think when you get down to this infrastructure layer that has to work, like identity infrastructure has to work. Like it's not optional. If it doesn't work, you can't log in, you can't go where you don't know your people, your agents are going to connect to. And then it has to be secure.

And so I think we're fortunate that we're at this -- we're in this infrastructure category that has a pretty high bar for -- I think the build your own bar has to be pretty high to cross over. But it's incumbent upon us to make sure that we make sure our R&D teams are using all the latest tools to build way more capabilities than we have in the past and get leverage from that and make it not only our reliability and our security top notch, but the capabilities we deliver is so good. It would really be hard to get to the decision that you would want to build it yourself.

Got it. You just mentioned Auth0 for AI agents, which has been out for a quarter. Okta for AI agents still kind of in testing. Can you just walk through...

It's dozens of customers. Yes. So when we say early access, it just -- it means it's still paid for so customers in production. It's just -- we haven't totally opened the floodgates on it yet.

Just what are kind of some early learnings just that have kind of helped inform either further developments as you look to roll it out to the broader suite?

I think it's -- I have -- the way we're organized is that we have a go-to-market tiger team that is working closely with customers to iterate the cycle of iteration and the feedback loops into the product team is very fast. This is a fast-evolving environment. So that's -- so stepping back, we set it up to learn a lot and learn a lot fast. And I think one of the most valuable things we're learning is that we can provide this central system of record I'm talking about, which is valuable. But we can also help in this category of agents that's broad across systems.

So what we see is that the companies that are building agents in their app, they tend to be more siloed. They tend to work on HR data or customer data or we can really help those flows spread across different silos, go to the data warehouse to different custom systems, different SaaS systems. And that's -- and I think the industry probably will start talking about that as a new kind of agent. It's broader, it's more capable. It can automate more things versus a stovepipe agent. And because we're so good at spanning different stacks, it's been an area that's really resonated with customers.

And then just how does what you learned from Auth0 for AI agents kind of inform what you've put into Okta for AI agents?

Well, I think the link -- so Auth0 is for people building agents, like if you're building a custom agent, whether you're a SaaS company that's trying to build agents into your product or you're a company that's building some of your own agentic software internally, you can use Auth0 for AI agents to do a bunch of things that are common that agents need to do. It handles the interchange between the system and the back-end systems that needs to talk to in a way that makes it really easy for developers. And the connection is that Okta for AI agents helps security and enterprise team have this authoritative system of record of what agents the customer has and what they can connect to.

So if you build an agent with Auth0 for -- Auth0 for AI agents seamlessly plugs in and goes into the registry and manage the life cycle. But Okta for AI agents also works with Salesforce agents and the agent core from Amazon and Microsoft Fabric and Google and the 50 other agent platforms that are coming up. And in this dynamic market, that's really valuable to be -- have the central registry and the source of truth of everything in your environment.

Got it.

I mean there's no way for these customers to even keep track of what all the stuff coming at them. It's probably another learning coming at them so fast, especially companies that aren't very far along on the maturity curve of thinking about what this means, just the visibility into like who has agents is valuable.

Yes. I mean we spoke earlier in the year and you talked about kind of the system of record. You are also talking about some of the protocols that you were going to have out there to get different stakeholders to ease the standardization. Just where are we on that? And how should we measure whether we're seeing traction there?

It's -- I feel like I keep saying it's early a lot, but it's early.

It's a common theme this week. Don't worry about it.

Yes. Yes, yes, which is -- I mean, it's very exciting, right? But I feel like there's a lot of work to do, which is invigorating. The -- this agentic world, whether -- and I've said a few times now, it's like everything is going to be agentic. There's no good standard way for how it plugs into a company and so the company can make sure it's secure, they have visibility in what it's doing. It's -- they can stop it if it starts doing things that they don't want to do.

That whole interface needs to be defined. And it's going to be defined as some kind of technical standard. There'll be de facto standards. There'll be people will get a bunch of traction and kind of set the default and other people will follow, but it needs to have some technical standards there. The best standard so far in agentic world is MCP. But MCP is not -- it is really how the models talk to the tools and the tools can share their data in a standard way -- discoverable way with the agents and models.

But it's not -- there's not a technical standard of how the agents are -- get visibility and are monitored and controlled. So we've done some things working with the folks on the MCP standard to add capabilities to MCP to make it more compatible with enterprises. I'm sure there'll be more of that. I'm sure there'll be more just technical standards in the industry to make it all plugged together, and we're going to be right in the middle of next year deployment.

Got it. So I want to turn to results from last night. You reported 12% cRPO growth, 11% overall growth. You noted 30% of bookings -- of Q4 bookings were from new products and that you were seeing 40% average uplift when they were part of deals. Just where are you seeing -- those are great stats. Where are you seeing the most traction with those new products?

Strength of our business has been larger enterprises. That's been consistent over the last few years. And which kind of makes sense because they have -- there's a lot of complexity. There's a lot of security. There's a potential to upgrade security with a great identity system. There's a lot of -- like I mentioned before, there's a lot of complexity. There's a lot of -- these companies have 20, 30, 40 identity systems, and it's just -- it's hard to manage and it's expensive, and they don't get a lot of the security outcomes that could be available to them if they standardize in something modern like Okta.

So large enterprise is a highlight. And our message with multiple products and our identity suite. And by the way, a lot of people say they have a suite. Ours is different in that's an identity suite. And you can -- you have to standardize on something and we'll save you costs and all your identity products. And then we also have the added benefit is you can choose the best cyber stack around that. You can use CrowdStrike, you can use Palo Alto, you can use any app you want, you can use any agentic world, you can use any agentic development platform, any model you want. So this neutrality, it's like pick something to standardize on. Our pitch is like, hey, pick identity, we'll handle all the identity use cases. We'll consolidate all the vendors. And then we'll give you the choice. We're not going to say, hey, it's any model you want as long as it's our model.

And then just on the new products, I think you mentioned that OIG was kind of where you had seen kind of the most strength in the new products.

2,000 customers now. It's awesome.

Okay. Perfect. In the outlook, there was a small step back on operating margins as you invest more in go-to-market and agentic solutions. Just what is giving you the thought that this is where you want to invest right now?

Well, the 2 -- I think the 2 areas of investment are -- incremental investment are go-to-market and then R&D. And I think there's the -- in terms of the go-to-market investment, I think there's -- we're seeing productivity. We're very comfortable where the productivity is now after it accelerated last year. And we feel like there's more market share to be gained with that investment. R&D side is mostly about making sure we're -- we continue to innovate, have this comprehensive set of products. The Agent investments are a good part of that.

We're also -- I think maybe something else that's maybe not obvious -- well, maybe it is obvious looking at the numbers, but we're -- I think is an advantage for us is the company is in a good spot in terms of being able to invest more at an efficient rate. So we can get more bang for the buck because of the way we have global R&D development centers now. We have -- of course, that's all being accelerated with AI tools. So just structurally, I think we're in a better place to get more bang for our dollar. And so we get -- it's almost like a more leverage when we do tick up the investment in these areas, which is something that's -- we're just in a much better position than we were 3 or 4 years ago in terms of that. It was all the hard work we've done last year.

Got it. Yes. One of the other announcements you made last night was just about this professional services business and moving that more towards the GSIs and the channel. Just why was now the time that, that made the most sense?

It's -- so I think the -- one of the things that is also maybe a little bit unique about Okta is that for an identity product set of products -- identity product and a set of products, we're pretty -- it's pretty low services, pretty -- like implementations are relatively easy. I mean it's not -- I would never say they're easy, especially in some of the large complex enterprises, they can be complex. But compared to other stacks, it's relatively easy. So I think we've gotten to a scale where maybe if it wasn't so easy, the global systems integrators would have been more aligned with us and really staffing up to do the services earlier in our life cycle.

But with the products getting more powerful with governance really hitting its stride, there's just more work in the large enterprises that these GSIs can do. So we kind of had to make a choice. Are we going to lean into that and lean into their interest because they see us as the leader. They see other vendors in the specific identity space as maybe not innovating and not pushing the boundaries forward. And then they see agentic and all the potential there, and they're leaning in on us, and we're at this point where our products are capable of really doing these transformations that require more GSI support or services dollars.

We had to make a decision. Are we going to -- do we want to grow our own services? Or do we really want to lean into this enabling GSIs and I always say that if you're going to make a decision, unless it hurts a little bit or unless it's a hard decision to make, it's probably not worth a lot. And so when you have to really forgo some services revenue, it means it's probably a decision that might hurt a little bit in the short term, but be something really good long term. So that's where we are.

Got it. As investors look towards -- are looking for reacceleration in the business on the back of some of these go-to-market investments and agentic, just how are you thinking about fiscal '27?

I think it's like a beginning of a new era for Okta. And I think it's maybe that there was the start-up era and then we went public and then there was the COVID era and the 0 interest rates, and we've kind of settled things down and normalized it. I think this is the beginning of a new era. And I think the platform approach we have just identity, this unique approach to an identity platform, no one else has it. No one else has a broad identity platform like we do that's not super tied into another stack. So it's unique in the industry.

And this -- the opportunity to be the foundational layer for agentic identity and agentic connections, that could be bigger than all of identity is now. That could be bigger than cyber. And that's a massive opportunity. You're talking about a tech stack that's going to -- this agent tech stack just for starters is going to have a huge impact on $1.8 trillion of IT services and not to mention the other -- what the leverage and the productivity and the effectiveness of 1 billion-plus knowledge workers, that's massive. And that's exciting to us. I mean we don't want to -- we're not here to build just an okay media and SaaS company. We want to build one of the best, great, impactful companies ever. And I think this could be the start of a -- this is the start of a new era, and it's up to us to make sure we capitalize that over the next several years to make it a reality.

Got it. It's almost like a great end, but now...

But I want to make sure it's clear. I did not guide to $1 trillion in revenue.

Let's talk about go-to-market for a second and just kind of how you go and sell that vision. You've implemented a number of go-to-market changes over the last year, focusing on some kind of specialized sellers and Okta and Auth0 teams. Just where do you feel like you're seeing kind of the most traction there? And yes, I guess.

I think -- so about change in go-to-market change, I think the notable thing this year is there wasn't much change. And we already saw that in the performance at the start of Q1. It's what you would expect. It's -- there wasn't a lot of cost to change so far. It's only a month end, but it's what you expect. And I think -- so if you go back a year ago, the main change was more specialization around Auth0 and Okta. And those platforms both have become so capable that it was really hard for one rep to get their head around it all. And so that's been working great. And I think what you're -- the new products is probably the best evidence of that. You don't -- if you're not specialized on all the innovation in the new products, it's hard to sell them. If you're spread across too many, hard to deliver that and know what they're talking about when they drill into the details of identity security posture management and what's the difference between that and identity threat protection and security center and Auth0. So we're seeing that pay off.

I mean as you think about AI as almost -- or -- I know you've mentioned everything will be agentic and so maybe this is the point. But do you need these special teams for AI sales versus this split between Auth0 and Okta?

Yes, that's -- well, I think right now, it's -- I think the operating principle right now at Okta is that it's a tiger team that is designed to iterate fast and get feedback from the customers of the product. And that tiger team by -- they basically are doing a lot of things, but they're also sitting with a bunch of reps through these deals. So the reps -- these AI deals still go through the reps. You basically have this tiger team that's the overlay or the specialist. We're thinking that it will be a generalized sales motion, but I think we're flexible on that as we scale it out. It might make sense that the products evolve in a way that they're more separable than the core platform. So we might do it separate.

But the way -- the plan now is that it will be like -- the AI products are horizontal across Auth0 and Okta, meaning that if you buy Okta for AI agents, you can -- your AI agent identity gets some connections with log-in, it gets some connections with universal log-out, some connections with governance and some kind of horizontal and same with Auth0. So we're trended now toward a more generalist model, but I think it's -- the reality is that this could change as we go down the path.

Okay. We've had this discussion before. But just in terms of as you move upmarket, as you have these bigger conversations, those can tend to lead to longer sales cycles. And so just how are you balancing the -- we have solutions we can give you day 1 and then progressing that conversation along?

I think it's a real thing. Like I think it leads -- part of this is why our years are so back-end loaded. As we move upmarket, we get a lot of deals that we could just do a smaller deal, but we wait until the end where it's a big platform deal. I think it's hard to -- when you're trying to deliver broad value across multiple use cases, sometimes it's hard to start small. The fact that it's relatively straightforward and possible from a technology perspective and packaging pricing perspective that has some kind of buffer to that. But it is a real thing. I don't think it's getting worse. I think it's been steady as we've moved upmarket.

I just -- I would say the biggest difference is that when the deals come, they're bigger. So the sales cycles are not any longer, but when they come, they're bigger. And when someone actually does delay them for a couple of quarters to get the big one at the end, it's actually bigger, which is what you want. You don't want people delaying for 2 quarters and then delivering the small one.

Right. But maybe -- you talked about this. You guys have built an incredible platform. You generate a fair amount of cash. You announced a $1 billion share repurchase program earlier in the year. Just how are you thinking about capital allocation?

The -- so I think we think the stock is undervalued. That's why we did the buyback. And then the other variable there is we were looking at ways to grow the business with M&A. And the -- when we've done M&A in the past, Auth0 is an exception for that strategic asset, but a lot of our M&A has been small tuck-ins, technology and teams. We had great success with that. And the at-scale acquisitions in our strategic zone of identity would have been legacy companies that are software companies. So we've never done anything like that. And I thought that's the right -- I think that's the right decision.

So basically, it's a long-winded way of saying is that the -- we keep looking for acquisitions, but they tend still to be tech even the things we're looking at around AI tend to be small teams that are innovating quickly, not something that would be a huge capital allocation. So with that, cash generation and trying to return some value to shareholders with buybacks we think the stock being undervalued makes sense. I think going forward, the -- we have -- we talked about a $1 billion pool for buybacks. We'll do that in a moderate way because we can't predict the price week-to-week, month-to-month, quarter-to-quarter. But the -- we're comfortable with that. And then going forward, I think beyond that, I think it will be -- the question will be really around like what M&A could move the needle in this -- as the company evolves into this infrastructure for AI agents and what that will mean there. That will probably be the next decision point.

Okay. Got it. Well, Todd, thank you so much for being here today, and congrats on the quarter.

Thanks for having me. Thanks, everyone.

[Presentation]

Hi, everyone. Welcome to Okta's Fourth Quarter Fiscal 2026 Earnings Webcast. I'm Dave Gennarelli, Senior Vice President of Investor Relations at Okta. Presenting in today's meeting will be Todd McKinnon, our Chief Executive Officer and Co-Founder; and Brett Tighe, our Chief Financial Officer. Eric Kelleher, our President and Chief Operating Officer, will join the Q&A portion of the meeting.

At around the same time that the earnings press release hit the wire, we posted supplemental commentary to the IR website.

Today's meeting will include forward-looking statements pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 including, but not limited to, statements regarding our financial outlook and market positioning. Forward-looking statements involve known and unknown risks and uncertainties that may cause our actual results, performance or achievements to be materially different from those expressed or implied by the forward-looking statements. Forward-looking statements represent our management's beliefs and assumptions only as of the date made. Information on factors that could affect our financial results is included in our filings with the SEC from time to time, including the section titled Risk Factors in our previously filed Form 10-Q.

In addition, during today's meeting, we will discuss non-GAAP financial measures. Though we may not state it explicitly during the meeting, all references to profitability are non-GAAP. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. A reconciliation between GAAP and non-GAAP financial measures and a discussion of the limitations of using non-GAAP measures versus their closest GAAP equivalents are available in our earnings release. You can also find more detailed information in our supplemental financial materials, which include trended financial statements and key metrics posted on our Investor Relations website.

In today's meeting, we will quote a number of numeric or growth changes as we discuss our financial performance and unless otherwise noted, each such reference represents a year-over-year comparison.

And now I'd like to turn the meeting over to Todd McKinnon. Todd?

Thanks, Dave, and thank you, everyone, for joining us this afternoon. We're pleased with the strong finish to FY '26, which was highlighted by continued strength with large enterprises, partner engagement and contribution from our newer products. Identity is fast becoming the most important aspect of security with AI acting as a catalyst. In today's call, I'll cover the success we're having with our new products, how Okta secures AI, including some early success we're having in that new market enclosed with our top priorities for FY '27.

We continue to see strong performance from our portfolio of new products. This group consists of Okta Identity Governance, Okta Privileged Access, Identity Security Posture Management, Identity Threat Protection, Okta device access and fine grain authorization. And new to this group are our products Auth0 for AI Agents and Okta for AI Agents. The value of a unified identity system with a single control plane is resonating with customers. In aggregate, these new products represented approximately 30% of Q4 bookings, which is a meaningful increase from prior quarters. And when these new products are included in a deal, the average contract uplift is approximately 40%.

Okta Identity Governance continues to be the biggest of these new products and is building on its early success. OIG now has over 2,000 customers. That's remarkable progress in just over 3 years, and it underscores the market demand for a modern governance solution. Customers are choosing OIG because it's a full IGA cloud native solution built into our unified platform, not a siloed point solution.

I mentioned that our portfolio of new products now includes our AI products. Auth0 for AI Agents and Okta for AI Agents. It's still early for this developing market, but as the leading modern identity solution for workforce and customer identity, Okta is uniquely positioned to help organizations combat the growing security threat that AI agents represent. The reality is that the AI revolution has moved faster than today's security frameworks. According to Okta's AI @ Work Report, 91% of surveyed organizations are already using AI agents, but only 10% have a governance strategy in place.

In meetings that I've had with customers and prospects over the past 6 months, the vast majority of the conversations revolve around their AI initiatives and how Okta can help them build and manage agents securely. As AI becomes embedded in more workflows and automations, the growing number of exploitable entry points from nonhuman identities to unsecured integrations expand the attack service for threat actors. It's clear that in order to get AI right, you have to get identity right.

Okta was built to meet this challenge. Identity isn't just a feature for us. It's our foundation. AI agents are simply a new identity type, and protecting them as a natural extension of what we do best. Okta's neutral and independent identity solution is uniquely positioned to secure and govern the entire agentic life cycle and gives customers the freedom to deploy on any agent platform without ecosystem lock-in, all while strengthening their security posture.

Our twon-pronged solution with Auth0 and Okta for AI Agents treats AI agents with the same importance of humans and gives customers everything they need to secure this powerful new technology. We're still in the early stages, but we believe that in a few years, agents and agentic systems won't be the exception to how enterprise software is built and operated. They'll be the rule. We believe that AI agents represent nothing less than the future of software. That's why AI security is identity security.

I'd like to highlight a couple of AI deals we closed in Q4 that illustrate how we're addressing the AI market. An existing Auth0 customer is building AI agents as part of their leading financial services platform. These agents will help the firm's advisers make better and faster decisions. But to do so, the agents need access to sensitive customer information, which must be least privileged. And they need to work with existing systems and third-party services inside the financial institution. The customer picked Auth0 for AI agents as it met their stringent requirements for a secure, extensible platform to build and deploy a agentic systems. They needed a solution that offered enterprise-grade identity for humans and agents while providing secure access to third-party MCP servers, all while acting as a single source of truth.

Another notable deal that included Okta for AI Agents, which became available in early access in January, was with a top global business and technology services provider. They chose Okta for AI Agents to help them discover control and govern identities for their growing sprawl of agents. Rolling out AI agents across multiple agent platforms is key to their ongoing transformation, and centralizing agentic identities in an independent agent agnostic platform like Okta will strengthen their cybersecurity posture.

This is the very beginning of the AI opportunity. Building and protecting AI agents is inherent to Okta's position as the world's system of record for identity management. With our solutions, developers, administrators and IT teams can ensure that the entire life cycle of an AI agent from initial design through active deployment is observable, governable and secure. For more information on how Okta secures AI, be sure to register and join our showcase event on March 16. In this live streamed event, you'll hear from myself as well as our AI product leaders as we unveil our latest innovations for AI agents.

And finally, I always like to take time on the Q4 call to share our priorities for the new fiscal year. It shouldn't be surprising that all of these priorities are focused on driving growth. The first priority is Okta Secures AI, which is all about how we win, grow and become the standard for securing agentic AI. By building on our early success with Okta and Auth0 for AI agents, we will further our vision of freeing everyone to safely use any technology.

The second priority is increasing our focus on landing bigger and growing faster with large customers. We want these organizations so think of Okta first when it comes to identity security and securing AI. This is a global effort across both the Okta and Auth0 platforms.

And our third priority is becoming the default identity security solution for the U.S. federal vertical and highly regulated industries. The public sector has been one of our fastest-growing verticals over the past couple of years, but we've only begun to scratch the surface of the overall opportunity.

To wrap things up, we're pleased with the strong finish to FY '26. We're excited about the momentum we've built for the year ahead as we look to surpass $3 billion in revenue on our way to $5 billion and then $10 billion. Identity is security, and we're building on our position as the leading modern identity solution to win the emerging market for securing AI. It's an exciting opportunity, and we're going after it aggressively. I want to thank the entire Okta team for their tireless effort and also thank our loyal customers and partners who put their trust in us every day.

And now here is Brett to cover the financial commentary.

Thanks, Todd, and thank you, everyone, for joining us today. We're pleased to close out another fiscal year achieving Rule of 40, which we've done every year since going public. It's also satisfying to see our investments to drive growth paying off. These focus areas include new product innovation, go-to-market specialization, large customers and our partner network. My commentary will provide insights into our Q4 performance and then move into our outlook for Q1 and FY '27.

The increased go-to-market specialization that we implemented at the beginning of the fiscal year continues to make progress. Strong execution has led to positive go-to-market KPI improvements, including sales productivity. Our focus on large customers and large deals continues to drive our financial results. In Q4, we closed a record amount of total contract value of nearly $1.3 billion. We also surpassed a major milestone of $3 billion in annual contract value.

Another key aspect of our go-to-market motion is our channel partners. When our partners are involved, the average deal size is bigger and the close rates improve. Channel partners were engaged in 18 of our top 20 deals in Q4. Total contract value generated through our strategic go-to-market channel AWS marketplace, grew over 45% in FY '26 to approximately $750 million.

Moving on to our balance sheet and capital allocation. We had another strong quarter of cash flow in Q4 and ended the quarter with a very healthy balance sheet, consisting of over $2.5 billion in cash, cash equivalents and short-term investments. We continue to regularly evaluate Okta's capital allocation priorities to ensure we're well positioned to deliver sustainable long-term value to shareholders. Consistent with this focus, we announced a $1 billion share repurchase program in early January, taking advantage of what we believe to be an undervalued share price. Over the course of the remainder of January, we repurchased and retired over 875,000 shares for a total cost of $79 million.

We're proud to return value to our shareholders and are focused on capturing the clear opportunity in front of us. The investments Okta has been making to drive growth acceleration span all areas of our business. These disciplined areas remain investing in our go-to-market teams, relentless product innovation, further leveraging our channel partners and keeping Okta one of the most secure companies in the world. Our improved go-to-market execution, coupled with a healthy demand environment led us to begin adding quota-carrying sales capacity starting in Q2, and we continue to do so through the fourth quarter and now into the current Q1.

Now let's turn to our business outlook. Our guidance philosophy is unchanged as we continue to take a prudent approach to forward guidance that factors in current market conditions. For the first quarter of FY '27, we expect total revenue growth of 9%, current RPO growth of 10%, non-GAAP operating margin of 23% to 24% and free cash flow margin of 33% to 35%. For the full year FY '27, we expect total revenue growth of 9%, non-GAAP operating margin of 25% to 26% and a free cash flow margin of 27% to 28%.

I want to call out 3 important points pertaining to this guidance. First, reflected in the 9% FY '27 revenue guidance is about a 1 point impact related to a decision we made to shift more of our professional services business to our partners, specifically global system integrators. This change will result in lower professional services revenue. We believe this will lead to greater long-term benefits to fuel top line growth by deepening the relationship with these important partners and increasing our business with large enterprises.

The second point is that the FY '27 free cash flow margin guidance reflects about a 1 point headwind related to lower interest income relative to the combined impact from the stock repurchase program, our intent to settle the remainder of the 2026 notes in cash and the interest rate environment.

And finally, we've updated our non-GAAP tax rate assumption for Q1 and and FY '27 to 21% from 26% based on the recent changes to the federal tax laws.

To wrap things up, we're pleased with what we accomplished in FY '26 and are enthusiastic about the trends we're seeing in our business. The investments we're making are paying off and position Okta to extend its leadership in identity security. We've demonstrated exceptional leverage in our model and are positioned to deliver profitable growth for years to come.

With that, I'll turn it back to Dave for Q&A. Dave?

Thanks, Brett. I see there are already quite a few hands raised, and I'll take them in the order from the top of the hour -- through the top of the hour. And in the interest of time, please limit yourself to 1 question. And with that, we're going to go to Joe Gallo at Jefferies.

It was great to see the AI agent customer wins. Can you just talk more about pricing there? I wasn't sure if the 40% was referring to agentic. And then just any sense of when agentic will become meaningful to growth. Brett, I know you're really pragmatic. How should we think about what's reflected from agentic in your top line guide?

It's -- yes, the agentic products are really, really important to us. I'm not breaking any news there. Everyone knows this. But in Q4, it was really a story of all of our new products. The 30% of our new bookings were from new products. That's a very important strategic bucket of products we've been investing in for a long time. And then the agentic products are the newest bit of that. And they had an absolutely incredible quarter considering Okta for AI agents is not even generally available yet. And Auth0 for AI agents is just was generally available at the beginning of the quarter.

So talk to a huge start. Now the relative number is small compared to our $3 billion revenue run rate. But looking forward to next year, we're very, very excited about the potential of these products. What's happening is that every company is figuring out how they're going to absorb all this AI innovation, how they're going to build things themselves, how they're going to adopt SaaS innovation with agentic built in, how they're going to adopt all this change. And what you're seeing is the identity is becoming a critical infrastructural foundation for that. They have to have a system that can basically keep track of where all the agents are and who has agents and what kind of -- what can the agents do and what can they connect to, and that's what they're looking toward our products to do. So it's incredibly exciting.

But it's also the success of governance over 2,000 customers and our other new products set us up for a lot of, I think, success ahead. In terms of guidance, I'll let Brett talk about the specifics. But because the agentic products are so new, it's tough to pour too much into our assumptions about growth in terms of guidance, but I think those things could be a huge source of upside over and above the guidance in the years ahead.

Yes, Joe. I mean Todd nailed it right there, which is it's still fairly small at this point, but we are excited given the amount of demand that we're seeing. It's not just the amount of bookings that we did in Q4. It was -- it's also the pipeline we see that is out there for FY '27. And like Todd said, look, it's a $3 billion business. It takes a lot to move the needle in there. But we're not thinking about this as an opportunity just for FY '27. This is an opportunity to be accretive to growth for FY '28, '29. And we'll see the results. As you guys know, in current RPO first before we see it in revenue. So we are excited about it and I think it's a big opportunity for us. And you'll probably hear our bullish tone about it over the course of this call because of what we're seeing inside the business at this point.

Next up, we will go to Adam Borg at Stifel.

Awesome. Todd, maybe talk a little bit more about the go-to-market changes you're starting, you're doing this year, what you're seeing there and also on the international front. What's the opportunity to drive growth higher there and it still lags domestically?

Yes. I think the headline about go-to-market changes in Q4 and coming into Q1 is they're very limited. We have our go-to-market structure in place. We're very confident and comfortable with it. It's -- we're seeing productivity ramping. We're seeing attrition low. We're adding capacity. And if you just look at the plan for this year, we don't have the usual assumption about cost of change in the early quarters of this year, which is very exciting. We have a team that's psyched up and ready to go and they're armed with these new products, and they're organized by specialist domains across Auth0 and Okta and hunter and farmer, and they're ready to roll. And they're coming off a huge Q4 and they're excited.

And it's in -- and this partner is more qualitative, which is that what we can provide to the market and to customers is this infrastructural foundation for this agentic enterprise. And that's -- when a sales group of salespeople or salesperson goes out there and has that conversation with the customer and the customer clearly reflects back to them that this is a pressing urgent problem that they need help with and they see Okta as the entitled company to actually deliver that value, that's powerful. It's got everyone super excited, and now we just have to go out and deliver on it.

You got -- you don't get any points for conversations. You got to put wins on the board, and that's what we're focused on doing.

I think the transition coming into Q1 and this year, and we had our annual sales kickoff last year, our real focus is we delivered a strong year last year. We feel very strong about the results from Q4. We talked all throughout last year about how we were building specialization as the new lever. As Todd mentioned, our productivity has increased. Our rep attrition has decreased. So coming into this year, we are committed to that model, and we're not injecting a significant change.

With one area in particular, I do want to note, in addition to Todd's commentary, which is note Brett shared about our investments specifically in our channel and specifically in our relationships with global systems integrators. So the one significant change we have there is we very consciously chosen to better leverage our relationships with the global systems integrators because our customers need them more than ever for the change management associated with the transition to agentic, for the increase in cyber and the importance of securing identity for human, nonhuman and agentic. And so we're embracing that partnership.

Those partnerships have been very successful for us with some of our largest customers. and we're excited to be leaning into that this year as well, and you see that reflected in the guidance.

Yes. This is really exciting, and I'll just take a minute here to comment on this. What's happening in the market, there are some market forces going on, which is every customer, obviously, is interested in AI and agentic AI, and they're going to these GSIs and asking them about how to invest in the foundational elements and the security. And just like customers are coming to us, they're going to these GSIs and the GSIs see that we are the answer. We can help customers power this agentic enterprise and be the source of truth for identity and connections between agents and systems. And the GSIs see that is foundational as well. So the GSIs look at the identity market, and they see us as the clear independent and neutral leader. No one else has the scale. No one else has the capabilities. The other big identity companies are also trying to sell you a platform or to sell you a development kit or sell you other cyber tools.

So they're seeing we're the winner. So they're coming to us. And you're seeing a product suite that is more capable than ever that needs GSIs to help install it correctly and scale out of customers. So the GSIs can couple with the leader. They can help customers transition into this agentic future. So it's a win-win all around. What's left for us to do is really double down our investment by saying, hey, we're going to give up the professional services dollar as an investment to make this whole ecosystem bigger empower our long-term subscription growth. It's very exciting. I feel like we've been working on years and years to get here, and we're here, and it's incredibly exciting to me and the entire team.

Yes, we're really fired up. And just as one more indicator of the strength of that channel I mentioned we had our sales kick off last week. We had our GSIs in attendance that our sales kick off for the first time. And so our partners are really becoming part of our go-to-market engine. And their engagement was really high off the chart. So we're very excited about how this helps us reach more customers faster with the broader Okta platform solution.

Okay, we'll go to John DiFucci Gugen.

I think this question is for Todd and Eric. Again, listen, identity remains a high priority no matter when we speak to, right, IT purchasers, partners, so much so that others seem to be encroaching in the market even as Microsoft seems to have faded a little bit in conversations when you talk to people in the field, but you have names not usually associated with identity, like CrowdStrike and Rubrik talking about it or even things like One Password taking a different approach. I guess these names might not necessarily be competing with you directly. Is it causing confusion in the market? Or are more traditional names like Ping having a greater effect? Because, listen, you guys beat numbers, and it's always good to see that. But it wasn't quite what we thought it would be. And cRPO aside, the guide was a bit below where we thought you'd start and obviously, where the Street thought.

I think it is -- I mean the identity is at the center of traditionally -- in legacy technology, it was always at the center. And in this agentic world going forward, John, it's becoming clear to everyone it's even a bigger deal than it was before. But being at the center, there is some confusion about who's doing what. I think the biggest confusion people have is the distinction between identity infrastructure and identity security. And they hear the word identity, and they think if you're sitting on top of identity and detecting threats and blocking threats, you're also identity infrastructure. So that's one of the big confusions.

And when you look at the agentic market, they're both really important. It's the identity security, making sure the agents are monitored and checked that they can't go out of bounds but just the infrastructure, just the ability for the agents to connect and just for tracking and visibility, that's an infrastructure play. And we're the only company that really does both. It's at the security layer and the infrastructure layer. So I think that is maybe a little bit of a confusion and something that we're working hard to make sure everyone understands the advantage of that position as well.

Yes. And I would add. I think the examples you just described, they point to the fact that the world is understanding that identity security, in particular, agentic identity security is fundamental to the future. And so people are looking at how to invest there. But from an Okta standpoint, we're not seeing any material change in the competitive behavior in our transactions yet. Of course, we're keeping our eye on the landscape. And also, remember, we are -- we've been in this business for a really long time. And we have over 20,000 customers that count on us to protect their identity and over 7,000 integrations off the shelf. And we believe that neutrality and ability to integrate with everything is what our customers need. That's what we hear from our customers as well.

We think that positions us very well for the future. And the other note is agentic identity for us isn't a new product. It's an extension of the products we already have. We've already had human identities and nonhuman identities, and now we are simply expanding to also include agentic identities into our product stack.

So for us, we think we're very well positioned in this. We manage today over 45 billion authentication events a month and over -- we block over 8 billion threats a month as well. And those statistics are really meaningful to our customers. You know that we're the leader in the space.

One other comment for you, John. We're -- we'll try to keep them shorter on the next questions. I just want to make sure we're all on the same page around the mechanics of the revenue guide, which is it is a 10 point subscription revenue guide and a 9 point total revenue guide. So effectively, we're taking -- another way to think about it is professional services in FY '26 is roughly about 2% of total revenue. In FY '27, it will be about 1 point of revenue. So just keep that in mind because the subscription revenue is growing faster, and we talked about the investment while we're doing that earlier. I just want to make sure we're all crystal clear that subs revenue is growing faster than total revenue as a result of the good results we had in FY '26 and what we expect to produce in '27.

Yes. We don't want to disappoint anyone. We're going to make sure we work hard to exceed or -- meet or exceed the guidance. That's our mantra.

Okay. Next, we'll go to Josh Tilton at Wolfe.

Brett, you kind of stole my question right from me. I was going to be on that subscription guide. So maybe can you just -- I know you gave some of the puts and takes on the conservatism in the guide. But maybe just help us think about how conservative this guidance is versus the guidance you gave last year. And the reason I'm asking is because some quick math kind of suggests that this could be the year that subscription revenue growth accelerates. So maybe just walk us through some of the puts and takes there.

Yes. I mean it's real simple this year. We're not going to get into the details of this, that or the other. It's just we're taking into account market conditions we think we can produce. So guidance philosophy remains the same as what we've done in the last few quarters. So it's real simple. -- nothing too complicated.

Next, we'll go to Roger Boyd at UBS.

I wanted to come back to agentic and great to see the continued early traction there. I know it's early, but I wonder if you could provide any updated thoughts on how you're thinking about pricing in those products. I think in the past, you've talked about a per agent pricing model. How is that resonating with some of these early customers who are buying these offerings considering the potentially open-ended and rapid growth you could potentially see with agents?

That topic comes up all the time. And one of our advantages is as we have these conversations with our 20,000 customers, we get really rapid feedback on how we can capture value, what will be most valuable for them, easy for them to consume. So it's really a strategic advantage. We have this feedback loop, and we've actually structured the go-to-market team for AI agents to capture that feedback rapidly and feed it right back into the product teams.

And what we're seeing is that there's really 2 ways that we charge for agents. One is as like a multiplier on a person. So in the model where a human identity uses a number of agents to augment their work, there's a multiplier on that agent or on that -- what they pay for a person to what they pay for agents. And then also, there's -- if the agent is not coupled to a person, there's a -- we sell it based on the number of connections the agent makes because that's really the value. They want to secure those connections and filter on fine-grain access to all the back-end systems and the SaaS applications and the custom applications and data warehouses the agent connects to. As they get more -- the agent is more valuable as it has more fine-grain access to different things and it's more secure. So there's a multiple based on that.

The pricing we're working with these customers on is pretty early, so we're -- it's a nice step up. It's -- I mentioned earlier, by the way, I mentioned earlier, the 40% uplift. That was the uplift -- that specific number was the uplift on a specific deal that has new products in it. It wasn't broken out specifically for agents. We'll talk more about the actual specifics of agentic pricing in the quarters ahead, but we're not announcing that and talking about specific uplift or multiplier on human identities just as of yet, we want to settle down and get a little more consistent before we go broad and communicate that.

Next up, Matt Hedberg at RBC.

Todd, a question for you. I think we've all seen the highlights on competition from LLM vendors or vibe coding. And I think a lot of us on this call agree that like it's easier said than done. I guess from your perspective, when you look at what you've built over the years and the data that you're sitting on, can you talk about sort of the structural advantages that you see over maybe some upstarts or some vibe coding alternatives?

For sure, yes, something we -- the whole industry is thinking about. And I think what I've -- I can think about it hypothetically, and then I can tell you what customers talk about in my hundreds of conversations with customers. I'll just start with the hypothetical. I think if you want to build what any SaaS company has done or what Okta has done, it's years and years of hardening and making sure there's no vulnerabilities and making sure it scales and it's reliable. And it's -- if you -- I don't know what the inference cost to build that would be, but it would be pretty significant inference cost.

And then if you flip it around, you just think about what's the price of getting it wrong. And if getting it wrong, it's hard to validate. It's hard to prove you have it right. And if it's wrong, you have a major security breach or you're down. None of your agents or none of your people can access systems. So the cost of getting it wrong hypothetically and actually just the cost to do it theoretically, if it was even possible theoretically with an LLM or a tool would be pretty high. And that cost could change over time. We don't know.

But when I talk to customers, that's the hypothetical model. But when you talk to customers and you hear their challenges and their opportunities, they -- a lot of the same things are echoed. They want to identify key infrastructure pillars, and they want to standardize on them. And they see that as the unlock to hundreds of other decisions and hundreds of other build versus buy decisions they have to make. And they're putting foundational security, foundational identity in this bucket of things that they want to partner with a leader and trust it and go on top of that and figure everything else out. That's what they're telling me. And it kind of matches up with what I would think about hypothetically.

Now that all being said, we are paranoid, and we're making sure that we are using all the latest technologies, LLMs, coding tools to make sure we have not only something that's resilient and secure but has the best features and the best capabilities. And so we're making sure that we build things internally as fast as anyone could build them because we -- make no mistakes, the prize here that the whole industry is going after, which is this agentic future where digital labor is part of the TAM is a massive price. And everyone is, at some level, big picture is going to be going after this prize.

And it's exciting because it's greatly expanded the TAM of what Okta could be. Think about identity and what it's been in the past. It's roughly $20 billion TAM right now in terms of what people spend on the Vinda data we talk about an $80 billion TAM. I mean this could be bigger than -- this could be the biggest part of cyber in a few years for sure. And it could be even bigger than that if you really think about the infrastructure that stitches together the entire agentic enterprise and is the plumbing that makes it run.

So we're investing and we're paranoid, and we're working hard to make sure we capture that because the benefit to our customers and the benefit to our shareholders and the benefit to everyone involved is massive, and that's what's firing us up. We're working harder, and we're more excited than ever because that's what's at stake.

Next up is Todd Weller at Stephens.

A question on Auth0. It looks like growth decelerated a bit from 2Q when that was last disclosed. So the question is how do we think about the durable growth profile of that business relative to workforce. And then it would seem that AI could be a significant catalyst to accelerate that shift from the homegrown solutions to out of the box like Auth0. So any thoughts there would be great.

I think that it's -- we're very excited about Auth0. The think the deceleration a little bit is a tough compare. There's also -- we changed the go-to-market mix. Last year, as you know, to focus more on that, and there's probably some cost of change in that number as well. And those are maybe a little bit of puts and takes on it. I think we're bullish on it.

I think the big picture thing is what's happening in the CIAM. The CIAM market is transitioning to be not just a platform for logging in and doing authentication authorization, but it's a platform for customers building a agentic interfaces to their customers and to agents coming into their systems. So Auth0 for AI agents, that's what it is. It's a token vault. It helps agentic login. It helps customers hook other AI tools up to their customer login. And so I think over time, that's -- that market is evolving into something that's hugely impactful and value delivering for our customers.

I mentioned in my prepared remarks on the financial services firm that's using Auth0 for AI agents really to help deliver agents to their customers. And then you'll see those tools being used to deliver agent interfaces. And because like I think we talk about agentic, and I talked about agentic a lot of times on this call, but everything is going to be agentic. So the capability of software to do more things autonomously and seek goals and to do more unsupervised task is going to pervade into every layer of software, whether it's customer facing, whether it's employee facing, whether it's what an existing SaaS app does, whether it's the next generation of applications. It's all going to be agentic, and it all needs identity. And we're positioned to play in all of that, which is why it's so exciting.

And one thing I could add on around the tough compare that Todd was talking about, if you remember, Q4 of last year, Auth0 had a record quarter. And you guys know it was a really great quarter in general, but that's what's creating the tough compares, that Auth0 just had a fantastic Q4 last Q4.

Next up, we'll go to Brian Essex at JPMorgan.

Maybe to follow up on that topic. Just you've got Auth0, Todd, for AI agents and Okta for AI agents, and it seems like you've got a real competitive advantage on the Auth0 side. Could you maybe compare and contrast initial takes for sales cycles, competitive dynamics and velocity of each? I know it's still early stages, but is Okta for AI agents in a more competitive market? Or would love to just get your take on what kind of velocity you're seeing in each of those product segments.

Yes. I think it's maybe flipped. I think Okta for AI agents is more unique and more differentiated than maybe we would have expected. I think Auth0 for AI agents as unique and differentiated as well. But I think maybe the sentiment you're expressing is it's different than what we're seeing.

Customers need a solution that's pre-integrated to all these agentic systems. I mean there's no good way for customers to even understand what all these vendors are doing in agentic There's no catalog of systems that says Salesforce is doing this. ServiceNow is doing this. Agent Core is this. Google is doing this. Microsoft is doing this. And that's what Okta for AI agents does.

And then on top of that, it models connections and has policy for connections that connect users to different agents and agents to systems. So it's -- the reception of it is very positive, and now we have to turn that into continued momentum that we saw in Q4.

My customer conversations, I'm hearing urgency on both, but I would agree with Todd's comment that the -- we feel maybe slightly more urgency on the Okta for AI agent side. And if you think about that, the Okta for AI agents platform is the platform that helps customers find where they have rogue agents deployed. And that is often the top of mind, the top of mind for a corporate buyer for a CIO or a CISO is they know that employees are activating agents and they need a way to discover those agents and then to secure them, to manage them, to govern them to evolve their credentials and the Okta for AI agents platform solves that problem first.

But really, in parallel, we talked to a number of customers who are building agents and know that they need to build agents that can be discovered, they can be integrated, they can be authorized and the Auth0 for AI agents platform is what allows them to do that. So we said in the prior call and today as well, we are having a huge interest in both of these platforms across our customer base and with our prospective customers as well.

Go to Eric Heath at KeyBanc.

Maybe just extending on Brian's question and one follow-up question, clarification, if I may. So just on these AI agent deals that you are closing at this point, are customers evaluating alternatives at this point? Or are they solely just looking at Okta and choosing Okta? And then just a clarifying question for you, Brett. The uplift of 40% for the entirety of the emerging product portfolio, I believe previously, we were talking about OIG and OPA each being about a 33% uplift. So I was just a little surprised that the entirety of the portfolio on the emerging side is 40%. So any clarifying comments you could have there is great.

Yes. Before we break down the 40% on your first question, these are early adopters. But these are people that are thinking about for Okta for AI agents specifically, these are people that have seen the future of agentic and they're thinking about how they can get their foundational house in order. So they're early adopters. So they look at everything.

They've scoured every start-up, every big platform, and they're seeing a couple of things. One is that the vision of what we're delivering -- what we've delivered so far, even though it's an early access product and our vision of where it could be is very compelling. Two, they're seeing that they don't want to be -- they're reticent to trust a start-up with this critical piece of foundation because they know there's going to be M&A and they know there's going to be start-ups going away. There are so many startups playing in this space, that there's bound to be a lot of failure. And they don't want to build their whole foundation around something and have it be pulled out from under them.

And the other factor that is in their minds is that they don't want to be locked in. Think about -- what's happening in agentic and what's happening in this world, these foundational models are moving incredibly fast. And it's Anthropics foundational model that has the leap ahead, and then it's OpenAI. And then it's an open source model and then -- and that's going to continue for many years. And they don't want to be locked into a certain stack in a certain set of tools. So they're reticent to trust their foundational security with one provider, one platform. They want flexibility.

And back to the start-ups, they know that a bunch of these start-ups are going to be bought by the big players. So they're thinking, even if I go with a start-up now, it's going to get sold and then we'd be locked in to Microsoft and they don't really want that. So yes, it's -- our positioning is very compelling. And the exciting thing about Q4. I talked about last call, I said we had Oktane and everyone was super interested. And I've never seen interest in my life, in my career in a new product like this.

The great thing about Q4 is it actually translated into real dollars and real bookings. Now it's still small relative to our overall run rate, and it's up to us to continue that momentum through this year. And so it can really start driving the number on the top line and growth, et cetera. But we're on track. And it's like I said many times on this call, it's incredibly energizing.

Yes. And I would just add one thing to your comment, Todd, which is the deal size for these deals have been good-sized deals. They've been -- which is really nice to see because it has been more tilted toward larger companies. I think that's a general theme that we've seen at least in Q4, and we're seeing a little bit in the pipeline going forward. So going to your question, Eric, around the 50 -- the 40% versus the 33-ish, going to be very clear. Previously, we said there was a 50% uplift on governance of a workforce contract alone. The 40% is over the entire contract. So yes, the number was higher for 50%, but it was only a part of the business, the 59% of the business. If you take all 100%, it's a 40% uplift on the entire thing, which really shows that these new products are adding a tremendous amount of value to the top line for us, and that's why we're so excited about it.

Next, we'll go to Shrenik Kothari at Baird.

Great. So stay on topic of agentic. And Todd, you mentioned nonhuman identities could ultimately rival today, you mentioned can exceed. And just from a pricing standpoint, I agree it's still early to size, but incidents like the Salesloft breach or those compromised tokens, enable lateral access across SaaS. Can you tell us a little bit about like does this expand the nonhuman identity TAM beyond your early estimates and just overall strengthens your strategic positioning to lead this agentic category?

I think when I talk about agentic and being the identity foundation for the agentic enterprise, that really is a superset of what people call nonhuman. Nonhuman is like service accounts and sometimes they mean tracking machines. What I'm talking about is much bigger. It's a superset of all that stuff. And it's really -- it's going to -- it's the backbone of the agentic enterprise. It's incredibly valuable and mission-critical for our customers. And it's a massive TAM.

Anytime you're adding that much value to customers, you're going to be able to monetize it some way, whether that's just unique count of agents or that's agent connections that -- which is kind of how we're doing it now, whether that's -- that will evolve as we go forward. We'll figure that out. But it's the value we're potentially could generate or could provide to customers, is it's, I think, greatly increasing the TAM.

Great. Next, we'll go to Gray Powell at BTIG.

Great. Can you hear me, okay?

Yes, loud and clear, Greg.

Congratulations on the results. So I wanted to clarify an earlier question. So this is the third consecutive quarter where all the main KPIs have been clean. And then the forward revenue outlook, as far as I can tell, it was above the Street, not below. So I guess if you just -- if you had to point to 1 or 2 things that have been the biggest driver of your consistency, what would that be?

Large, large deals, large customers.

Okay. And then the follow-up would just be like how do you feel about your visibility on demand today versus 6 to 12 months ago?

The answer, like I said, large deals, large customers, people buying more of the products, more of the platform. And I feel more confident in it than I was a year ago. I was pretty confident a year ago, but we had a lot of change in specialization, and I think there was some cost of change there, and we had that in our guidance. And now that's not there anymore. So I'm more confident now.

Yes, I would just add -- I would add just, look, we've been focused on a few things for a while now, which is becoming one of the world's most secure companies, doing a good job there. New product introduction, you've seen the results there. Partners, you've heard us talk about it today and also in the remarks earlier. And then specialization. And all those things have been in this effort to continue to deliver consistent results and ultimately with the goal of growing faster than what we're doing today.

That's our goal. We think it's -- we've stated many, many times that we are not pleased with the growth levels at this level. we want to be able to grow faster, and that's why we're doing all these things and why we're excited about the opportunity because we see all of the fruits of our labor starting to pile up and produce solid results, and we think that's just going to parlay into better results going forward.

Next up is Kingsley Crane at Canaccord.

On agentic again, I don't think it's controversial to say that Auth at an OIDC weren't were originally designed for agentic across app access is a huge...

You know what they're designed for, right? You know what they are designed for, right? It was like sharing your Twitter feed, getting a third-party Twitter client access your Twitter.

Right. So yes, I mean, people centric, but I mean it seems like you're fighting a standards war as much as you are fighting a product war. Do you think that's fair? And then how critical is it for you to win that war? Or is the market sufficiently large where that doesn't matter?

I think standards are very important. I'm not sure that our standard has to win. I think we -- there really is nothing like cross app boxes out there. So I think in terms of like the ability for one agent to -- instead of asking a person to manually connect other services to that agent to delegate that to an enterprise IDP and let the IDP, ahead of time, set up that thing for per enterprise policy. There's nothing else like it. And it's like very universally accepted as a positive goal.

I think the the gate on how fast that will be adopted is every SaaS company and every technology vendor, they have, believe me, they're reading the headlines. They understand that they need to innovate in their products, and they're thinking about where supporting cross-app access is on their road map of priorities. So that's -- they're all trying to do a ton of things and make their services more agentic and more compelling and in security and the ability to have them be more enterprise-ready is on their list. But we have to convince them to get it higher on their list.

So it's not like a competing standard as is like a prioritization thing. But remember, we are -- we want to provide this identity infrastructure and make sure that we give people the solid foundation to build upon. And that's going to require standardization just because it's not going to -- you can't use a standard piece of foundation if everyone is doing their own things in a different way, which is why we're working with standards bodies in general. It's not just across boxes, but it's an important part of the equation. But I wouldn't say like the whole war rests on one specific standards body or standards battle. I think it will be an evolutionary thing over the next couple of years.

Great. Next up is Mike Cikos at Needham.

Great. Congrats on the strong finish and consistent execution here. On the Okta and Auth0 for AI agents, if I could just turn it on its head for a second, but do you receive pushback from organizations? Or what are some of the friction points you're here to adopt? And then secondly, I know you guys are obviously focused on this and investing aggressively. But what are current gating factors to driving faster success from an Okta operation standpoint?

I think it's specifically on agentic. I think it's really how fast companies are going to adopt AI, how fast they're going to -- most people are -- have chatbots now and copilots or things like that. I think the next wave is actually the autonomous goal-seeking agents. And there are some of those in the packaged applications, Agent Force and ServiceNow has some of them. Many companies are building their own internal platform to build these themselves. Some of them are using Google's Builder platform, Microsoft's or Agent Core from Amazon. But I think -- so I think the pace of adoption here, particularly on the foundational layer we're building is how fast they adopt agentic and then specifically, how much that means putting the cross-platform plumbing in that is required when you want to take an agent from one platform and have it work across platforms.

So I think it's -- they have a lot coming at them. They're trying to absorb innovation in different products. They're trying to figure out what they build. They're trying to figure out what they buy. And so I think our job is to make sure that they understand the foundation almonds what we do and how well it integrates and how seamless it is and how it gives them choice and flexibility, and the success we've had has followed that playbook. And so that's really something we'll keep doing so we catalyze a lot more momentum going forward.

There's no like -- a better -- sorry, I'm being a little rambly in my answer, but there's no -- we still don't have the reference architecture. There's no -- 1 million years ago, it was like you had a database, relational database and you had client server, and then it went to -- there's a reference architecture. You had cloud infrastructure and you had web middleware. There's -- that still hasn't been established for the agentic enterprise. But it will happen quickly. It's like you use this flexible LLM model. You use this identity layer. You use this maybe workflow layer. And so once that happens, everyone will kind of agree on that, and then you'll see it really start to crank. And that's why the stakes are so high to win this identity layer now, which could turn into the biggest market for us ever.

All right. Next up, we'll go to Rob Owens at Piper.

Would love to unpack the growth algorithm a little bit and focus on DBNRR. And it's been flat all year and I guess it's a little surprising. We think that you're through the headwinds of COVID as those have kind of anniversaried on a multiyear cycle. And the last couple of years have been really strong from a new product standpoint. I realize that retention rates are typically an output, not an input to a degree, and you're landing larger and that's all great. But as we've seen growth continually tick down, we just haven't seen improvement in this metric. And just curious why that's the case and when that might change.

Yes, I can take that one and then, Eric, if you want to add a little color. So one of the things that has been consistent has been that gross retention, Rob, it's the most important factor in there. That has been consistent and just a pillar or a foundation to that number for some time now -- actually several, several years. Just the upsell rate that we haven't seen as much to really keep it higher, right? And we think for the balance of FY '27, we do travel in this range, plus or minus a little bit. And what it's going to boil down to is how much new business do we do in the year and how much upsell do we do in the year because we've got confidence that, that pillar of strength, that gross retention will continue to be very healthy. So it really boils down to how much upsell versus new business we can generate in FY '27.

And that's one of the reasons why we have added this capacity into the system because regardless if you're looking at net retention, ultimately, what we really care about is that top line revenue growth number or really current RPO growth in front of that. In any given year, there's really only 2 variables that we can play with. One is the productivity per rep, which we -- which you've heard us talk about over the last several quarters of getting better and better. Actually, we talked about it in FY '25 as well. Good productivity improvement in '25. '26 was a good improvement enough to say, "Hey, let's add some more reps into the formula." So then that's the second piece of the formula, right? There's productive for rep and then how many reps do you have in there. And we've added a meaningful amount of reps into the system. You can see that in the sales and marketing expense line. I'd invite you to look at the year-over-year growth of Q2, Q3, Q4. That is going to lead to growth or at least our expect -- we expect to lead that to growth in the future.

So it's all part of a bigger plan there, Rob, to try to be able to accelerate top line growth, not just NRR. I mean we can talk about NRR, but it's not as exciting as really that top line current RPO growth that we're really targeting to go faster in the medium term. That's something we've talked to you guys about. We want to be faster than where we are.

Yes, the other -- the last thing I'll say on this is better understanding, Rob, is the RPO is growing faster than the cRPO, which means term lengths are getting longer, which means there's less to renew every year at an at-bat basis relatively speaking, which is another positive thing that's going to drive potential upside here.

Okay. We've got about 3 minutes left, so let's try to get through as many as possible. Next up, we have Peter Levin at Evercore.

I'll just give a quick. Most of my questions have been answered. Brett, the linearity around professional services, maybe just from a modeling perspective, help us understand how that plays out throughout the year? Is it more of an impact in the second half as partners ramp up on this new program? Just help us understand how we should model that out.

Should be a little bit more impact as the year goes on. That is correct, yes. That's about right.

We'll go to Patrick Colville at Scotiabank.

All right. I guess my one is for both Brett and Todd, please. In the prepared remarks, you talked of fiscal '27 the focus is on prioritizing growth. If I look at the fiscal '27 op margin guide, it's 25%, which is a great number. It's the same as the guide provided this time last year. So I guess just between the prepared remark comments and that guide, should the read be for us and investors that staying disciplined on cost, but it's all about pouring kerosene in the fire and capturing that TAM?

It is the latter of the 2. So we want to be disciplined, and we feel the margins are very healthy at this point. We've made tremendous progress over the last 3 years, and we've been able to reinvest into growth-oriented activities.

Just take a look at the results in '26, what I just said a couple of minutes ago, which is look at the growth in sales and marketing line in Q2, Q3 and Q4, and compare it to some of the other lines like G&A. We're trying to basically take money from one place and put it in another place so we can grow faster, whether it be in R&D or sales and marketing, that's ultimately our goal while still producing very healthy margins, but the goal is to grow faster.

Like we think the opportunity is there. You've heard it from us as a group today, and that's what we're going to continue to do, but also be keeping in mind we have very healthy margins, and we want to take a balanced approach.

Yes. It's a structurally more efficient and capable company than it was 3 years ago. So I think you'll see that going forward where we can balance things in a very strategic way that accomplishes both those goals.

We're fortunate to have the flexibility to be able to make these. We have a very good business model. That's something we're quite proud of, frankly.

Okay. We'll take the last question from Junaid at Truist.

Great. The sweet based pricing that you introduced over the past year, how has the reception been from customers? And is that contributing to these large deal sizes you were alluding to and helping drive broader platform adoption?

Yes. The sweet based pricing continues to resonate with customers. It does, in particular, help with larger transactions and larger customers. And the other thing it does is it helps us close those deals faster because customers can sign up and then determine where to allocate individual licenses over time. So it continues to resonate.

It's still a relatively early offer for us, so it's not yet a significant contributor to the run rate, as we talked about earlier, but customers have been very pleased with the offering and our field has as well. So we expect to continue success there this year.

All right. Appreciate that, guys. Apologies to those we didn't get to. And before we go, I just want to let you know that in addition to both on-site and virtual bus tours this quarter, we'll be attending the Morgan Stanley Conference in San Francisco tomorrow and also the Wells Fargo Software Symposium in Menlo Park on April 9. And we hope to see you at one of those events. Thanks.

Thanks, everyone.

Terrific. Thanks to everyone for joining Needham's Annual Growth Conference. I'm Mike Cikos, lead analyst here covering Cybersecurity and Infrastructure Software. And with me, I'm pleased to host Okta's Executive VP of CorpDev, Monty Gray; and Investor Relations, David Anhalt. Just for a few logistics, I plan to host a fireside chat with Monty and David here, but at any time if the audience has a question, feel free to send it through the Q&A function or via e-mail. You can reach me at [email protected]. I'll do my best to tackle the questions and subject matter while we have Monty and David here.

With that, Monty and David, thank you very much for joining us. We really do appreciate it.

No, welcome. Thank you.

Just to start, maybe for Monty for folks that may not have had the opportunity to engage with you before. Can you just do a quick overview of your role at the firm? And then also just double questions here for anyone who's either new to the story or revisiting the story, just a quick overview of who and what Okta is as far as customer value prop.

Sure. No, I appreciate it. So thanks again for having us over here, looking forward to the conversation. Monty Gray, I've been with Okta for about 7 years now. My role, responsible for corporate development covers a broad spectrum of things, anything from company strategy to M&A, technology partnerships, getting involved in some cross-functional initiatives that we might have that don't sit within a given silo. So it's a good role, I get to see things that are a couple of horizons out and things are happening immediately today. So it's pretty fun from that perspective.

To answer your question, what is Okta doing or our customer value proposition. The best way to think about us is we are the largest independent neutral identity vendor in the space today in the market? And what does that mean, right? And we'll get into it, I'm sure with some of these conversations. It's really about enabling organizations to adopt the technologies that they want to adopt, and that's part of our -- that's our tagline as a company to safely adopt any -- to enable a company to safely adopt any technology. And then also just securely do that as well. So security is a big part of what we do. And I'm sure we'll have plenty of time to get into what that means.

Okay. Excellent. Big picture question first. And I know the identity market has been around for a while now. But historically been viewed through different lenses, segments, if you will, whether it's IM, IGA, PAM, the cybersecurity industry loves acronyms. But there's always been a view that these swim lanes are or should converge which seems to be playing out here over the last 12 to 18 months. And so with where we are today and the convergence of what have historically been viewed as separate swim lanes, like -- the question that we often receive from investors is just the why now? Like why has this moment come to fruition today versus where we were 3, 5 years ago, et cetera?

Yes. And I think there's -- the best way to approach that question I think is to understand a little bit of the history of identity, right? The first iteration of identity would be thinking of identity is an enablement function. You're enabling the adoption of a certain piece of technology within the enterprise. And that -- if you go back 10, 15 years, that was really what was happening. You want to deploy Workday to the cloud. You want to deploy Salesforce to the cloud or some other systems of record to the cloud you quickly realize I needed an identity system to help me provision that, put users into that system to not only do for that system, but other systems I'm doing. So there's a big enablement phase that was happening within the industry.

Then that quickly maturated into a security phase, which is, okay, great. I have only users who have access to all the systems that I have now deployed within the organization, including my e-mail system, for example, how do I actually start to secure those? And then you start to get into the other acronyms, right? Whether it's IGA, which is governance, right? How do I provide governance meaning establishing the right entitlements, doing the right reporting to make sure people write -- that people have access to what they're supposed to have access to. The life cycle management, meaning if a company joins a company -- an employee joins a company through their different roles and responsibilities to lead the company, do the right access through that whole life cycle. That's what governance really encompasses.

And then privileged access management is as the name implies, is can I lock down those resources, resources meaning systems or applications that are of high value. So it could be an administrative function with any given area, it could be a critical piece of your infrastructure. And can the user have the right access at the right moment in time to actually do what they're supposed to do in those systems in an appropriate manner.

So a lot of complexity came with that, right, in that first phase. And what we're seeing now is like with a lot more security awareness, coupled with adoption to the cloud, people are saying, okay, this is great, but we would love to actually have this a little bit more simpler to have one system doing this versus multiple systems where you can actually have some gaps, have some leakage in terms of policies and access.

The main driver for that, candidly, is probably just adopting the cloud and having a cloud identity system be prevalent and be adopted within the organization. That enables companies to actually say, okay, great, I have a cloud identity system. I now want a cloud Privileged Access Management system, Cloud PAM system and a cloud governance system we're now seeing that convergence actually happen in real time, and that's what we've been investing in over the past couple of years.

Excellent. So that sets the table then you obviously have these offerings on the market today. How would you describe recent traction for your privileged access or Okta governance offerings? Where are we in terms of product maturity or even how the ecosystem, whether it's your own sellers or partners going out and rallying around these products to then go sell on behalf of you do to your customer base?

Yes. Yes. So as we mentioned in our call, and we've stated publicly, you've heard the comments from Todd and Brett, we've done extremely well with our governance -- there was a sequencing here, right? The first was identity management, which was a single sign-on, multifactor authentication, getting the directory into the cloud, governance was the next one that came on top of the next use case for us, the next product, which we call IGA, Identity Governance and Administration.

So our IGA product is doing exceptionally well. It's been in the market for a couple of years. It's been a material part of our new product contribution as a company. We're very pleased with that. That's been a really good cross-sell opportunity for us into our installed base of 20,000 customers. Right behind that would be Privileged Access. Privileged Access is probably -- in terms of maturity, in terms of nuance and deployment, it's behind the governance one, but we're very excited about how those two are now -- have gone from development to actually having meaningful contribution to our business going forward.

Great. And this is more like a procedural line of question here, but I was just trying to think through the sales organization itself, can you walk through how it's structurally built to cross-sell these newer offerings that you guys have to the customer base? And then secondarily, like when a customer gives you guys the green light and says, "Hey, we're on board, we're going to adopt what is required for that deployment on the customer's part from like a readiness standpoint?

Yes. So from a customer standpoint, it's really about -- the complexity lies in their environments. Is environment a hybrid environment, meaning is it cloud-based? Is it on-prem? And if you take a step back, what resources are being covered, right? When I talk about resources, I'm referring to the applications and organization applications, infrastructure, as well as databases, for example. There's a whole spectrum of resources. So there's a complexity of the customers' environment. That's one consideration.

The second consideration would be just their readiness from understanding -- think of all the change management aspects that come along with it, which is do they have a good grasp on the policies, entitlements, what they would like that to look like against their infrastructure? And that's where our partners can help, and that's where we -- there's really just kind of this maturity and readiness that we look at from our customers when they're looking to deploy.

And we've seen customers -- because we're cloud -- so the onus is less on the technology deployment itself, it's more on the change management and more on understanding what they want from the business output standpoint. Because of that, we're seeing deployments today that are in the cloud have been measured in weeks and months versus quarters, even years before when it was more like a heavy on-prem deployment. So we're seeing time to value happen much quicker. But it's really about is the customer -- have they gone through that maturity cycle of understanding what they want to do when it comes to best practice within their given environment?

Excellent. And just a cycle and -- I know I'm just asking too many questions at once.

No, this is great.

But for the sales force, can you talk about how they're structured to then go out? Like, is it Mike Cikos is selling the entire portfolio, can you talk through how we're getting that cross-sell?

Yes, we have -- and we specialize our sales force. This is something we've evolved our sales force over the past couple of years, depending on -- reacting to the complexity of our portfolio, reacting to the buying mechanics of our customers. And there's certain specialization that happens in verticals, for example, public sector, that's one. Another would be within certain segments, we have a traditional hunter-farmer model where it's like new business acquisition versus understanding what they have and then cross-selling across that. Specific to governance and privilege on top of identity, access management.

Governance is a natural. What we've observed, it's a natural cross-sell. So the same seller can actually do -- can both look at the identity suite and then also cross-sell governance on top of that, it's a natural extension of it. Privilege can be a little bit more nuanced depending on the environment. At that point, you're probably talking a little bit about resource coverage, meaning Kubernetes cluster or database, something else. And so we do have some specialists that actually support with that as well.

With the -- and sorry, just on that latter point, when thinking about the PAM or the Privileged Access offering, is that tapping into a different persona necessarily or no? Just to be clear on that one. Because it sounds...

This is what I mean by that. Because you can find some customers have matured and centralized their identity department. In that case, it's the same customer, right? If they're more sophisticated - and we like these customers who've gone through this maturation of different departments deploying different identity systems and then maturing into saying, "Hey, I have to rationalize this system." There's -- we're starting to see ourselves, even ourselves as like customer zero, as Okta as a company, we have one organization that covers all different identity use cases for us. We're seeing our largest customers actually do that. And that's a great way for us to have a single conversation with them, elevate the value proposition. And they get the single control plane narrative that happens there.

Some other customers might be localized, Privileged might be localized to DevOps department, for example, right, where they might have the keys, the privileged access keys to a piece of cloud infrastructure that they're working on, okay? That's -- and that's a different department you might sell and target to, but they're still heavily influenced by the centralized identity department within the organization. So in that case, it becomes a classic who owns the budget, who's the champion, who's the user, and we're able to navigate those complexities as well.

Excellent. Okay. One thing I didn't want to leave on the table there, but if we shift gears for a second in the interest of talking about the breadth of the offering you have. First, congratulations on the news earlier this week regarding the $1 billion authorization repurchase program. I think the company did a good job of expressing "Hey, in no way does this take away from our ability to invest in the future growth, whether that's organic or inorganic." Maybe on the element of tuck-in M&A, as you sit here today, can you just talk about where the portfolio is? Are there areas that look like they need incremental investment or where you'd like to see further maturation of the offerings? And does any -- just given industry dynamics, does large-scale M&A in any capacity make sense from where we sit?

Yes. So I think the best way to frame the M&A conversation is if you look at our -- is to articulate what the product approach is, right? And the best way to do that is we -- our approach today is to look at how do we cover as many users as possible within the organization. Let's start there. How many users? The users, historically, identity has been the knowledge of worker addressing a governed SaaS application within the enterprise. That was kind of like a Cloud Identity 1.0.

Today, we're looking at the different types of users. Users could be contingent labor. It could be a knowledge worker. It could be a retail, a deskless worker that could be in retail or a factory or somewhere else, right? So the user part of it is we're getting broader into [indiscernible].

Another one, which we haven't really touched upon, which I'm sure we'll get to, is agents. Agents are a different user type within the organization. So agents are another user type. Okay, great. So we have all the different -- we have a spectrum of users that we're looking to address with an identity system.

Okay. So what are they doing? Now we have them accessing different resources. You heard me talk about resources before. Resources historically were a SaaS application, a governed SaaS application. Now that's spread to cloud infrastructure, even on-prem systems, to a certain extent for access. Then you get into databases, Kubernetes, et cetera, et cetera. So the resource is getting broader and broader. The user types are getting broader and broader.

And once we actually have all that connectivity within the platform, we have the different use cases. The initial use case was one of access. Access would be single sign-on. You had a multifactor authentication, which is a security use case on top of it, you have life cycle management. You talked about governance, so IGA or identity governance and you have Privileged Access Management. So we had these different use cases that kind of hung off that single platform addressing all users, all resource types, different use cases across it.

So when I think about tuck-in acquisitions, especially the ones -- Axiom is the most recent one that we announced publicly. That one would be an example of, "Hey, let's get more resource coverage and let's get some different capabilities to go with the resource coverage." So we've got database resource coverage with Axiom. We were able to get some more just-in-time functionality to support the use case for privileged access in that as well. And so we -- to answer your question, with that picture, we see ourselves like being very deliberate about. We have a road map across more resource coverage. We have a road map for more use case coverage. If there's a way that M&A will accelerate that, we'll pursue that, right? And that's kind of been our approach so far.

As far as large-scale M&A, I think it's something we're always looking at, something we're aware of, but we don't feel like we have to do that right now. I think the going back to the buyback comment, that gives us a lot of flexibility with our capital structure. It gives us -- I think it demonstrates a lot of confidence in where we think the stock can go as well. So those are all the different inputs we're looking at. We spend a lot of time looking at the road map. We spend a lot time looking at the market and who's out there. And if there's a good fit, we'll pursue it.

Excellent. And just on Axiom, since you had mentioned it as well, smaller -- it's a tuck-in, right? It's not heavily influencing your revenue by any means. But I just wanted to see, can we get a quick update as far as how the integration has gone thus far? Is that in the rearview mirror at this point? Or is there still more to do?

No -- so the integrated is a small team, we're in the technology integration portion of that right now, and we expect to actually have something in early H1 out to market with that as part of our PAM offering.

Excellent. It's funny. I know before we started, I said I was going to bother David, but you thrown out there Agentic. And I think that's the meat of the conversation for Okta that a lot of people are tuned in for.

Let's start with like, again, just zoom out for a second. When we were talking about these identities swim lanes converging, before we even get into Agentic, but you had cited cloud and we moved to cloud. And one of the things that I know Okta prides itself on is it's cloud neutrality. So if we could talk about cloud neutrality, how that is a competitive advantage in your eyes versus other competitors out there. And then we could start to weave that into the Agentic conversation.

Sure. I think it's been a core tenet. Okta was founded on the core tenet of being neutral and independent from any application silo. Throughout the past 10 to 15 years, we've seen different maturations of that narrative where historically, there are application silos where there's a large -- pick an application company, SAP, Oracle, even Salesforce to some extent, they have their own identity embedded into their respective silos. As soon as you support best-of-breed, that breaks down, then you start to see the large cloud hypervisor platforms, AWS, Google, Azure, and their respective offerings. So that also brought a need for some more neutrality across all that. So the environment has got more complex. It's kind of like headline narrative there.

And I think with -- that's proven true for us. I think our business has demonstrated that's proven true, where being neutral has benefited us in terms of that adoption curve I mentioned earlier from identity. The adoption curve was one that we wrote in terms of best-of-breed supporting it. And just to give you a data point or anecdote for that, our largest integration is Office 365. So that shows customers that are adopting Office 365 for the productivity work for the productivity suite are now looking at us to actually help support that plus other cloud offerings within the organization. So that's kind of an interesting point that's been out there for a while.

When it comes to Agentic AI, we see that as being accelerant to a lot of these trends, right? Agentic AI is something where, to do it effectively, the same things are happening, the same trends are happening. You have agents that are within application stack. You have agents that are now orchestrating across multiple stacks. You have agents that are going to be independent of a given stack. And with that principle, it's the same thing that happened a decade ago with identity, with users and the best-of-breed happening.

Agents are now jumping on to the same environment and trying to actually provide the right value to the customers and use cases are covering. You need to have a neutral and independent identity vendor positioned to support the agents so they can actually deliver on the promise they have of providing that value beyond just like a given application stack. So we see that playing out over again. We've seen this before. We feel we're well positioned for the adoption and secure -- in securing agents. These are, at a core principle, very similar to what we've seen before.

Excellent. Yes, it's extremely topical. I think there was a Palo Alto report I was reading in the last -- maybe a couple of weeks that cited nonhuman identities, i.e., agents or however you want to interpret that versus human identities is now somewhere around 82:1 based on the number of surveyed organizations. And so when you hear that number, there's a bit of like a shock. And I'm trying to get a sense, especially as these agents increasingly feel like we're at the precipice of going into production environments. What is the awareness level among CISOs? Like is this still on the come and there needs to be some evangelism on your part? Or are we like in, "Hey, hit the panic button, we need to lock this down at ASAP"?

Yes. I would say awareness is high today, right? And it's not -- the surprising or interesting thing is the awareness part of it is not localized to a given segment or vertical. Historically, you would think whenever a new technology trend happens, oh it's the tech vertical that's adopting them first. We're seeing this across the board. And it's hard to pinpoint like one. I think the common thread would just be whoever is mature and sophisticated in their business processes are looking to gain adoption of agents.

I mentioned the curves earlier. I mentioned there was this enablement curve that identity supported, then the security curve that happened. We're seeing those two curves converge pretty quickly when it comes to agents, right? I think there's a lot of CISO awareness and anxiety around how do they adopt these things securely. And that's been informed by the prior curve of like users doing identity in the cloud and then having to do security use cases around those identities, I think CISOs are looking at that and saying, "Okay, we went through that adoption curve."

Now with agents, they're having -- they're realizing, "Okay, this can actually happen at a scale" -- you mentioned 82:1, let's just use that ratio, 82:1 scale. So the problem statements of all the basic principles of deploying, access, privilege, governance, all those things still stands -- are still there, but at a much rapid and -- pace. And so we're definitely seeing the heightened awareness and there's some anxiety around like the conversations we're having with customers coming to us is help me secure these agents so I can adopt these within the enterprise.

And they want to get in front of it. They don't want to have the shadow agents kind of running around the system because what happens in that case is you have -- what I mean by shadow agent, it would be an agent that's not governed by an identity system, you then basically -- what's happening there, you're basically giving an agent an overprivileged account. You're basically giving him a super user account to a given system and saying, "Go do some work." That's a huge gap, security gap that exists in the organization versus he has to work with identity systems. So the right access, the right policies, the right entitlements, the right reporting is all in place. So an agent can go access the system and do in a way that's compliant and secure by default. So we spend a lot of time in those conversations. They're coming to us. They're much more informed conversations coming to us versus us having to evangelize. So it's very interesting. It's a super interesting time right now.

Excellent. And one other thing that I wanted to come to as well, like -- I know that you guys have had active engagements. You're probably actively building up that role with some customer testimonials. Would it be possible for you to kind of walk through a specific customer as far as what that rollout looks like? Because I imagine it almost feels -- and I don't want to say anything bad about like more traditional human identities, right? But it feels like with how nascent Agentic AI is, people would be almost inherently turning to you for guidance as far as what is next from an RFP standpoint. And you almost need to invest ahead of the curve and then bring customers along to make sure that they understand how to lock this down, does that make sense?

Yes. So we -- an example would be we would have -- a financial services firm came to us and said, "We would love to use agents to talk to our customers, but we want to make sure those agents" -- they're funding the customers so the customers can actually talk to an agent, but the agent is going to have the customer information and want to be able to -- and that's obviously sensitive information in a governed environment. Can they then access the right systems within the financial services firm in the right compliant manner, so they can actually do a response back to the customer. It's a very simple kind of workflow, but if you think about how an agent customer-facing agent can scale, that's one where they're looking and saying, how can you help us do this in a compliant manner, where we just don't have an overprivileged agent looking at data that you should not be looking at but rather something specific for the given customer.

So as I mentioned earlier today, or I just mentioned, all the basic primitives still apply. How -- does this -- what this user or this customer is supposed to have access to? My agent talking to a customer, what access am I supposed to have this show. Can I report upon that? This is in a governed environment and can I report upon that in the regulated environment so that I actually know that that's actually true. You need to actually have an identity system in the middle to actually have that work.

And so we actually -- before there was a person taking the call or a person taking the e-mail or the request and then doing it on behalf and like that was fine. But now once you start to automate that process, you want to make sure that's still covered by identity systems. So that's just one example. I think it is a very simple example. But those are the type of things that we're seeing customers come to us and say, we want -- and again, this is a not tech company, a company regulated environment that's looking to adopt this technology so they can be better and more effective at their business with their customers, right? And they're looking at us to help them do that.

Excellent And just on the most recent earnings call as well. I know Todd had cited something like north of 100 existing customers have already reached out to you guys on this point specifically with Okta for AI agents, north of $200 million in ARR. These are substantial customers as far as the conversation to you guys. And -- can you just walk through -- I know you have a couple of different revenue-generating products out there today on the Agentic AI front. But have we solved for monetization at this point just because when we're starting to talk about these kinds of ratios in that scale,one, the scale in itself, I think, presents headwinds to the maybe newer entrants trying to crack the code. But secondly, what are customers willing to summit just because you think about the volume of agents that might be coming online?

Yes. So I think it's important to really take our position. We haven't really spoken about Auth0 that much and Auth0 is part of the story for us right now, right? Auth0 is another part of our business, which is where -- let me just start with a description of Auth0 and then I'll get to kind of the agent aspect of it. Auth0 is as a part of a business where if you want to build an application and you need identity for that application, Auth0 has a developer motion, a set of developer tools and SDKs so you can build identity into your application. They also -- Auth0 sits on the B2C side of it. So if you're a brand or a large institution that has a customer-facing part of your business, Auth0 can power that experience. So the users in that case will be your customers interacting with your brand. That's kind of the Auth0 business in a nutshell.

Specific to agents, we actually have -- think of us as having kind of two offerings, two different buckets. One bucket would be on the build side. So if you're building an agent, whether it's an agent as a -- which is your business like a SaaS company or if you're an agent within an internal company, you want to build an agent to do customers' success, for example, use that example. We have Auth0 for Agentic AI, that's one bucket. The other would be what we've described earlier in this conversation on the Okta side, so Okta for AI agents. That's how do you manage the agents within your enterprise, within you organization.

And what we're seeing is an interesting dynamic play out where some companies are adopting both. And they're adopting both because they want to build agents themselves internally, like their internal IT departments or internal developers are building agents to solve internal use cases they have. And then they also want to manage those with Okta. So we sit on both sides of that equation and there's a lot of benefit of building with Auth0 because you get a lot of adoption of some standards that we've been pushing out there in the market that just work natively with the Okta side of it. So if we build with Auth0, it's going to work natively with Okta and there's a really nice, tight story that fits there.

So our agent -- again, so our agent product offerings. Those are two things that we're monetizing now, very early. We just announced those. And they sit on both sides, the build side of it and the managed side of it within the organization.

Maybe just a last question on the Agentic AI identity market that is fast growing here. But -- when you guys are speaking with your existing customers, are you bumping up against different companies versus who you've historically competed with? Or who are some of the more -- the noisier competitors when you're bringing this to your customer base?

I think you bump into -- for agents specifically?

Yes.

Yes. I think for agents, it's existing competitors. You also run into -- I mentioned earlier, like if the agent is stuck to a specific application silo, it's like, "Well, why do I have to manage that, if it's within application silo?" And as soon as you -- this is the exact same conversation that we would have with identity prior, which is like, "I have my identity within this application, why do I need an independent identity?" And that conversation quickly falls down as soon as you say, "Well, that agent is going to access something that's outside of it." say "Okay, now we get it", right?

But if you have an agent that's just doing something very specific to your -- to a given application that's probably like a very narrow use case, but as soon as you want to get something more sophisticated, that's where the independent neutrality aspect of Okta really shines and having our positioning that's out there neutral really shines. That's probably the one area where people are looking at.

I would say there's -- it's early, but there's a lot of noise around like what's the right way to provide observability around an agent? Is it something the network at the endpoint. These are the classic traditional cybersecurity control point conversations that take place. So if a CISO steps in and says, I have agents that are being adopted within organization, you naturally fall into the security kind of paradigms at different control points. Is it identity control point? Is it endpoint control point? Is it network control point? Is it cloud infrastructure control point?

And the answer is probably yes to all of the above. But we believe identity really kind of plays a centralized view from access to governance to privilege around all of it for the agent. So it's a lot of similar conversations before. And there's some nuance you get into some protocols and standards. You hear things like MCP, model context protocol, which has been out there, which is a new technology that kind of start to show up. And so people start to ask, "Well, how do I secure my MCP server?" Because MCP server is a way for you to extract data and value with an agent from the system.

And then we have to quickly tell a story about like, "Hey, we've been participating in the standards with MCP out there. We -- the identity part of MCP is a standard that we have offerings to support that, and we've been on the standards councils for that." And so there's a little nuance, but those are probably some of the newer things that are happening out there that we're seeing in customers. But again, the primitives and the principles are very similar to what we've seen before with people.

Awesome. Apologies for the wait to the clients that have submitted questions. We are getting there, I promise. I want to be true to form and just bother David for a second just to cover the financials. Thanks, Monty. We might cycle back to you, we'll see. But let's see, on the most recent quarter, revenues as an example, grew 12% year-on-year. RPO was up 17%, CRPO up 13%. And so one of the things we've been fielding from folks is what specifically drove that divergence in the various growth rates? How should investors be thinking about RPO or CRPO for that matter as leading indicators from where we are today?

Yes, absolutely. So first thing is keeping in mind that 98% of our revenue is reoccurring. So revenue for us is largely a backwards-looking metric while RPO and CRPO are forward-looking. So ultimately, we continue to guide you and our investors to CRPO because that's the best metric we can provide to give you a window in to what our future subscription revenue will look like.

On RPO and CRPO specifically, as we become more enterprise-weighted over time, the average duration of our contracts is slowly expanding. So the average duration of our contracts historically is about 2.5 years. That's a little bit longer for enterprise. It's a little closer to 3. That's balanced out by the fact that public sector is about 1 year. And so what you'll see is that the divergence is caused by this extension in duration. And by the way, we're also incentivizing our sales team to go for longer duration deals as well. So that's kind of the primary factor that's driving what you're seeing now.

And just on that last point around the incentives for longer duration deals, I just want to make sure I'm clear there, because I would argue that part of that is just influenced by the success you guys have seen in upmarket with your 100,000-plus ACV customers. So that push for longer duration deals. Is that -- we were just thinking about this earlier with another company. But is that, call it, a tool, if you will, by the sales reps to drive lock in additional portfolio expansion while maybe allowing for enhanced price discipline? Like I don't need to go discount as much if I can extend this out and get you to take on more of the portfolio, we can find a happy medium, if you will. Does that make sense?

Yes, it makes sense. And I think you're thinking about it in the right way. Right now, the way that Okta's contracts are structured, is that if a client is underutilizing what their provision, there isn't a way to kind of ratchet down the contract in the middle. They would need to come back to the table upon renewal. But they can always expand their usage in the middle of a contract here. And so by having these kind of longer duration contracts, you've seen all this new products we've put out over the last couple of years, it gives our reps, our customer success reps, our account managers and our sellers more opportunity to kind of connect with our clients, introduce new product to upsell. It enhances the cross-sell motion as well. So those are kind of the -- what's the underlying decision.

Great. And as for the client question that came in was around net retention. And we're talking about these contract duration. So it folds in nicely. But it's the idea that, hey, coming out of COVID, we have seen downsell pressure. Where are we in terms of, I guess, navigating those downsells coming out of COVID versus the potential offset to the positive inflection points, whether it's new product or Agentic AI off?

Yes. So firstly, I'll say, underpinning our net retention number is a healthy gross retention number that's been stable for a number of years now. Retention, you can think of really, it's a combination of seats and monthly active users and products, right? So while companies have been more conservative with their expansion of seats and MAUs, we had a lot of success upselling and cross-selling our existing customers on this large portfolio of new products, headlined by governance, PAM, security, posture management, threat protection, device access, fine-grained authorization, right? The list goes on and on.

We continue to innovate here, and we already talked about some of the new AI products that we introduced recently. So that should also be a big help. And then also on that note, the go-to-market specialization effort is something we recently instituted at the beginning of FY '26 and that's been producing positive results for us as well enough for us to have actually been encouraged to increase sales capacity beginning -- incrementally beginning back in Q2. That continued in Q3. And to the extent we see -- continue to see positive benefits from that. We'll slowly, methodically keep that process going.

To go back to like kind of where we are in terms of the whole COVID cohort, we've completely lapped those headwinds. So again, that was from about 3 years ago in that zero interest rate environment. As you mentioned, our average contract duration is about 2.5 to 3 years. So we've now fully lapped that impact. Those customers will come back up for renewal and done whatever rightsizing is necessary.

At the same time, the buying environment now is not quite as robust as it was back then. And so this inflection in GRR isn't necessarily going to be a V shape, but it's going to be what we've been seeing, which is a slow stabilization and then a tick up.

Okay. And for the net retention, and just to take that one step further, we've been fairly stable in recent quarters around that 106 level. And so levers to think about for improving that metric, I know that we have a number of products for the cross-sell opportunity or even continuing to do same-store sales. If someone is already a core auth user, they can just add more seats, right? But is there anything that you guys are doing to influence that behavior via, let's say, packaging, pricing? Any levers that you have there that you can use?

Yes. So Okta -- we've been pretty consistent on pricing for a long time, and we're a value-based tool. We think we offer quite a bit of value here. One of the things we have introduced recently that I think hits on your point here is something that we're calling workforce product suites. So that's kind of a, what's the right word, like bundling essentially of different tools at different levels for companies based where they -- for them based on where they are in their identity journey. So kind of if you can think of it as a good, better, best. And that's been great both internally, it's made it easier for our sellers to actually sell the product. It's simplified selling process and made it easier for customers to understand. But just beyond that, it's actually exposed our customer to a wider variety of tools that they may not otherwise have had exposure to. Maybe they didn't think they need PAM. They come on with this early bundle, and they say, "Hey, we're actually getting a lot of use of it out of this and then it leads to an upsell down the road. So that's one way we're doing that.

Great. And I know you had commented on the go-to-market specialization earlier and the fruits of that initiative. I think a lot of investors in our view, rightfully have interpreted the recent acceleration in headcount growth in the most recent quarter is a bullish signal. Can you help us understand first where the majority of those new hires are going? And then secondly, with the success of the Okta versus Auth0 segmentation, are there -- is there additional tinkering to the sales org going into this coming year from where we sit today?

Yes, I'll start with the latter question. So the way that we're thinking about the structure of the sales team is really -- we're trying to avoid a situation that we saw 4 years ago when we kind of looped in the Auth0 acquisition in which we had a lot of sellers, they weren't necessarily hitting their number. What we'd rather have right now is too many folks going to President's Club than not hitting their number. And so we're starting with this base of sales reps, which, by the way, we mentioned on our most recent call, productivity is extremely strong. The AE tenure is at multiyear highs, AE attrition is near multiyear lows. So those two things in conjunction with each other tells you that there's a lot of internal buy-in on what we're doing around these go-to-market changes, reps are sticking around. And so yes, I think all of these kind of things in conjunction with each other are, I think, helping, really credence to some of those bullish signals.

Excellent. And with that, I know we're at time. So we'll leave it there. But David, Monty, thank you very much for the conversation here. Looking forward to it.

Thank you.

Thank you.

Excellent. Bye guys.

Hi, everyone. Welcome to Okta's Third Quarter Fiscal 2026 Earnings Webcast. I'm Dave Gennarelli, Senior Vice President of Investor Relations at Okta. Presenting in today's meeting will be Todd McKinnon, our Chief Executive Officer and Co-Founder; and Brett Tighe, our Chief Financial Officer. Eric Kelleher, our President and Chief Operating Officer, will join the Q&A portion of the meeting. At around the same time that the earnings press release hit the wire, we posted supplemental commentary to our IR website. Today's meeting will include forward-looking statements pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including, but not limited to, statements regarding our financial outlook and market positioning.

Forward-looking statements involve known and unknown risks and uncertainties that may cause our actual results, performance or achievements to be materially different from those expressed or implied by the forward-looking statements. Forward-looking statements represent our management's beliefs and assumptions only as of the date made. Information on factors that could affect our financial results is included in our filings with the SEC from time to time, including the section titled Risk Factors in our previously filed Form 10-Q. In addition, during today's meeting, we will discuss non-GAAP financial measures. Though we may not state it explicitly during the meeting, all references to profitability are non-GAAP. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. A reconciliation between GAAP and non-GAAP financial measures and a discussion of the limitations of using non-GAAP financial measures versus their closest GAAP equivalents are available in our earnings press release. You may also find more detailed information in our supplemental financial materials, which include trended financial statements and key metrics posted on our Investor Relations website. In today's meeting, we will quote a number of numeric or growth changes as we discuss our financial performance. And unless otherwise noted, each such reference represents a year-over-year comparison. And now I'd like to turn the meeting over to Todd McKinnon. Todd?

Thanks, Dave, and thank you, everyone, for joining us this afternoon. We're pleased to report another solid quarter of results. In Q3, we experienced strength with large customers and Okta Workforce upsells, particularly with new products like Okta Identity Governance. These results are driven by our unique ability to solve complex identity challenges across the entire enterprise landscape. In my comments today, I'm going to expand on our success with new products. I'll also share how Okta Secures AI, which represents a significant new opportunity and a catalyst for growth. Brett will then cover our financial performance and provide an update on the progress we're seeing with the expanded go-to-market specialization. Okta's new products continue to make meaningful contributions to our results.

Customers that are frustrated trying to manage sometimes dozens of different identity systems are turning to Okta for a modern, neutral and unified identity platform. We have been investing in innovation and our portfolio of new products are allowing customers to dramatically reduce complexity while significantly improving their security posture. New products include Okta Identity Governance, Okta Privileged Access, Identity Security Posture Management, Identity Threat Protection with Okta AI, Okta Device Access and Fine Grained Authorization. Many of these new products can now be delivered as part of product suites, which provide more value and further simplify the way customers can do business with Okta.

We believe these new products will continue to provide incredible value to our customers and will be a growth driver for many years to come. Earlier in Q3, we had a record number of customers and partners come to Oktane in Las Vegas to hear how Okta secures AI. The simple way to think about it is that Okta is helping customers both build more secure AI agents and manage their AI agents in a secure and scalable way. The emergence of agentic technology is redefining the identity security landscape. AI security is identity security. AI agents represent a new powerful identity type. However, without proper security governance, they are also highly vulnerable. Securing AI agents and nonhuman identities is not a feature. It's essential for any businesses looking to safely scale their adoption and deployment of AI.

If an organization does not secure its agents today, they risk undoing years of security improvements and leaving themselves vulnerable to new identity-based attacks. Okta has prioritized our efforts to focus on helping customers solve this business imperative and capture what we believe will be the next catalyst for growth and meaningful market within the identity security space. Okta's neutral and unified platform, coupled with our installed base of over 20,000 customers, positions us best to become the identity layer for AI agents. That's why we're so excited about the recent launch of Auth0 for AI agents. Auth0 for AI agents allows customers to build secure agents, APIs and users more effortlessly across their B2B, B2C and internal app ecosystem.

Based on our conversations, customers are expecting Okta to deliver the capabilities to help build and manage their AI agents. They are already turning to us to help guide them through the new security challenges that AI brings. Over just the past few months, we have experienced a surge in inbound interest for our Agentic Security solutions to manage agents, Okta for AI agents. These organizations are looking for a single control plane to observe and manage agents of all types in a way that offers flexibility as the technology continues to evolve. They also want a solution that gives them control like the ability to embed fine-grain access into every agent. Okta is here to deliver. The excitement is real and the interest is tangible. It's very early days on this front, but we have already been engaged with over 100 of our current customers, which combined represent over $200 million in existing ARR.

To give you a sense of the interest, I want to share a great early win with Okta for AI agents. It's with a financial services customer that is in the midst of deploying AI agents across their operations. Given the sensitive nature of their data and the need to remain compliant with the regulatory environment, securing these agents was not optional. It was critical. They selected Okta for AI agents to secure their AI footprint and provide them with enhanced visibility and remediation capabilities for the agent identities, enforce access control, identity governance and threat detection. It was a great win-win. Okta is helping the customer to safely deploy AI across their business and the addition of Okta for AI agents represented a significant ACV uplift compared to their prior contract.

We are successfully executing on our strategy to capture this emerging opportunity, and this deal demonstrates our ability to lead the market by moving beyond securing human identities to securing agentic identities. Okta is the essential identity layer to help customers build, observe and manage AI agents. We're the only company that is able to secure AI with a modern and neutral platform, allowing us to deliver even greater value to our customers. In addition to helping customers build and manage AI agents, Okta is driving the industry to an architecture where identity is more valuable and more secure. Last quarter, you heard me talk about Okta's role in the development of cross-app access, which brings visibility and control to both agent-driven and app-to-app interactions. This allows IT teams to decide what apps are connecting and what information AI agents can access. I'm excited to share that as of last week, cross-app Access is now an extension of a model context protocol known as MCP, which helps validate that identity providers like Okta will act as the indispensable control plane for the AI enterprise.

To wrap things up, we're pleased with another solid quarter of results, and we believe we're best positioned to win the exciting new market segment of securing AI. In this rapidly evolving environment, organizations of all sizes are looking to Okta to deliver modern and scalable identity security solutions that can seamlessly integrate across their networks. We are confident in our strategy and enthusiastic about the momentum of the business as we head into our seasonally biggest quarter of the year. I want to thank the entire Okta team for their tireless effort and also thank our loyal customers and partners who put their trust in us every day. And now here's Brett to cover the financial commentary and talk about how we're positioned for long-term profitable growth.

Thanks, Todd, and thank you, everyone, for joining us today. My commentary will provide insights into our Q3 performance and then move into our outlook for Q4 and FY '26. We remain pleased with the overall progress we're making to further specialize our go-to-market teams. Importantly, we continue to see improvement in sales productivity. Partially driving this is our average AE tenure, which has remained strong on the back of healthy attrition levels. The continued positive trends we are seeing across our go-to-market KPIs reinforce our confidence that this specialization strategy is the right path to accelerate long-term growth.

Another area of sales specialization where Okta has seen strength over the past few years is the public sector. All things considered, the government shutdown didn't meaningfully change the outcome of our Q3 results. We remain very optimistic about expanding our presence with U.S. government agencies as well as state and local agencies as we move forward. Over the past couple of years, we've done well to improve our margins to healthy levels while making investments for growth. Our disciplined investment areas remain clear: improving sales productivity through go-to-market specialization, relentless product innovation and further leveraging our channel partners. More recently, we've expanded our investment areas to drive future growth by increasing the number of quota-carrying sales reps.

Our recent results and business momentum give us confidence to add sales capacity in order to service the demand next year and beyond. Moving on to our balance sheet. In September, the 2025 convertible notes reached maturity, and we settled the remaining principal amount of $510 million in cash. We had another great quarter of cash flow in Q3 and ended the quarter with a strong balance sheet consisting of nearly $2.5 billion in cash, cash equivalents and short-term investments. We regularly evaluate our capital structure and capital allocation priorities, which includes investing in the business, M&A and opportunistic repurchasing of the 2026 notes, of which $350 million remains outstanding. Now let's turn to our business outlook. For Q4 and FY '26, we continue to take a prudent approach to forward guidance that factors in current market conditions.

For the fourth quarter of FY '26, we expect total revenue growth of 10%, current RPO growth of 9%, non-GAAP operating margin of 25% and free cash flow margin of approximately 31%. For the full year FY '26, we are raising our outlook and now expect total revenue growth of 11%, non-GAAP operating margin of 26% and a free cash flow margin of approximately 29%. We will issue FY '27 guidance on our Q4 earnings call, which will provide a more informed view of FY '27, especially as we exit this quarter, which is seasonally the biggest quarter of the year. To wrap things up, we're enthusiastic about the trends we're seeing across the business from the adoption of new products to customer interest and how Okta secures AI. This gives us confidence to continue making critical investments to accelerate top line growth. We're pleased with another solid quarter of results. We now look to close out FY '26 strong and build on this year's success. With that, I'll turn it back to Dave for Q&A. Dave?

Thanks, Brett. I see that there are quite a few hands raised already, and I'll take them in order until the top of the hour. And in the interest of time, please limit yourself to one question. With that, we'll take the first question from Gray Powell of BTIG.

Congratulations on the good results. Can you hear me okay? It looked like I froze there.

Loud and clear, Gray.

Great. So yes, it's good to hear the commentary on platform momentum. And at a high level, I definitely think it makes a lot of sense. But I do have to admit sometimes we pick up on like conflicting data points in our field work. Some partners say it's great. Others are a little skeptical. So I guess from your perspective, what gets customers over the hump and convinces them to consolidate IAM, governance, PAM, customer identity and any other components to Okta? Are there any like commonalities between customers who consolidate? Can you just kind of talk about like why you see those win rates?

I think the answer is it's always wrapped up in some other technological change. If you're not changing your data center, if you're not changing your apps, if you're not investing in AI, you're not going to change identity. So in all the customers I work with, it's about some other catalyzing technological change. For many years, it was cloud and building mobile apps and still cloud transformation. And -- but what we're seeing more and more is companies are trying to move technology so they could take advantage of AI. They're modernizing apps. They're modernizing their security stack so they can give AI agents access to all of their data resources, and that's been a catalyzer.

I think on the partner, we had actually a pretty strong quarter with the partner channel. Many of the largest deals went through a partner. It's actually transacted and the services were fulfilled through a partner. So it's an area of strength. I think just compared to other companies, a lot of times, we're not as deep and reliant on partners. So maybe that's why some of the partner checks are coming up inconsistently. But increasing that reach with partners and presence with partners has been a big priority. And I think on all our internal data, it's manifesting itself quite prevalently. So we're very excited about that.

Yes. I would add to that, Gray, and thanks for the question. I think another area to consider with customers as far as consolidating all these use cases with Okta as their identity partner is enterprises, as they get more and more mindful of the importance of securing identity across human, nonhuman and agentic, they're realizing that the legacy architectures they've built with multiple products from multiple vendors and multiple stacks is fragile. And with that fragility comes in security. It's harder for them to have confidence they're managing securely all their identity use cases in a way that they're confident in their ability to protect against identity-based cyberattacks.

And so they see value in consolidating on one partner with Okta so that they have confidence they've got a single pane of glass to manage all of that. So by removing complexity, removing vendor distribution, consolidating on Okta's platform, they're able to better manage and be more confident in their security posture against threat actors.

Let's go to Ittai Kidron at Oppenheimer.

Solid quarter. I guess, Todd, very interesting commentary, needless to say, about AI and the 100 customers who are trialing it. Can you give us a little bit color on, a, do I have to be an Okta customer to specifically deploy your AI capabilities? Or those could be applied to any company even if they don't use you for core access management, number one. Number two, when you think about the full deployment of this, how do I think about the dollar potential here when you have customers that are spending $100,000 with you by how much can AI truly elevate that total bill for them?

Yes. We've -- I've been personally and the entire company is blown away by how interested customers and prospects are in this capability. I haven't seen anything like this in my experience at Okta with a new capability or a new product set. So it's very, very exciting. And if you step back and think why, everyone, no surprise, big shock, they're trying to take advantage of AI and build AI workflows into their enterprise workflows. And a lot of them are stuck. And I think it's why you see some of the adoption rates of some of these platforms like Salesforce or ServiceNow or others is below what people want.

And they're stuck because right now, they have a couple of choices. They can either deliver agentic apps that look very much -- they don't have any access to the company's data. They look very much like public Gemini or public ChatGPT, generic chatbots, and they can't get any insight from the company's data. That's -- that's one choice. And -- or the other choice is you take all the company's data and you show it in a big data warehouse like Snowflake or Databricks or Palantir and then the agents have way too much access. They can just see everything and they do unintended things. And so people are stuck and they're pause and they're saying, wait a minute, we're not going to roll these things out. And there's a huge, huge cohort of companies that are trying to do something AI and they're stuck.

And then they come to us because what we can do is what we're very good at is figure out who can access what, not only for people, but now for AI agents and help them filter who has access to what, how you deploy these applications in a way that gives the right information to the agent and the right security level and lets them observe the behavior and build the right use cases for the business and that without overpermissioning at all. It is early days, like we announced and released these products just in the last couple of months after our conference in September. So it's early days. But we do have several deals that have been transacted for these products. We gave the example of the financial company that is rolling out these agents and purchase the product. It's early days, but it's incredibly exciting.

And I think it's because longer term, if you look at our market, we have a $50 billion TAM for workforce identity, a $30 billion TAM for customer identity. Owning and governing the agentic identity layer and securing AI can be a bigger TAM than both of those. I mean it's several years out, and it's going to be a lot and change in growth there, which, by the way, is, I think, one of the reasons why companies are coming to us because talk about a dynamic environment, you have a new model release coming out every couple of months, and Gemini is better and now OpenAI is better and then Anthropic is better and the technology is all shifting around it and customers don't want to get locked in. They're hesitant to commit to the Microsoft stack or the Google stack. They want flexibility. And by doing this access layer in an independent and neutral third party, they feel like they're going to have choice as this amazing platform of Agentic enterprise unfolds. So it's very exciting that we've -- the company's #1 priority now is to take advantage of this opportunity. So we're very clear in our R&D and our go-to-market, we're going to focus on this opportunity. That's how big we think it is. So it's incredibly exciting.

Todd, do you think that the go-to-market around this can change, meaning instead of you selling it to the enterprise actually talk to the agent companies and have them bundle already ahead of time your identity security with their agents such that [indiscernible] to do this.

Absolutely. And we're already doing this with trying to set the industry standards around access. We've mentioned before Cross App Access, which is an industry standard around how you actually give access to these agents across multiple agent platforms, connecting to multiple end repositories of information, whether it's a database, a warehouse application. And we're really excited that the MCP standard now recognizes Cross App Access as an extension of MCP. So think about that now if you're using MCP protocol to standardize some of these interactions between agents and resources, Cross App Access fits right into that now. So it's a very insightful question, and we're working hard on that as well.

And just as an example for our customers, customers that are using Auth0 for AI agents to build agents will get support for Cross App Access out of the box, meaning any agents that they build with Auth0 for AI agents will be discoverable by an IDP that also supports the model context protocol. And Okta's IDP also supports cross-app access and the model context protocol. So customers developing agents with our technology will be producing agents that any company can secure more precisely. And the Okta platform will help customers discover agents that have been deployed and then manage those agents as well. So we're already well on the path to ensuring that we're productizing this opportunity using our existing capabilities.

Let's go to John DiFucci at Guggenheim.

Thanks, Dave. And listen, guys, in the past, I'm going to ask the question that I think we're all going to have to answer. But in the past, you've given an early look to next year, and you didn't do that this year, which I think is the right call given how much next year depends on the fourth quarter, like Brett said. I also realize that there are other reasons to give that early look because you had other things happening at the company in prior years. But even if no new numbers, you don't give any numbers, can you give just some subjective commentary about how the world looks for Okta over the next year, just generally even because this quarter looks good. The stock is down a little bit after hours because I think what I'm saying, you didn't give that guide and people are used to it, but you'll get over that. This quarter does look good, and it sounds like there's a lot of even more traction behind the numbers happening. So just a little commentary on that would be helpful.

Todd, do you want to take it? I can talk to the guidance.

I was just going to say -- one thing I was going to say about the fourth quarter is it is our big -- seasonally, it's our biggest quarter of the year. And the opportunity is tremendous for us in Q4, and we're very focused on executing that well across all the product lines and all the regions and all the ways we execute in the fourth quarter, and we're -- it's a big quarter, but we're set up to deliver success there. And so that's very optimistic. Brett, maybe you can talk about the little bit of the guidance week.

I was actually going to touch, John, on just the business momentum before I get into the guidance because I think that's more of your question than I'm happy to get into, which is, look, Q3 was another really solid quarter for us. You heard Todd talk about it, me talk about it. I'm sure Eric will touch on throughout this call. But we're pleased with the traction that specialization is getting. We're seeing that a productivity number, the number you've heard me talk about for years now, get into a region that we're quite pleased with. Yes, it's not perfect everywhere, but it is exciting to see it from an overall perspective because that means the specialization is working, and we're excited about that.

And what that's doing is giving us -- that's giving us confidence to be able to start to add more reps into the system. So you know for a while, that's something you and I have talked about and a bunch of us on this call have talked about is, do we have the right amount of capacity out in the field to be able to address the demand. And so we started adding capacity last quarter. We've added more in Q3. We're going to add more in Q4. We expect to add more in FY '27. So that tells you we have confidence in the opportunity for a whole host of reasons, right? It could be what Todd has talked about earlier, Okta Securing AI is a massive opportunity for us. You can talk about the other new products like Governance, PAM, highly regulated identities on the Auth0 side, we feel like the organization is headed in the right direction.

And that's why you see us growing sales and marketing expense the last 2 quarters year-over-year. That's something you haven't seen in a while because we're having that confidence in the organization to be able to go out and address this opportunity. And so we're excited about what we're seeing in the business. And so hopefully, that gives you more of the context. I'm happy to talk about the guidance. I mean, I can get into that for a second, just so we're all on the same page. Todd touched on it a second ago, because Q4 is so large, it creates a need for us to be able to embed an amount of conservatism in there that makes a guidance 5 quarters out, not that helpful. And frankly, the whole point of guidance is to be helpful. And if it's not helpful, we shouldn't do it.

So we're not going to do it this time, and we will update all of you after we get past our seasonally largest quarter of the year at the end of Q4. And so then we can give you a much cleaner look at the world and not have to embed some conservatism associated with our largest quarter. Now with that said, John, I got to bring up current RPO because I know we've got to talk about it. And if you look at -- if you want a number for FY '27 or if you want to approximate a number for FY '27, I would take a look at the Q4 guided current RPO and apply a coverage ratio to it. That annualized coverage ratio, you guys have all heard me talk about for the last few years. Go ahead and take current RPO, divide it by the coverage ratio and then add some professional services on the top, and that's going to get you to a rough approximation from a revenue perspective.

Now obviously, the formula -- the piece of the formula I haven't given you is the coverage ratio. That coverage ratio, I probably would use something in the region of FY '26. So hopefully, that gives you a little bit of, John, on how the business is doing and why we're excited and optimistic about Q4 and frankly, beyond Q4 and also a little bit why we decided to hold off on giving a guidance for FY '27 because we didn't feel like it was being helpful to all of you anymore.

That all makes sense. I really appreciate all that.

Yes. Just a little added color commentary to Brett's comments as well. The -- we have talked throughout this year on the changes we made in February in go-to-market to specialize in the platforms. And we've talked about one of the key reasons for that strategy is we had decided that specializing on the buyer persona was important, but also that our pace of product innovation on both the Okta platform and Auth0 platform had accelerated to the point where it was just really hard for one seller to keep pace with all the capabilities coming out in the platform. And we talked in Q1 about how we were on track for our plan for this year to implement that change and absorb the cost of change management. We talked about having a solid Q2. You've heard us here talk about a solid Q3. One indicator that we've shared of how successful we're being executing that strategy, what Brett talked about earlier that our AE attrition right now is near a multiyear low and our 8-year tenure is near a multiyear high. And AE productivity is sequentially increasing. And so when we think about how we're doing -- implementing that significant shift in territory assignments and account assignments and in go-to-market motion overall, we've got a lot of indicators that this strategy is the right strategy for us. And it's also created space in our sellers to be able to take on new initiatives -- like we're talking today about Okta Secure's AI and just how impressed we've been with how much that story is resonating for our customers right now is a hugely strategically important need. We can attack that need now because we've got more focus on that particular use case for that particular buying persona. So we're very optimistic on the strategy playing out.

That makes sense, Eric, thank you and it's showing -- it's showing, thanks.

Okay. Next up, we'll go to Fatima Boolani at Citi.

Can you hear me okay?

Yes, loud and clear Fatima.

Todd, this one is for you. We've been really fascinated with the broader themes around agentic commerce. So I wanted to get your pulse on where the portfolio is most relevant to capitalizing on that opportunity? And where do you see effectively your customer identity business playing a very meaningful role in that? And I guess, Eric, just to even loop you into the conversation, how are conversations with customers trending with respect to building a stack behind some of these really interesting opportunities that are going to unfurl in the next couple of years?

I think it's a big deal. I think Agentic Commerce and if you have a website and you -- that's doing customer support or e-commerce commerce, you're going to have some version of agents on there very quickly if you don't already. And if you're building those agents, Auth0 for AI agents is the right solution. It shortcuts the ability to have those agents connect to multiple systems on the back end. It helps you put Fine Grained Authorization inside of your agentic flow. So it's purpose-built, and we're -- I think it's a big trend we're talking about here. It's the same trend we're talking about here, whether you're managing agents for internal deployment to help people get work done in their enterprise workflows or in your B2C use cases moving toward a more agentic interface versus the person interface in the past. It's the big trend we're talking about.

Yes. And I'll add to that. We talked about at our -- in the quarter at our user conference, Octane, we talked about the customer conversations around this challenge. And we shared a survey that we had run of a few hundred enterprise customers reporting that 91% of them had agents in production and only 10% of them were confident they had them secured. The need is very acute and it's very urgent and it's a key reason why this is elevated to such a prominent conversation. Todd talked about one example of where our customers are struggling with this in Fine Grained Authorization. So for builders of agents, they need to solve for at least 2 distinct challenges. One is ensuring their agents can be discovered.

And the second is ensuring that agents are only authorized to do specific things that they have access to specific corporate assets and not others. And Auth0 provides the capabilities to solve both of that with support for Cross App Access and model context protocol, agents built through Auth0 can be discovered and managed properly. And Auth0's Fine Grained Authorization allows agents to be built in a way that their privileges can be very finely tuned, which is hugely important to our customers in that space. But the second part of that challenge that our customers have is they don't know. They tell us they don't know what agents are deployed in their environment. They don't know what their users have turned on and what their users' agents don't have access to.

And this is the challenge of discoverability and being able to discover agents. So our -- on the Okta platform side, our Identity Security Posture Management product scans corporate networks to find service accounts and the privileges of those service accounts, but it will also now help discover agents that are implemented and deployed as long as they support the Cross App Access protocol, the extension to MCP. So the problem of discoverability is something they need help with, and we're well positioned to help them with that. And the other related challenge is not only knowing that they exist, but then protecting the identity of those agents to ensure the agents can't themselves be impersonated by a threat actor and to ensure that those agents are properly authorized to take the actions that they're attempting to access.

So the Auth0 platform on the build side is hugely important for our customers and the Okta platform on the Discover and manage side is important for them as well. That also includes things like privileged access, allowing the agents to have tokens that are appropriately vaulted and governance, having them provisioned and be provisioned based on just-in-time requirements. So they don't have agents live withstanding privileges when they don't need to be standing.

I think you should see the commercial impact in both your businesses as opposed to what intuitively I would think would just be on the customer identity side.

Yes. I think, Fatima, I could think of a meeting I just had a couple of weeks ago, and this was how it all comes together. So there's -- this company is a large mortgage company, online mortgage company. And they think about it as when people come to their website and they start browsing for mortgages, and they answer the customer's question in agentic workflow. And then it actually flows all the way through their origination business on the back end, which is very much enterprise workflows where people have to use human in the loop system to make approvals for mortgages that are over a certain amount.

They have to maybe automate entirety of the mortgage process so they can fulfill it without anyone, any person. So it's like external facing on their website in a B2C, and it also goes all the way back into the enterprise. And they want that all to come together. And the business value for them is very simple. It's their conversion rates on the mortgage is up 5x if it's -- there's no delay. There's no delay in the approval or they don't have to go for some other thing. So it's a very clear ROI. And before they were talking to us, they're really stuck on these questions we're talking about, like how do we make sure that we -- the consumer-facing agent has the right access to the back-end systems? How do we make sure that the enterprise-facing agents have the right permissions as we automate some of those workflows and don't over give overly permissive access to these agents and the enterprise all comes together in that very concrete example.

And next up is Josh Tilton at Wolfe.

Brett, not to put you on the spot here. I do appreciate the color on how to think about next year's revenue. But to kind of simplify it without the math, bookings growth year-to-date is kind of growing where Street is for revenue growth next year. So like how do we think about that? What you're doing so far this year, what it implies for next year? Are you comfortable with where the Street sits? But I'm just trying to understand bookings growth has been good. It's kind of in line with the implied or where the Street is for revenue next year. Like how do you feel about where -- the Street sits today?

I think in general, if you were to take our comments and boil them into a couple of little simple things, which is, one, you can feel the business momentum growing, right? Eric talked about it a few minutes ago around how we had to make some changes at the beginning of this year to further specialize the field. You can feel that business momentum growing as we go into Q4. And we think that, that business momentum on the back of us specializing the field is helping in addition to the market seems to be in a good place for us for all these new products, whether it's Okta Securing AI, whether it's Governance or all these new products that we've talked about over the last several quarters.

So I don't have an exact answer for you in terms of where the Street is and bookings growth and all that sort of stuff. But the really important thing is you can see the growing confidence in the organization and you can see the productivity, you can see the optimism. You can see all these things headed in the right direction, and that's why you can kind of hear the tone from the 3 of us and the way we've been talking about it throughout this call as being very positive, and we feel like the goal that we've been talking about for a while of accelerating growth in the medium term is something that is on the horizon for us, which is exciting. I'm not saying when it's going to happen or how it's going to happen. I'm just saying that we do feel that, that business momentum is headed in the right direction, and that's why we're adding capacity, like I said a few minutes ago, to go out and address that demand.

Next up is Jonathan Ho at William Blair.

I wanted to see if you could update us a little bit on your sales realignment efforts earlier this year and how maybe the product suites have had an effect on that go-to-market. Lastly, how do we think about sort of the pace for net retention over time? It's been sort of sitting at this 106% level for a bit. I know that's from prior periods, but how do we think about maybe the mechanics of that recovery?

Jonathan, I'll take the first part of that question. I'll let Brett take the second part. The go-to-market specialization for us, as we've said throughout this call, we feel it's been very effective. And there's a few ways that, that has played out for us. On the front end, the top of the funnel, we have specialized our demand gen teams for their brand generation work, their pipe generation work, and we are pleased with the pipe that we've been able to generate in the business. We also have had more focus on our distinct personas. So we've had an opportunity in our field to get closer to the very specific granular needs of our CIO and CISO buyers and of our developer buyers.

And we've been able to focus our R&D efforts on the Okta platform and the Auth0 platform on those personas. And so we've seen significant innovation improvements tying specifically -- more specifically to a discrete buying persona, which has allowed us to continue to capture market, things like Okta customer identity which we talked about last quarter, has really come back as part of our refocusing on the Okta platform for the enterprise buyers. So that specialization has been very helpful. One of the questions this group has raised in prior quarters is how the field organization was feeling about specialization, whether they felt this was a positive, a positive or something that was a concern to their ability to be successful.

And as I mentioned earlier, we're seeing right now our sales attrition is near a multiyear low and our sales tenure is near a multiyear high. So we're feeling very confident in not only in the model's capability to produce financial results, but we're feeling very confident that our own field organization is very engaged and feels that they're being successful in this model, which is what we expected, and we're pleased to see it playing out the way that we expected.

Yes. Okay. So I'll talk about NRR in a second, Jonathan. But one thing that Eric was saying, maybe think of around the specialization, one of the reasons why the new product introduction percentage has remained quite healthy as a percentage of total bookings, we've talked about it over the last 3, 4 quarters is because people are starting to really get into the details on the product to be able to sell it directly to a specific economic buyer, and it helps them just be more familiar with. Anytime you're more of a familiar with something, you're probably going to be better at.

And so that's been the theory behind why we did this, and it seems to be playing out in that regard. In terms of the NRR, the one thing I would say before we get into NRR is gross retention remains healthy. It's one of those things that we're quite proud of, and we expect to continue over the long run with that given the value that we drive for our customers day in and day out. In terms of where the range is and where it could be, 106 is right in the range we've talked about. You've heard me talk about it every quarter for a while now, and this is where the range we thought it was going to be. So it's traveling in the range that we expect it to be. We probably think it tracks in this range or we do think it tracks in this range for Q4. I don't have a great answer for you beyond that, Jonathan, because we are still early in our fiscal year planning. But obviously, if we want to grow faster, this is something we're going to focus on because it's on the back of that strong gross retention, how can we keep doing these upsells and doing more NPI and more Okta Securities AI to be able to help ourselves in that number over the long run. Obviously, there are dynamics that go in there, like if we sell more new business, it's a little bit of a headwind to new NRR. And if we sell more upsells, it's a tailwind. So there's always a balance in that number that we should keep an eye on when we're looking at the overall total business.

Next, we'll go to Annick Baumann at Jefferies.

I'm on for Joe Gallo today. Brett, you've been very candid in the level of prudence and guidance the last couple of quarters, but you've also seen larger beats historically in 4Q over the past couple of years. So can you comment on the puts and takes to guide in 4Q? You've talked about conservatism there, but just the puts and takes to it. And then also, is the guidance framework still in line with what we've seen historically?

Yes. I mean, just in general, just to answer your second question first, we're still trying to get closer to the pin. Now we had a nice beat this quarter on current RPO because the team just flat outperformed. They did a really nice job. And so I'm happy to be wrong in that situation. But we want to get closer to the pin. That's been our stated goal now for several quarters. And if you look at Q4, we've removed any specific line items. Right now, it's just down to market conditions and our own internal expectations. So it's real simple, and we're looking forward to executing in Q4 as best we can because you've heard us talk about it. It is our seasonally largest quarter, and we want to finish a strong FY '26 with the bank.

Great. Next up, we'll go to Shrenik Kothari with Baird.

I think there was a question on consolidation and then a lot on agent. Try to combine the 2, I believe as you guys head into '26 kind of planning cycles and I think, Todd, you did mention there's a desire for a single control plane to manage agentic as well. Are you seeing signs that buyers are also thinking about consolidating AI governance around the vendor? And just based on whatever you saw so far in terms of those 100-plus engaged customers, can you walk us through like the typical conversion time line from interest towards the ACV and booking ARR?

Yes. You're right. The 2 trends are very related. This thinking about the agentic future for these customers and then thinking about what that means for their identity stacks in the short term. We're working with one of the largest Fortune 50 customer of ours on a wholesale replacement of Ping Identity, SailPoint, CyberArk, and several other identity vendors across their whole stack to standardize on Okta products. And the driver there is 2 things. It's cost. They wanted to have less cost in their environment, and they want to have more better functioning and greater products. That's part of the driver. But the bigger driver was actually something very simple, which is this company has 5,500 applications. And only all these years with these legacy vendors, they only had 1,500 of them hooked up to their central identity system.

And so they're thinking about agentic future where they want to give their agents and their agent infrastructure access to every application that they have, and they only had a paved path for 1,500 of them because they only were able to get that many on their identity platform with the old technology. So when they think about standardizing, they think about moving all 5,500 applications to Okta. And then that cuts costs. It makes the system work better because governance is integrated to access management is integrated to privilege, but more importantly for them, I think it enables the agentic future where they can give access in a controlled govern managed way at all these agents doing all these workflows that's behind a standard IDP. So they're all kind of interrelated, but I think they all point north for Okta, which is a very good position to be in.

Next up, we'll go to Brad Zelnick at Deutsche Bank.

Great. Nice to see everybody. Guys, in Q3, I think you've added more head count this quarter than you have in 3 years, which I take as an expression of confidence especially knowing how developed followers you guys are about Rule of 40, and that's in addition to a lot of other constructive commentary tonight. But just to follow on DiFucci's question and Josh Tilton's question as well, if I take, Brent, your comments on CRPO coverage ratios, quick back of the envelope gets me to like 9.5% revenue growth for next year. And I just want to make sure that I heard you correctly and I'm interpreting that right?

The simple math is just current RPO, right? When you take the coverage ratio on the coverage ratio, just to make sure everyone is clear on what that is, let's say we can -- let's calculate the FY '26 coverage ratio together. All you do is you take Q4 FY '25 current RPO and you divide it by.

It's the guide or the actual.

No, I'm saying for the coverage ratio that you're going to apply to current RPO, right, because it's current RPO guidance, time to coverage ratio plus professional services. Okay. So you've got Q4 current RPO guidance, we just gave it to you, right, $2.45 billion. The coverage ratio is the most important factor in the math that you don't -- we don't have an exact number for, but I'm trying to give you a rough approximation. And if you wanted to use, you don't have to use FY '26, but it's the closest in years, so it makes sense or somewhere in that ZIP code. So the FY '26 version, all it is, is Q4 FY '25 current RPO, which was $2.25 billion and you divide that by the FY '26 subscription revenue, and that's going to get you a number. We haven't given you a guide for subscription revenue, but you can figure it out, Brad. It's pretty easy. That number is probably about 79% or thereabouts. And then you just put that in the formula. And then professional services, I think you guys can come up with a rough estimate. And then that's all you do. So Q4 FY '26, $2.45 billion divided by $0.79 plus whatever we're going to put in for professional services. I'm giving you advice to use FY '26 as a rough approximation. I'm not saying that's what you have to use, just seems logical given us the closest year to what we're about to do in FY '27. That's all.

Totally get it, and I appreciate you making it very clear. Maybe just on the other part of my question, when I see you guys hire like this, it really, to me, makes a statement, and I want to make sure I'm interpreting that signal the right way. Am I to assume that the bulk or strong mix of those headcount adds are go-to-market? Is there anything else to know about the composition of all those heads that you've added in Q3?

Yes, it's a mix of both go-to-market because what we've talked about already today. And then also continuing to add into some of the lower-cost regions to be able to bulk up the capacity in places like R&D or other areas that can help us be able to build product faster or in G&A to be able to become more efficient and be able to come -- get through things faster. So it's really a variety of areas for us, but it's really go-to-market and then lower cost regions are really the 2 places that we're adding. You're on mute their Brad. Brad wanted to dive in. So I felt like it was necessary.

All right. Next up, we have Yun Kim at Loop Capital.

Todd, so for some of the early adopters of AI agents that you're working with, are these agents from software vendors like Salesforce and ServiceNow? Or are they custom developed AI agents? And is your approach to securing AI agents different for these 2 type of agents given that Auth0 for AI agents is really targeted at developers?

It's a really good question. And it's -- every customer we talk to, it's -- they're worried about all of the above. I would say that the actual most concrete implementations are agents they built themselves. I think that the deployment from the -- some of the packaged application vendors you talked about are maybe a little bit more behind in terms of deployments. But the ones -- the companies that are building their own, that's their first and foremost concern. But everyone is concerned about -- they know it's going to be a multi-platform world in this -- there's so much value to be delivered. There's so many frameworks, there's so much innovation.

There are so many models. They understand it's going to be a multi-platform world, which is why our message is really resonating, which is like, hey, if you get identity security and agentic security is absolutely critical. You can't just give agents access to everything. You have to govern and control and monitor the access. Now if you choose to do that in one security platform or one cloud platform, everyone understands that you're going to be -- it's going to be strong lock-in, and you're going to be stuck with those models, those frameworks and have gravity in that environment. And people are leery of that because they know that it's a fast-moving environment. And they -- it'd be kind of like -- when I talk to customers, it'd be kind of like you had to choose one streaming platform, you just won and you couldn't switch. What would you choose, right? You'd be careful because all the good stuff is on the other one. And if you choose Netflix, you want to go over to Prime, you choose Prime, you'd want to go over to Paramount, and they don't want to choose one platform. They want flexibility. They want to be able to use different platforms and pick the best content off a different platform. So that's really resonating with customers, which is what's driving this interest, which is why we're working so hard to capitalize on it.

Next, we'll go to Mike Cikos at Needham.

I just wanted to come back to the net retention comment and understood on -- you guys were in that ZIP code around the 106. But I think historically, the company has not incentivized or split up the team between hunters or farmers and allowed sales reps to choose how they want to retire quota. Can you just provide an update for where we are in thinking about the sales capacity you're hiring? Are we thinking about setting up a specific team focused on new logo acquisition or first orders? Or is it still I guess, let the reps choose. Are we putting in place any sweeteners of any kind? I just wanted to get an update on that front.

Yes. Thanks, Mike. We have, in fact, started looking at and carving territories for new logo acquisition. We announced a year ago that we were bringing a hunter farmer assignment into, at that time, our U.S. commercial business. And we talked last quarter, then 6 quarters into that change, how that was progressing. We're very pleased with the productivity of how that's been carved off. That was in the U.S. commercial business. We have not extended that into our enterprise business yet. We're seeing rather the focus of platform specialization on the buyer is allowing our reps to balance both new logo acquisition and getting deep within their existing accounts, but that's always something that we look at. And as we look for opportunities to expand new logo acquisition, thinking about adding hunter capacity as part of our planning process every year.

Excellent. I'll keep it to one.

Yes. I think a lot of the growth and a lot of the focus and planning is on larger deals. You saw the cohort of $1 million deals despite in Q3 grew 17%. Very excited about that. And in general, a lot of our growth and focus is going to be on larger deals. Sometimes with our products now that can be in a segment of smaller customers, but most of the time, it's in a larger enterprise or strategic account patch. And so just in general, that's where the business is going. That's where the growth is, and that's where we're investing.

Let's go to Tomer Zilberman at BFA.

Yes, I think you've previously spoken about the opportunity to price agentic as an extension of a per seat license. But we've been hearing in the market some concern around seat count reductions at customers. So one, as you think about your opportunity next year and you're doing your planning, are you seeing any concern around that with your customers? And two, how do you think about the offset of any potential reduction of headcount versus the opportunity to upsell agentic?

The agentic products are priced similarly to our current products. Our current products are priced per user, the agentic products are priced per agent. So sometimes that can be a one-to-many relationship. You might have a few agents for a person. Sometimes they might be agents on their own. So I think we're set up in a way that gives us flexibility as these things evolve in terms of how companies want to deploy agents to augment headcount, what they want to -- how they want to deploy agents at the front end of processes before it ever gets to a person. And this is one of the advantages we have with all these customers and all this interest, we can figure this out quickly. And we can iterate on this quickly, and that's how we've gotten to this pricing model because this is a new thing. It's exciting because a lot of the traditional vendors, it's like being locked in or being owning a certain market, it's not owned yet. We have the opportunity to win this massive new market, and it's -- we're well positioned with the customers and with the products and with what people expect us to do. We're going to go out and define it and win it, and it's going to be really exciting to do that.

And the other comment I'd add to that, Tomer, is we feel very well diversified from a use case and product perspective. So to the immediate question, we are not -- like everyone, we're looking at what changes will happen in the global workforce at companies as they lean more on AI and technology to run their businesses. We're not yet feeling a material headwind from -- you mentioned seat reductions in the business. But were we to see that, we're confident in our customer identity business offsetting that. We're confident in our agentic identity business offsetting that. So in the aggregate, we view this shift in the industry as net upside for Okta. And everything you've heard us talk about in our product strategy today and our focus of innovation and the conversations we're having with the customer is embracing the extended opportunity to help them solve an emerging very acute urgent customer need for securing agentic identity. But we see that as upside to the overall business, not as just replacing the existing business.

Next, we'll go to Joe Vandrick at Scotia.

We got Joe Vandrick on for Patrick Colville here. Todd, you mentioned a surge in inbound interest for managing agents. So can you talk about what's getting more traction? Is it the Auth0 solution or the workforce side? And then what do you think represents the larger opportunity and why?

I think it's -- they're both getting about the same amount of traction. I think the -- it's a little bit different. I think a lot of the interest in the Auth0 for AI agents, it's more online, people find out AI developers, right? So they find out about it on the website. They do self-service, upgrade to enterprise. It's a little bit of a different motion. The Okta for AI agents, which is for IT and security, it's very much have an enterprise architecture with a CISO or security influence buyer or an IT influence buyer. So they're both getting interest, but it's pretty early on both of them. It's -- we resist the urge to draw too many patterns on the couple of months that's really been out there in the market.

And we're really priding ourselves on being able to iterate quickly and adjust as we define this market and make sure we not only deliver something incredibly value for customers, but something that will take advantage of both of these personas, which is IT and security on one side and then developers on the other.

We've got about 4 minutes left. Let's try to get the last 3 questions. Next up, we have Rudy at David & Co.

Brett, I want to go back to the comment in the script on sales productivity. You said you are continuing to see improvements there. Is that -- was it improved quarter-over-quarter? Was it improved year-over-year? I'm curious on that. And then secondly, on the sales hiring front, certainly, we've seen that. Your sales job openings are up over 100% year-over-year in the last couple of months in our data. What is the level of sales capacity additions you're planning to add? I'm not sure what time frame you want to use last quarter through Q1? Or just what's the level of sales capacity addition you're looking to add as you think about the FY '27 plan?

Yes, absolutely. And I'll let Eric step in a little bit here, too, on productivity. But to answer your question, it is up quarter-over-quarter and is up year-over-year. So see all of the above, really, which is a good sign for us. And also at the same time, like I said, we added capacity in Q3, and we started to add capacity in Q2. In terms of the exact numbers of how much we're going to add, we're going to be methodical about that. We want to make sure that we are maintaining high productivity and not overdoing it in terms of adding in capacity because as Eric told you a second ago or whatever, 20 minutes ago, our AE attrition is quite good right now. Our tenure is quite good. We don't want to disrupt that. And so we want to be methodical in our approach to add the capacity into the system, make sure it works and then move on, evaluate the success and then step on to the next level of what we think is possible because we do have a great field right now. We are very confident. -- actually should have said at the beginning of the call, a great job by the sales team and all the go-to-market teams in Q3, and we look forward to having them execute in Q4. So yes, I think that pretty much covers it, Rudy. I don't know if, Eric, you'd have anything else to add.

You hit the key points. I would say, in addition to productivity being up, it's implied with your comments, Brett, but attrition is down. And so from a field engagement standpoint, we feel quite positive with our team's ability to be successful and their belief that they can be successful. So as we add capacity, we want to make sure we add it in a metered fashion to ensure that we're confident our field continues to have the opportunity to be very successful with Okta. So that is an important part of our philosophy because we don't want to see a return where attrition starts to creep back up. We want to keep our tenured reps because they're much more productive.

Next, we'll go to Taz at ROTH. Taz, you there? Not. Let's quickly go to Gabriela at Goldman.

I'm here. Can you hear me?

There we go.

Let's go to Gabriela and then we go finish off with Taz.

Todd, I wanted to ask on this topic of agents that are bespoke versus from the packaged software vendors. As and when we start to see adoption from the packaged software vendors, how do you think about the identity functionality that may be embedded in the application? And this is in the context of ServiceNow announcing their plans to acquire Veza this morning?

Yes. One of the interesting things about being the clear leader in identity security is we kind of have a right of first refusal on all the acquisitions. So we looked at Veza. It's interesting. It's a pretty narrow use case in terms of identity management. And the big picture idea is what's going to be like the system of record for access. And to do that, you really have to have an IDP sitting in the middle of the transaction to really get the governance and control. So I think you're going to see what's played out a lot of times over the last 10 years, Gabriela, is every platform company is going to try to take their own identity from their own platform and make it generalizable. Sometimes they'll buy something, sometimes they'll try to build it themselves, but it's really hard to cover all the use cases and cover all the integrations to all the different systems and environments if you're not totally focused on it. And I think you'll continue to see that benefit us for a long time.

Okay. We'll take the last question from Taz at ROTH.

I got 2 questions. Todd, first one for you. You mentioned the customer example with a large AI deal. And my question is, can you talk about the -- you spoke about one-to-many relationship between humans and agents. Can you talk about what that was in that scenario? And maybe kind of bake off a competitive landscape, like who are the other players involved in that deal for AI security?

Yes. I think just -- it's pretty simple. I think a lot of companies think about agents as like software engineering is a great example. As a software engineer, you're going to have 10 of these agents working for you all the time. They're going to be reviewing code. They're going to be doing security reviews. They're going to be checking code in. They're going to be running tests. And that -- all those agents are going to be working on your behalf in some cases and have their own identity and others and it's just having the flexibility to support all those different use cases in addition to agents that would just run on their own. Your customer support agents or your agents sitting on your website accepting commerce are going to be on their own. They're going to need access control, but they're not bound to a user until maybe it gets lowered down in the workflow so.

What's that relationship being like in the example that we've seen so far, what is it like 1 to 10, 1 to 20? And if you compare the human agents that you have, the human entities that you have versus the agents that you secure, is that number -- is there a ballpark number that you have seen so far in the companies that you've sold to?

I think it's like 5 to 10 per person.

Got it. Brett, just one for you. Even as growth has slowed down in the last few years, margins have gone up quite a bit. And if you look at your margins plus revenue growth, you've always been above that Rule of 40. Should we expect that to continue going forward in fiscal '27? Do you expect that Rule of 40 to sustain? I know you didn't give us a revenue guide, you gave us some ballpark guide. But combining that with what to expect for free cash flow multiple margin next year, should we expect that Rule of 40 to sustain going forward?

Yes. I mean, from an overall perspective, we are going to continue to employ the Rule of 40 framework when we manage the business, something we've been quite consistent with, I guess, is probably the right way to put it. And as you said, we have had a tremendous amount of margin increase over the last 3 years. Thank you for saying that, Taz. I really appreciate it. But when we look at the overall formula, and I'm not going to be able to comment on what we're going to do next year for FY '27, let's get through the plan and let's get through Q4 and see how everything goes. And then I'll give you an update then.

But ultimately, when you think about it, we want to lean into the growth side of the equation more. You've heard us talk about that. That's been our goal is to accelerate growth for quite some time. You can hear the optimism from the call today about that desire and confidence. And so we're still going to manage through that Rule of 40, and -- but we really want to lean more into that growth acceleration side of the house. And once we have our finalized plans for FY '27, I'll be able to give you some more succinct detail at the next earnings call.

Well, thanks, everybody. But before you go, I just want to let you know that Okta will be hosting several on-site and virtual bus tours in December and January, and we'll also be attending the Virtual Needham Growth Conference on January 8. So we hope to see you at one of those events. Thanks.

Thanks, everyone.

All right. Good morning. Welcome to Oktane. Welcome to Investor Summit. This is going to be a 1-hour Q&A session with our top executives. We have Todd McKinnon, our CEO and Co-Founder; Brett Tighe, our CFO, and Eric Kelleher, our COO; and Jon Addison, our CRO.

So this is for you. We're going to take questions in the room. We'll take them one at a time. And I'll start right away. So David, if you want to.

Maybe upfront, I could just summarize the [ absolute ]. Would that make sense?

Yes.

Hi, everyone. Thanks for joining us. I think this year at Oktane, we have a very, very relevant message to deliver. And just in terms of what's going on in the world and the challenges and the opportunities everyone is facing. And also, I think it's a message that people expect us to deliver. And that's, I think, a powerful combination.

And that message is -- for those of you that saw the keynote this morning, it's -- I'll kind of summarize it for you. It's basically that the insight that everyone is having is that AI really means agents and how agents can automate work and how agents can improve productivity and impact in all these different layers of the stack and all these different industries. And when you break down what makes agent security real and valid and valuable is the fact that it's really identity security. These agents need access to different resources.

They need their own identities that you have to have visibility, governance and control about what they access. And so it's -- in terms about being -- us being relevant, it's like exactly what people expect from us. And we've been working on this for many years. And today, we talked about 3 important innovations we're delivering to make this identity security foundation for Agentic -- the Agentic world real and relevant and powerful.

And the first one is how we're bringing the -- we're really defining this new category, this new category called Identity Security Fabric, Identity Security Fabric. So the way this works is that it's just like saying you would say CRM. So there's a category called CRM, and that's the combination of sales and marketing and service and support or you would say ERP, that's a category that combines HR, financials, manufacturing. Identity Security Fabric is this category that combines governance, privileged access management, identity security, posture management, access management.

And I think this is what customers want because if they want to have a solid foundation for security, AI, all the stuff they want to build on top of that, they have to get their identity security foundation in order. And it has to have comprehensive coverage. It has to leave no gaps. It has to provide automation, orchestration, all the things we've been talking about. But it has to be this new concept that people don't want to buy these individual products that maybe don't work great together.

They don't want to buy separate vendors for all the stuff. They don't want to have to integrate vendors. They want an identity security fabric. And we talked about how the Okta platform delivers that. It's the best example of this today in the industry. It's the most complete product set. It's cloud native. It's the most integrated. It's preserves choice and independence and neutrality. And now we're bringing AI agents into this platform with native support across the product suite. So from identity security posture management, access management to governance, privileged access, they all support this new identity type called an AI agent, which is kind of like a combination of a system account or a nonhuman identity and a person.

So it has attributes of both, and we've combined it across the entire product suite. That's the first set of announcements. The second set of announcements is how we're working with various efforts around standardization to help standardize how this concept of an identity security fabric interacts with this vast complex array of technology in all these customers' environments. And we talked about our progress on an open standard called IPSIE, and we talked about this new standard we're working on called Cross App Access.

Again, it's just giving the Identity Security Fabric more control and more visibility into the entire technology landscape, enabling faster adoption and more control and better outcomes and again, all toward the goal of doing more with AI. And finally, how using our Auth0 platform, developers can build applications and agents and Agentic systems that are -- that comply with these standards out of the box and how they can -- if you build an application with Auth0, it connects into all these protocols like IPSIE, it does Cross App Access. And so it really helps people build fabric-ready things.

And this is -- we were -- hopefully, you've got the sentiment if you talk to customers here at the show, but we've never seen interest from a new product area like we do about -- like we see about this one. Everyone wants to talk about this, biggest companies in the world have this problem of AI agents, and they want to do more with agents. So it's very exciting. Now it's talk at this point. So the question will be how fast that translates into both people buying more of our products just to build this fabric and then over time, actually buying more products for -- specifically for AI agents because all these capabilities I'm talking about are new. They're going to be new things that people pay for in addition to what they pay now for customer identities or employee identity. So it's super exciting times, and we're great to -- excited to be here to talk with you all about it to help you get a better understanding.

Eric Heath with KeyBanc Capital Markets. Thanks for doing this and having a great time.

Todd, maybe I'll just say at the onset, like the amount of innovation that you're doing on AI agents and how forward leaning you're being is, I think, unmatched in the industry. So I appreciate that. So on a couple of the things you talked about, I guess, for me, talking to your partners and your customers out there, I'd still say there's a lot of -- it's hard to find 2 people that agree or have the same message on how we're going to secure AI agents. So I think you still just get a vast difference in people's approach, initial views on how it's going to be done. So where do you think we are -- or where do you think we are in terms of maturity standardization of how we're going to secure AI agents? And then second, to the point you were leaving with, look, we all want to see acceleration in growth. So when do you think this really could be a growth driver for the business?

Well, you're having those conversations before the keynote, right? So they weren't clearly explained to them about the vision of the future. Is it -- I think it's a very important point and an important question. I see this -- I think where we are as an industry is that in the last year, everyone agrees on the problem. I think it wasn't a hard case to make to the audience today that a big part of AI security is identity security.

And agents are the -- what we have to fix, and that's an identity security problem. That was -- we tried to clearly lay that out. But I think, frankly, it's -- a lot of people understand that or more people understand that than did a year ago. Now I think that the solution had to go from all this energy around companies adopting and building these tools and adopting all this wave of innovation coming from all the technology providers and translating to actually how they do that, we're still figuring that out as an industry, and we're hoping to lead there. But the first necessary and present condition is the amount of interest and the amount of inbound really concrete exploration that customers are doing around our solutions.

So I think the first wave is really going to be customers thinking about this concept of fabric and how they can normalize this complexity with one vendor and this one-stop shop for identity. That's the first thing that's going to help us grow faster, I think. And actually, the Agentic part of it will kick in later. But I think there's a lot of potential opportunities for growth here coming out of this.

Great. Meta Marshall from Morgan Stanley. Just a question on the Cross App Access. And just kind of how critical it is to get buy-in from kind of other partners in order to kind of fulfill the kind of vision of the identity security fabric.

Yes. So Brett is the expert on Cross App Access. It's very important. And the -- and it's not going to happen overnight. But one thing to understand, too, is that a lot of the benefits of managing AI agents in Okta and vaulting the credentials and having governance and ownership clearly outlined on who in the organization owns the agent, there's a lot of value there if Cross App Access never takes off.

That's the first thing to understand. You're going to want to discover these AI agents, you're going to want to track them. You can do that all without Cross App Access. Now Cross App Access is a future-oriented way to make it all work even better. And so this is going to take time. It's -- you got to like propose the standard, get agreement on it, you got to build it into the product. You got to get technology providers to adopt it and then you got to get more demand for it.

So more other technology companies build it. Standard is important because none of these technology companies, Box or Google or Amazon or Microsoft, they don't want to build something that's like only going to work for one environment. They want to have an open protocol. And so that's important. But it's going to take some time. The only way it has a chance, which makes me so excited about it is that it has to solve a need that these technology providers see. And the reason why we started working on this over 2 years ago was because we were talking to all these SaaS applications that were trying to roll out their applications in these environments and setting up all these cross-system grants between users was a mess.

And they would try to roll out these awesome innovations they had. And it's like, yes, but it takes the company 6 weeks to set up all the -- allow this thing and grant this thing. And so that's why we started building it. Only later did we realize it's perfect built for this world of AI agents because AI agents are inherently cross app. They're inherently connections of multiple systems. And so it's a long-winded way of saying that the technology vendors want this. And that's why I think the reception has been so high, and that's what you need to get this stuff started. If you try to make up some standard that no one cares about the problem, you're really kind of like fighting against the wind, but we think we really have a tailwind on this one.

And you can see that in -- sorry, we might be saying the same thing. But you could see that we had an event about a month ago with 1,100 people from ISVs, who are interested in this and want to be able to implement. So that's just pure quant, but it's pretty nice to see that kind of level of interest. We had a bunch of good companies on the page today, but there's going to be more and more as the months and quarters move on.

I love that pure quant. So just to add to that, the keynote -- for those of you that have not yet seen this morning's keynote, it's worth -- please go back and watch it. It really does a nice job framing up our vision, Todd's vision, Okta's vision on these topics specifically. And Todd, at this time in the year, it's when we paint a vision for where the market is going and how Okta is skating to where the puck is going to be. And what's interesting this year about the message around securing AI agents is our customers are all in it with us.

They're all right here. So this transformation is happening for the industry just so quickly that this conversation is a real conversation. In your briefing packet, you'll see some data. We just conducted a survey of a few hundred companies. 90 -- over 90% of them have agents in production. 10% of them say that they're confident they're actually governing the agents. That is a shocking split between people that are deploying the technology and saying, just go fast, innovate and solve what you can solve, and let's have confidence that these agents are appropriately governed and us in our stack and secured within the stack.

So all of the work that we described today on the Identity Security Fabric is designed to help companies bridge that gap and allow them to continue to innovate with agents, but do it in a way where they're securing those agents properly and governing them with policies and rules that they choose. There was a demo in the keynote where we showed how security posture management will identify rogue agents that have been deployed and haven't been purposely cataloged and put in the directory and governed. And Cross App Access as a capability for people building agents will allow them to be deployed. So these 1,100 ISVs that attended our event last month that Brett mentioned, they all have the problem that they want to sell products and they want to sell agents.

But their customers don't want rogue agents. Their customers are only going to deploy agents that they know that they can properly secure. And so we're very optimistic that Cross App Access has a lot of interest already because everyone needs to solve this problem. And it's not a problem they need to solve 3 years from now. It's a problem they need to solve today. They're already behind. So we feel very confident in how that's going to play out.

Junaid Siddiqui, Truist Securities. Todd, we're seeing this increasing convergence between identity and data security in this age of agentic AI. Could you talk about how you're positioned to bridge identity security with data governance so customers can enforce consistent policies across users and data? And is that an area that makes sense to expand to?

It's inherently related, and we see that in all of our -- we hear that in all of our customer conversations. There's different kinds of technology resources. There's the applications that have all the roles and the groups and the permissions that kind of implicitly define who can access the data or explicitly define who can access the data. Then there's things like a data warehouse where it's like the whole thing is data, and it's just about specifying the rules on who can access what. And it always links back to an identity.

And by the way, the really important thing in agents is like getting them the data. So that's why identity security is such an important part of the combination there. One thing that -- one question I get often is, so everyone says they're going to -- everyone in the security world says they're going to secure AI agents and like who's really going to do it? Who's going to win? And it's kind of like the same with identity and data governance and data security posture management in that whole category and network and endpoint.

I think the reality is that they're all going to play a role. I think it's naive to think that there's going to be -- saying there's going to be one single security solution to secure all of agents. And once everything is agents, all you're going to need is one security solution, I think it's pretty naive. We need a multilayered approach. And I think all of the major pillars of Zero Trust are going to have an important role there. I think the world underestimates how dependent it all is on identity, just like in Zero Trust.

A lot of Zero Trust is dependent on identity. But it's not going to be the one -- that's why I think it's a mistake to think about, oh, there's going to be one company that does everything in security. I think trying to consolidate all of security is very challenging. I think consolidating identity is super valuable and I think doable. Taking a company from 50 vendors down to 1 vendor is very doable. I think it's pretty hard to take a company from all the security tools they have down to one. Simply put, it's because they need different types of security tools to be the most secure.

Patrick Colville from Scotiabank. Thank you guys for having us. So I've spoken to about 12 customers over the last 24 hours and asked all of them, are you here at Oktane to learn about Agentic AI security? And interestingly, not a single one said yes. They all said, no, we're here for kind of PAM, governance, et cetera. But I'm going to ask about Agentic AI security because that's the hot button issue.

So when -- you're talking about cross access. Isn't that a protocol? So I guess, how do you monetize a protocol? And then the reason I started with that opening statement is because I want to bring Brett in, when will this monetization start hitting the financial model? If customers aren't here for that now, like is this a 2026 thing or maybe even like 2027?

I think a big -- I mean, I think this concept of an Identity Security Fabric and a one-stop shop for all of these formerly separate categories is a big growth driver for us. We're investing heavily in R&D to build out these products beyond access management, as we've talked about for many years. So the reason there -- it's good that the reason they're here is to buy all of our new products because we have a lot of great new products to sell.

I think making sure the industry understands that this is where the category is going, and we're going to capture that category is a very important part of the messaging we're delivering to the market. And the outcomes are great for everyone. And I think the customers that you talk to know that. I think you don't monetize a protocol. I think Cross App Access is an open protocol that basically, strategically, the way we think about all these standards is they make identity more valuable.

They make identity able to do more, able to drive better security outcomes, able to give customers less friction in adopting technology. So it's a little bit a benefit to the entire industry, but we benefit tremendously by the fact that identity tools are easier to implement, easier to upgrade. A big opportunity for us is just making the change cost easier. So when these companies want to consolidate vendors, making that incredibly easy. And we do that a lot of different ways. We do that in investing heavily with partnerships with systems integrators.

We do that by building a lot of core technology, by evangelizing open standards. We want customers to get to this better world. And now by the way, by supporting this powerful new identity type, we're going to make it over time. And I think it will take time. I think -- like I said before, I think the near-term opportunities are a lot about the broad product portfolio and consolidating legacy and large enterprise. But the agentic thing is real. And next year, we'll be talking a little bit more about it. You'll see more tangible business drivers in the following years, it's going to be a big deal.

And I think -- go ahead. You go first.

One of the -- so the keynote and our vision and the narrative that we're really emphasizing this year is on this very timely urgency around the gap I talked about earlier between agents being in the wild and how they're being governed today. And you'll see throughout the demos and the platform keynotes that follow and the sessions that follow as well about how we're helping secure agents in this idea. But the core premise of all of this is that we've elevated Agentic identity as a first level identity.

And so just like a human identity and nonhuman machine identity, we'll now have Agentic identity. And we have tons of product announcements coming out this week about all of the products in that Identity Security Fabric for all 3 of those use cases, the human, nonhuman and the Agentic. So our governance product, for example, earlier this year, we announced a connection for on-prem applications and also separation of duties. We're announcing this week that, that is now available for federal use cases as well. And so now available to new customers there. We have new announcements on our Privileged Access product as well as all of our access management categories.

On the protocol, Cross App Access specifically, one of the things we'll be announcing in the Auth0 platform keynote is for anyone who's developing agents using Auth0, they will inherently support Cross App Access. It's a radio button you click to support the protocol when you publish your code. So there are opportunities for us to lean into the standards as they become more adopted in the industry. But to your point, the protocol itself is not what we monetize. It's the security that we can provide better with support for the protocol.

And I think I'd say as the person who leads the field team, the best thing about go-to-market with this new message is it just highlights Okta's strength. So our independence, our neutrality, our cloud-native position. And so when the field are learning about the relevance of our identity security fabric for human, nonhuman identity and agents, like it's a pretty easy leap for them to actually get how that works because underpinning it is the value of our platform. And so how we excel in access management, identity governance and privileged access management, secure posture management, that all relates to the management of agents as well as nonhuman and human identities. So we feel pretty good about how we can cross the chasm with our customers and help them understand that.

I was just going to add, Patrick, about your growth algorithm question was it will take time, like Todd was saying. But think of it as what we've done with governance, right? We've made that product really good. You've seen the impact to the financials, [indiscernible] coming along, device access, all these things we talk about, ISPM, -- it just takes time, and it's just another thing that we have in the toolkit for Jon and his team for them to sell. as the world changes over time as agentic AI becomes more and more embedded in the way the tech stack works.

And I ask you to check in with the partners. We spent a whole day with them yesterday, and they're having lots of meaningful conversations now about this. So it's a real concern for our customers and prospects. So it's not just in our installed base is concerned. It's real and it's happening now.

Rudy Kessinger, D.A. Davison. Similar line of questioning. We've spoken to over [indiscernible] customers as well. And opposite of Patrick, actually, most of them are interested in your AI security capabilities. At the same time.

Even after the keynote.

Oh, this was actually yesterday, we were here, but all throughout. And -- but at the same time, most of them tell us we're not even close to rolling out AI agents broadly anytime soon.

I think that's typical, yes.

Right. And so if the product is going to be GA sometime next year, I'm going to go out on a limb and assume we're not going to see any material contribution until FY '28. A lot of people in the room want to see improved growth sometime before then. And so how do you make sure you're not overallocating too much time, energy, resources into developing those solutions when you could be allocating that time, energy and resources into more near-term opportunities that could drive growth?

What was the last thing? -- near-term opportunities like what?

Near term, investing in other near-term opportunities.

In other near term, yes. It's really a good question. And I think about it this way. We're getting a lot of -- in the building all the capabilities for AI agents, there's a lot of leverage in the foundational stuff we have to do all around. Like for example, there's a lot of leverage in what we've done for privileged access management and the vaulting and the rotation and what we've done in governance for the governance workflows around certifying that things still need access to things. So we're getting a lot of leverage there.

The way I -- what I -- when I talked to the team about as we were innovating and building all this stuff, I said it's very important in these things that we get real customer input because there's a lot of hype and a lot of excitement around AI. And I wanted to ground the team as we built this in real tangible customer input on what they actually needed. And I think what we found is that there was a lot of overlap with the use cases around governance and privilege and having this end-to-end fabric and just taking that final mile to AI agents is something that's valuable, but doesn't put us down a path that could turn out to be fools gold because it's some thing that no one turns out to really need.

I think the core use cases of authentication and authorization apply to Agentic identity the same way they do to human identity, for example. When an agent takes an action, you need to be able to verify that it is who it says it is, you need to authenticate and it's not being impersonated by a threat actor. And then when it takes that action, you need to verify that it has access to do the thing that it's trying to do and needs to be authorized. And so the tooling we provide around authentication for human identities that, that infrastructure applies directly to authentication for Agentic identities.

And our fine-grained authorization with the Auth0 platform for building agents allows you to build in authorization controls as well. So there's a lot of leverage and overlapping capabilities between the features we're deploying for human and machine use cases that apply to Agentic as well. But one of the reasons why this isn't a -- it's not a new launch of a new platform. It's an extension of our Identity Security Fabric to also support Agentic identity.

Yes. One thing to clarify, in case people aren't aware of it that all of the Agentic capabilities on our platform, those will be new offerings we sell. So just like if you add more users to Okta, we deliver more value and customer pays us more. If you deploy agents with the Okta platform, you're going to deliver more value, and we're going to capture that value. So it's a nice combination of an extension of our current products in a way that's clearly delivering value, and we'll be able to monetize.

This is Nasr Islam for Brad Zelnick at Deutsche Bank. The Okta AI agents is a super interesting step forward, and I want to focus on pricing. So there's been a lot of debate over how pricing models change in securing AI agents. And it feels like the traditional basis of per user or per agent pricing may not be the way forward. But I'm just interested in hearing how you see this evolving.

I had a hard time hearing you. There's an echo. Maybe did you guys hear? No. Yes, it's hard to understand. Yes, the sound up here is kind of echoing.

I'm just wondering about how you see pricing models evolve securing AI.

How pricing models evolve. Yes. So I think the basic thing was I just described is like there will be additional -- we're going to deliver additional value from all this capability. So there will be -- customers will be charged for it. We're final -- the basic -- there is a clear model around just a lot of agents act on behalf of the user. So there's a -- think about companies are rolling out their own version of internal ChatGPT. That -- those agents are going to act on behalf of Brett or Eric or Jon.

And so the identity and the number of agents they need to license is very tied to the set of users. So that's an obvious extension. And that's like think of it as an extension of the per seat license. I think what's -- we're still modeling some different scenarios is how it works when there's a one to many. So there's an autonomous agent that does work on behalf of many users. And so that will end up as we work with customers and finalize this, that will work up in some variant of a per request or a per back-end resource model.

It will be monetized a different way because there's not the inherent number of agents there are in the case where an agent is acting just on behalf of 1:1 on behalf of users. But as we get through the final steps of this toward availability next year, we'll be finalizing all that and communicating it clearly to everyone.

So fairly similar in unit measure what we do today. Maybe a little bit of tweaks, maybe a little bit of kind of like blending of the 2 concepts, right? So we'll definitely update you guys as we make more progress.

Okay. Great. Yun Kim, Loop Capital. So obviously, there's a lot of discussions about when the Agentic AI adoption will happen and the time frame around it. But if you do look at one market that's where there's a lot of development going on, that's within the technology companies like ISVs and business application vendors. What kind of go-to-market motions do you have targeting them today? And do you feel like you have to basically become a standard among those vendors to be relevant on the Agentic AI rollout as you roll out to the other enterprise markets?

Yes. I think it's an important area of our strategy, serving especially the companies that are building these Agentic solutions and how we can partner with them and how we can work with them to on this broader adoption of standards like we've talked about. These are -- our strategy here is that we want to be the best identity provider at securing identity and securing agentic AI. And we want to do that by being embedded and being partnered with all of the people building agent technology and agent platforms and app vendors building agents. We want to be the constant across all of it. And that takes the right product, it takes the right partnerships, and we're very focused on that, making sure that's a reality.

Hey, this is [indiscernible] for John DiFucci at Guggenheim. So for the longest time, Okta and the identity players have primarily been tasked to secure human identities, and it's clear that, that's rapidly changing. Based on your presentation this morning and given your roots, -- it seems like the identity platform is coming together to secure both humans and nonhumans. But my question is, is one of those core components more relevant to secure NHIs? Is that the right way to think about it? Or is it finally just coming together between access management, PAM and IGA for both?

Yes. I think that we should stop thinking about them as separate things. I think that's why this concept of fabric is so important. People don't want to have a bunch of different vendors. It's one of the -- people don't -- like -- it's one of the -- there's a couple of really pretty misunderstood things about identity. The first one is that the amount of complexity at customer sites around the number of identity tools, it's quite staggering. Even a small company has 20, 30, 40, 50 different identity vendors. There's tremendous value in consolidating that and normalizing that.

And we think we have the right platform to do that to implement this fabric. The second thing about identity technologies is it's -- there they -- it's a lot of effort and a lot of work traditionally to get them fully deployed. And we're doing a lot of things over the years. And even when we talk about standardization and all the technologies we're building to connect to cloud systems and on-prem system, we're trying to make that easier. We're trying to make it easier to deploy these identity management tools and let people consolidate and let people simplify. And that's -- and I think those 2 things coming together is one of the reasons why we're so well positioned. We can really remove complexity from customers' environments. We can help them have better security outcomes. We can meaningfully change their business, and that's why we're so well positioned.

Yes. I would just add, it's fairly simple what Todd talked about earlier today, right? It's every identity type -- every identity use case and every type of resource, right? And each one of these things that you've been talking about today on the main stage and here today is about trying to go after those. There's a bunch of technology underneath that actually helps us accomplish that. But if you just think about it from that simplistic viewpoint, that's really what the Identity Security fabric is.

We have an online question. [ Taz ] as from ROTH is asking you have a platform for building AI agents, but at the same time, a lot of other companies like Salesforce and ServiceNow are providing the ability to create agents on their platform. How do those platforms collaborate or compete with Okta? Would they need to tie in with Okta to secure agents on their platform? So net-net, question is, do customers build agents on the Okta platform or the platforms offered by the application and SaaS vendors to build agents?

I think the way to break it down is you need to -- you're going to have agents from a lot of different platforms. There's going to be a lot of heterogeneity in this world. It's going to be rapidly changing. So you try to manage what you know is going to be fundamental, and that's the governance, the visibility and the control. And that's what we're doing with the Okta platform.

And we want that to work seamlessly with every -- whether it's Amazon's agent builder or Google's agent builder or Microsoft's agent builder or Salesforce or Atlassian or anyone. We want to work everywhere. And by the way, we want to standardize it so everyone can get the benefit of this identity security fabric no matter what they choose. We want flexibility and openness. Now when you -- I think in that -- on the vein of like there's going to be a lot of different ways to build agents. With Auth0, we're trying to make sure that if you're building your own agent with your own development tools, you can use Auth0 to do the identity security part of that.

And of course, that's going to work on different platforms. And I'm sure there'll be in other platforms, there'll be competitive offerings to that because they're going to want their own identity stuff. But our commitment is that it's going to work great with this standardization to manage, govern and control that we think should be adopted by the entire industry.

Tomer Zilberman, BofA. I wanted to ask about the competitive landscape. Last week, you had CrowdStrike at Falcon talking about expansion of identity -- further expansion into identity versus being more identity adjacent before, and you obviously have Palo Alto acquiring CyberArk, which they're also here as a partner. So I wanted to ask, how do you view the competitive landscape changing with the entry of these bigger platform vendors? Is there enough room in the market for everyone here? And do you think that you'll continue to partner with them versus being more head-to-head?

Yes. The way we think about this is, first of all, I think the goal is 0 identity-based attacks. And so it would be awesome if identity-based attacks, we solve the problem. And all of us went on to working on something else. That would be amazing. So it's another way to say like there's tons of work and tons of opportunity. So I think when you think about how to solve that problem, I think there are -- there's a school of thought that you should have all of the pieces of security working along with your identity security capabilities to solve all security challenges.

And that's when you see like Microsoft or CrowdStrike or Palo Alto, that's essentially their strategy, a one-stop shop for all security, which is I can see the appeal of it. There's lots of fragmentation there. There's lots of potentially ways to consolidate. I think the challenge is that in the security market, you need 2 things. You need -- there's constant innovation, there's constant change. It's an adversarial environment. People are trying to break into it. And so you need this ability to constantly adopt the best solution. And that's always attention, I think, against consolidation and security.

And so that's an important concept. And the other thing is that you -- when you think about what we could do from an identity perspective, it's really about securing the environment and having these things like detection and posture management, but it's also about how the environment could be built in a way to be more secure. And I think that's what coming from a foundation of an identity provider brings us. We can both help secure the environment and actually build a more secure environment itself. So that's a unique approach we have. But there's definitely overlap, right? I mean there's different -- everyone is trying to say they're going to secure AI agents.

And there's -- clearly with CyberArk, there's some overlap with Okta. Some of the things that CrowdStrike is doing in security have overlap with what we're doing. That's for sure. But there's no -- I think it's the wrong way to think about it to be like, oh, there's going to be one size fits all. We're going to have layered defenses. We're going to have identity defenses. We're going to have network defenses. We're going to have cloud management defenses, and it's all about those things working together to really drive toward this goal of eliminating identity-based attacks. And if we did that, that's 80% of the security breaches. So I think there's a lot of work to do, and we're going to be working with them, and we're going to be overlapping with them in some places, but it's an important work we're doing, and we'll do it together.

We have another online question.

It's Mark Cash James here for Adam Tindle. I just want to ask how much of the Agentic AI strategy revolves around customers buying into Okta's governance and privileged access on top of core IAM and SIEM to be able to monetize the way that you'replanning?

So I think it's -- we can monetize it if they're just in core access management, just agents in the directory, track the owner, make sure that the connections are secured, but it just gets more valuable if you want to do governance as well and you want to be privileged as well. So it's kind of similar to like a person, right? You can do core access management, but you can do privilege, you can do governance as well, and it gets more valuable as you expand the number of products in the platform you buy.

Matthew Handorf, Harber Asset Management. Obviously, the business has had a number of headwinds in the last 2, 3 years, but it seems like we're coming out on the other side right now with a more specialized go-to-market effort, increased pipeline, better rep tenure, much stronger product breadth, a normalizing macro. And obviously, demand for identity is probably at an all-time high. So my question is, what concerns do you have out there? Or what do you think would hold the business back from reaccelerating growth?

Jon, do you want to take that?

So our go-to-market strategy, like you said, is based on a number of things. Go-to-market specialization has been something that we've been working on for a period of time now. This year, we moved to a more specialized approach by platform that's particularly relevant to our biggest customers internationally and in our Tier 1 markets. And we've made pretty good progress. So we're pretty pleased with the results from those segments through the course of H1. Prior to that, we moved to a hunter farmer model in our commercial business in the U.S. And that again has been kind of really positive.

So they had a great H1 and productivity is going really well from that standpoint, too. So we think those specialization bets are working. I think where we see real upside is on international expansion. And so we're super focused on a collection of Tier 1 countries outside of the U.S., where we're making some significant bets in our partner investments there, localizing our products and making sure we can deliver them with the right and necessary deployment options. So I think that's got a significant amount of upside moving forward and international expansion. When I also think about the area across the board where we see real upside to, it's in our biggest customer cohorts.

So for some time now, we've been really pleased with the amount of growth we're getting out of that sort of $1 million ACV cohort. And I think it just makes sense when you understand our strategy and you're seeing what's really driving growth. It's in these bigger, more complex customers who've got the legacy of years of buying disparate identity tools. They've just got a lot of complexity. They've got a lot of sunken costs and they've got a lot of risk exposure.

So these are the ones that are really leaning in with us, either they bought access management from Okta before or they're considering their estate and they're considering refresh. So I see very significant upside in our biggest customer cohort everywhere because of that. It's a trend around consolidation. Many of them want a single control plane for all identity use cases, and we're the market-leading independent version of that. And so that's something we're super excited about. And how we mobilize our partner ecosystem around that opportunity, how we align with them, make sure they have the right value propositions, the right expertise and the right service offerings to make customers successful with that. That's, I think, the biggest opportunity that we've got to get right. So that's where we're investing a lot of effort at the moment.

And just one example of that. I had an executive briefing yesterday with one of our -- the CISO for one of our larger customers, a top 10 customer for Okta. They have -- they're on a 3-year contract that renews next June. And the entire conversation yesterday was what is their plan and road map to deploy all the capabilities Okta has added since they first came on board. They haven't yet deployed governance. They're planning to deploy governance.

And so the conversation yesterday was how to move from their current product-based agreement with us into an ELA. They want to buy -- they want to get on to the Identity Security Fabric and be able to deploy it everywhere for all those use cases. Todd talks about several examples of customers that are consolidating dozens and 50 to 100 different identity tools onto one identity security fabric. These conversations are becoming more and more common as our products become more capable and as our customers become better educated about the complexity that they need to solve for. So those conversations are happening all the time right now.

Do you have that in the forecast?

Yes. The other thing I'd say is that specialization for platform is also benefiting the Auth0 motion. And we're really seeing the continuation of customers investing in seamless digital experiences and how the Auth0 team can focus on that opportunity with real strong cognizance and discovery about how that shows up in particular industry verticals is really a big part of us continuing to grow the Auth0 business, especially in our biggest customer cohorts.

It's Tal Simons SoMa Equity Partners. Can I -- just a follow-up to that one. Can you talk about like in these examples of customers that have been with you and access and are kind of choosing to take the whole platform? Like what happens to their -- like how should we think about their spend with Okta? Like what's the rate of change of the spend on those customers? And also, I'm surprised that you're talking about the larger customers starting on this journey first. I would think that the small, midsized and maybe less mature IGA PAM programs are the ones that would be like the first target to go after here. So maybe you could give us kind of color on that motion as well.

Yes. I think on the piece about building out across the identity security fabric with us, I think with the customers, a lot of them have experienced kind of disappointing value from a lot of these legacy products. And they've not gone as fast as they wanted these deployments. They're expensive sometimes, and they create risk exposure for them. And so I mean, I think it's kind of everywhere that concern.

And so yes, we're seeing customers leaning in when we acquire them across like a broad range of products from us now. But we've got a lot -- we've got 20,000 customers. And so we've got access management customers at every single segment level. And then they're all experiencing this challenge with the implementation effort, the administration effort and the risk exposure, having these disparate tools managing identity.

So at every level, they're leaning in. I just think that we're seeing the most growth out of the bigger customers because when they lean in, they tend to spend more money with -- and they obviously have most legacy. So I think it's a growth opportunity in all segments. But we're experiencing the depth of the problem probably greatest in our biggest customers because they've got the biggest history of implementing these products and causing these problems.

And I think a lot of that, too, ties in the partner conversation because traditionally, Okta's products have been super easy to implement. And as we broaden the use cases that we cover to governance, posture management, threat detection, privilege, the set of services work gets quite rich, which obviously, there's a positive flywheel there with partners because there's more opportunity for them to add value, which makes them get more up to speed on Okta and what we can do, which means more customers use them and there's a virtuous cycle there.

Yes, that's right. I mean our partners are super excited about it because they -- oftentimes, they've been involved in some of these projects, and they deeply understand the business needs of our customers and how they've evolved. And so they can really add value when they look at all of the use cases across the identity security fabric. And it's not just at the initial point of implementation. It's like a long-term value orientation for them that really leverages the uniqueness of their relationships with our customers.

Yes. I'm spending a big percentage of my time personally with big prospects, big customers and big partners to try to really take advantage of all the momentum there across the business?

Yes. We shouldn't underestimate how good the products have gotten over the last couple of years, Tal. I think that the comment you said about, oh, governance may be being a little light, like that is an old tape. It's a pretty darn good product now. So we're seeing more and more of these customers land not just with access management, they're landing more with the full suite of things, right? Because they are looking at our products and saying, wow, they're actually quite good, we really should buy more from you guys. So still a small number of big customers that do that. But ultimately, the long-term goal here, which is what we've been sitting up here talking about is get all these people on the Identity Security Fabric, which is effectively the entire portfolio.

And what resonates with these big customers is just look at our R&D spend. It's bigger than all the other identity companies. And they know that these products are going to keep getting better and better and better relentlessly. And that's what they're making the bet on a lot of times. Not only have we proven that we can deliver them, but we've proven that we can make them better over time. And other companies are getting distracted. They're changing ownership. They're getting bought, they're getting sold. They're doing other things and their focus, and we're kind of consistent. We'll keep plugging away.

So Zach Schneider with Baird. And I wanted to ask about OIG and specifically, which capabilities within OIG, either entitlement management, certification, et cetera, are seeing the strongest traction today and maybe where there's some adoption frictions? And then in that sense, will OIG become more of a core module embedded across the identity stack? Or do you envision maintaining a more monetizable stand-alone SKU?

Well, I think we're really pleased with how OIG is going. That's the first thing. And it's a very, very clear cross-sell opportunity for us in our installed base, and the teams really cranking just on that. But it's also really nice, like Brett said, when we win new logos on Okta, and more often not now, we're landing them with OIG. So companies like see it as a highly relevant product to manage governance in their environment. And we're really just getting started with it.

So irrespective of how broad you go elsewhere within the identity security fabric, it's like super obvious to us as companies look at the value of Okta, even if they've got existing governance investments, like a coexistence with them with OIG is incredibly valuable to them, but we're also seeing a lot of customers switch off existing legacy products that they've got quite embedded in their businesses, and they're switching on to OIG long term. So very, very exciting opportunity for us over the long term.

[indiscernible] from [indiscernible] global. Todd, I was just hoping to get an update from you on the latest thinking in terms of the internal architecture. Like obviously, it's been several years since Auth0. And until now, you've opted to keep it separate from a platform and now even this year, a go-to-market perspective. But I guess, is maintaining these various systems, Okta Workforce, Okta SIEM, Auth0 SIEM, like is that enabling the speed and innovation that seems to be increasingly required in a market where the time to market matters even more now and competitors are out there with other products today, obviously, some acquired, some repurposed, but still.

I think I'm always -- I always want more in terms of innovation. I'm never satisfied there. But I think we're doing a good job. And I think that we've proven that these products really have different value props to different buyers. And what a developer or a builder wants is pretty different than what an IT and security team want. And so I think you're seeing benefit from being in their respective lanes and what they've been able to innovate. So I'm pretty happy with it while always wanting more.

We have another online question. Joshua Tilton from Wolfe Research asks, lots of questions around how the identity market will evolve with CyberArk becoming part of Palo Alto. Neutrality and the integration network have always been competitive differentiators for Okta. Does the integration network have to evolve to support an agentic future? Does the value of the integration network increase or decrease as all of the apps you are reintegrated with launch their own agentic capabilities? And lastly, is there any reason from a tech perspective that identity should no longer be neutral from other areas of security in an agentic future?

I think that with -- CyberArk is very interesting. I think that the -- I'm not sure about this, but I think they had a similar idea that they wanted to build this identity security fabric, which you have to have all the products in the categories. You have to have great access management. You have to have posture management, threat detection, governance. You have to have privileged access management. I think there's a big question now like will they change the approach? Will they really lean into privileged use cases, security use cases, parts of Agentic?

I think that's yet to be seen. I think the pull there is definitely going to be, I think, favor Palo Alto more, integrate tightly with that. And I think the independence neutrality is a huge advantage. I think there's not -- you have to consolidate something. You can't have everything from everyone. It's a question of which consolidation points do you choose. I feel strongly that it's dangerous to consolidate on security because of the adversarial nature because of the lock-in you get from consolidating from one vendor.

I think identity is a good place to consolidate because you can get simplification and cost efficiencies from the control, while at the same time, you can have the business outcomes you need because identity companies focus on connecting to everything, not just Palo Alto, not just CrowdStrike, everything. So I think that's the winning position, and that's the strategy we're executing on. And I think this is a big change for CyberArk. And I don't know what it means for their old strategy, but I think it's a big change.

And it will be a while before that becomes tangible so that whole deal needs to complete first for them to be able to understand exactly what they're going to do, where the road map will take them.

Maybe kind of slightly off topic, but you mentioned a lot of that this is going to take time with all these Agentic solutions. You also mentioned kind of in your keynote, a lot of F of customers. I guess just from a perspective of like your guys' own AI journey and kind of adopting AI internally, just kind of where you guys are, where you guys are finding usage?

Yes. We have -- so we use AI throughout Okta. I think in our -- from a productization standpoint, probably the most prominent use case we've talked about publicly is identity threat protection with Okta AI, uses the AI capabilities across our volume of transactions that we manage. So as a company, we process over 45 billion authentication events per month. And that volume of data helps us use AI to identify threat signals, things that look anomalous and could be suspicious and to help us protect our customers from activity that shouldn't happen. That's the productized use case we talk about most frequently, and that product has been in market for quite some time.

Internally, within Okta, and I oversee our operations, including our IT organization that provides tools to the company. We have today over 60 -- AI tools internally that we use for various use cases that it spans everything from work with our developers using developer tools like AWS, Bedrock, GitHub Copilot, et cetera. Two, from a creative standpoint, our marketing teams use Adobe Studio and Clay and a number of other tools. And really across the company, and Todd talked about this on stage, we're driving our people to lean in with these technologies and find out where they can make us more productive, where they can make us more efficient, where they can make us more competitive, where they can make us grow faster.

So we have -- we feel we have a responsibility to be thought leaders and to be progressive in exploring the capabilities of these technologies and how they can help us go faster. And also, we have a responsibility to make sure, just as we talk about here, we're not deploying these technologies in a case where they could cause a security deficit. And so our North Star commitment on the Okta Secure Identity commitment still guides. We're very thoughtful about our data governance for these tools as we bring them in.

We're very thoughtful about the production use cases as we bring them in. and we're very intentional to make sure that if there's an opportunity to explore how a capability could help us go faster, we're going to make sure that we explore that, even if that requires a proof of concept where we gate it and ensure that we're not causing difficulty for us. But we're very pleased with our uptake. And we think we're -- we have found the right balance between making sure that we stay true to our goal of being one of the most secure companies in the world and also accelerating our pace of innovation to make sure we can be thought leaders in the space.

Yes. Navigating all this change is -- it's a tremendous challenge. And it's -- but it fires us up. We love doing hard things. We love succeeding in the face of adversity and taking on this challenge, whether it's internal transformation, whether it's product, whether it's industry landscape, it's very motivating, very exciting for all of us. And I think you're seeing that come through in what we're delivering and how we're performing as well.

It makes all of our conversations with customers just highly timely and relevant because all of them are navigating the exact context I just described. They're all in the same position right now. And so there's intense interest in all of us understanding how to chart a path to navigate this to benefit from the capabilities of this new wave of technology and do it in a way that keeps your company secure. And I think that's what you saw in the main stage keynote, which you referenced, and that's what you hear throughout the week, this week at the show.

I have time for one last question coming in online.

Last question comes from Adam Borg at Stifel. Big picture, so fast forwarding 5 years, do you expect that the TAM for securing NHI in general and Agentic AI, in particular, to be smaller, the same size or larger than human identity?

I think it's on the order of the same size. That's how I think it will play out. I think both are going to grow, and both are very important. Probably I should have had a longer question.

We take one more. Any shorter questions.

Someone in the room.

Anybody? Upfront.

In the past, I know the team has said that OIG constitutes about 30% of a workforce deal TCV. Can we get a sense of how that compares to OPA and ISPM and the ITR please?

Yes. I think all of those categories, governance, it can be a 30% to 50% increasing value from a basic access management. Privilege can be a 30% to 50% increase over that. And then the other bucket is, call it, ISPM, Identity Security Posture Management, Identity Threat Protection, that can be another 30% to 50%. So really, you can go from a basic access management deal to a full all-product Okta deal that can be the summation of all those, which is 3 to 4x larger, if I did my math right. What do you -- we're seeing it bear out in the data. So it's positive.

Okay. I think we're out of time. Thank you, everyone, for coming out. Thank you, gentlemen, for your time today. Please go enjoy the rest of Oktane, go to the keynotes, walk the halls, talk to customers, talk to partners. Have a great time. Thank you. Thanks, everybody.

Please welcome Okta's Chief Executive Officer and Co-Founder, Todd McKinnon.

Hello, Oktane. Wow. This is amazing. Thank you so much for being here, customers, partners. We love customers. We love partners. Investors, we love investors. Competitors? Hey, don't laugh. They have to figure out what they're going to be working on for the next few years. We're happy to share all of our hard work with all of you. We're very excited. My dad is here. Welcome to Oktane, dad. Nice to have you here.

This is very cool. So in the room, it's official. I got the update. This is the biggest in-room crowd ever for Oktane. Bigger. Yes, bigger. It beats the record of 2019, which was the previous record. So I think that means COVID is officially over. Congratulations, everyone. We are thrilled to have you here for the most important security event of the year. Last year, I told you a story of how Okta was on this journey to be the most secure company in the world. This year, the story is about how Okta is still on that journey and is working on and made a lot of accomplishments toward being the most secure company in the world, but also how we're doing that and embracing and transforming with AI because there is a huge opportunity.

This is the most obvious statement I'll make today. But this is -- there's a huge opportunity for all of us with AI. It's the biggest platform shift since the Internet. It's bigger than mobile. It's bigger than cloud. It's bigger than social. The opportunities and the potential is amazing. We see it in the products we use. We hear it in the headlines we read. Do you read these headlines? I feel like I should just be doing more. I should be doing more with Okta. I should be leading. I should -- we should be adopting more AI and we should be putting in our products more and more and more.

I feel like if I haven't built a company worth $1 trillion or if I haven't built a $500 billion data center. It's like what am I doing with my life? Does anyone else have this FOMO about AI? This is a common thing, FOMO. And I thought about like what's going on here? What's the tension? And it's really this, Okta has spent the last few years on this journey to be the most secure company in the world. And that's really driven our priorities and what we focused on and what we've invested in. And we have to figure out how we do both, how we innovate with AI and how we continue on this journey to be the most secure company in the world. And it's a tension that we all face every day.

I know because in my conversations with you, it comes up over and over again. It's easy to fall in the trap of one extreme, either complete lockdown mode and totally focused on security or the other way where you're being fast and loosened innovation at all cost.

And we all know that we have to do both. We have to balance. We have to strike the right balance. We have to innovate and be secure. Every company struggles with this, don't feel bad about it, don't feel guilty. We have to figure out how to do both. And at Okta, our foundation, our bedrock, our core priority is incredibly clear. And it starts with the Okta Secure Identity Commitment, which is our long-term commitment to lead the industry in the fight against identity-based attacks. This is how we do it.

When we think about this tension, about balancing innovation with AI and about security. We had this key revelation, which is the thing we've been focused on is actually the unlock to do both. This is how we innovate without compromise. The Okta Secure Identity Commitment has four pillars from building industry best products and making sure those products are secured by default to hardening our corporate infrastructure, making sure it's the most secure in the world, to championing customers' best practices because if it doesn't all work for you and it's not easy to adopt and deploy and get value from, it doesn't work. And finally to elevate the whole industry in the fight against these attacks.

We launched this initiative formally over 2 years ago, and we have poured our blood, sweat and tears into this. One way to quantify it is it's added up to over 2 million hours in 2 years, 2 million hours in 2 years. And we're very proud of the progress there. And when you write it down, it's a lot of stuff. It's a lot of stuff. But that is what is required from a company like Okta. That is what is required, and that's what we've been doing. It's not just about security and locking it down. It is the unlock to how we reach the potential of AI, how we help the entire industry reach this potential. Being secure, the Secure Identity Commitment is the key to the future of AI security and to AI.

Now what do I mean by this? Well, nothing like a great example. And we recently saw a very important and pointing example. It's a major industry-wide breach. I'm sure many of you were involved and impacted in some way, shape or form. This is a breach of an AI agent. And this AI agent was used to automate marketing. So companies use this agent and it sat on their website and it helped prospects learn about the company and create sales leads and automate the marketing process. And the company that builds this agent was hacked and the hackers got the access tokens that this agent used to connect to the SaaS application of hundreds and hundreds of companies, hundreds and hundreds of SaaS applications on hundreds and hundreds of companies, I'm sure impacting many people in this room.

And I shared this story for two reasons. The first reason is it's a very strong demonstration of the work we've done at Okta to harden our corporate infrastructure. We are customers of this AI agent. And because of the work we've done to harden our corporate infrastructure, we were not impacted by this breach. We were not impacted. So yes thank you, thank you. I appreciate that. And I don't share this, I don't -- this is a really bad situation for the entire industry. And I don't share the story to celebrate this whole thing happening. But a lot of times, hardening corporate infrastructure and focusing on lockdown security mode, it's hard work. It's focus day after day. It's prioritizing it's having an amazing team that can get things done, can make hard projects amongst many dependencies in challenging times.

And this focus and this dedication directly impacted to Okta being protected from this issue. So it's nice sometimes to see success be demonstrably apparent when many times security work, as you know, is the best thing that can happen as you never hear anything about it. So that's the first reason I share it.

Now the second reason is that this is an example of what can happen in our industry without the right security for AI agents. Think about this breach. This is an AI agent. If every agentic system has breaches like this, AI is not going to reach its full potential. It's not going to happen. People are going to be scared of it, companies are going to be afraid to adopt it. We have to fix this problem. We have to elevate the industry. We have to show the industry a better way.

If you think about what's going on here, this AI agent and many other AI agents, they are a powerful new identity type, a powerful new identity type. They can act independently on their own or on behalf of a user or a team or a company. They can access tools, applications, data. They can plan and complete tasks on their own. They're kind of like a piece of software, kind of like a system account, kind of like a person somewhere in between. And the pace here of innovation is absolutely stunning. We all see it.

So it's not surprising that many of you are making AI agents the #1 priority in your entire technology investment. And now these AI agents and the potential here and the potential benefits, they are getting very, very powerful, and it's happening very quickly. If you think about just 5 years ago, the complexity of a task that an agent could complete would be something that would take you about 9 seconds. Think about adding the last sentence to your e-mail. Now just in 5 years, it's dramatically different. AI agents can complete tasks on their own that would take you 2 hours. Think about kind of a medium complexity support issue, where you have to look at the support database and interact with the customer and then solve that issue.

So key here as this improvement happens is that agents need access to more and more data. More and more data, more and more access, which means it's very important that these AI agents have an identity in the sense we talk about identities. And that means that without identity security, AI security collapses. So AI security is identity security. You can't be successful in one without the other. AI security is identity security. So to understand why, think about the complexity you are already facing.

I know it's something you think about all the time. You're working with it every day. You have identities, you have employees, customers, partners, nonhuman identities. You have various tools from different identity vendors that connect the identities to your resources, the resources, they're absolutely critical. It's your applications, it's your data, it's your business process, it's your APIs. It's the things that power your business. And this could be thousands, even for a medium-sized company. It's a big challenge to stitch all this together, this web of complexity.

Now you take this complexity and you layer on top of it 1 million agents. And these agents, they need to connect to everything. Just like your people do, machines, servers, APIs, data, customer data, other agents, identities. This results in even more and more complexity as it all mixes together, but complexity isn't the only challenge here. Agents to be most effective as they get more powerful, need broad and persistent access. My friend, Steve Williams, from NTT. Steve's here, I think. He had a great line about this. We were talking and he said, "Todd, it's like you take an insider threat and you just put it in your company and give it all the access it needs and let it run wild". I thought that was an interesting way to think about it. Scary, but interesting.

So there's enormous risk here. And this isn't some abstract concept that a CEO of an identity company is up here trying to scare you about. This is happening now. The risk is real now, and we're seeing instances of this every day. This is an example of one of the world's best-known restaurant chains, they implemented an AI agent. This agent sits on their website and helps job applicants who want jobs at the restaurants learn about the positions, the person gives information to the agent, the agent lets the person apply for a job, automates this important process. It's an important process. This company needs great people to work in their restaurants.

Now they implemented the agent in such a way that attackers could trick it into disclosing the password for the back-end administrator account that the agent connected to. And guess what the password was. So I understand you think this is like for humor. And I will just say like take a step back and think about what's going on here. This -- I don't have any inside knowledge about this. But I'd bet you, something like this happened.

The CEO of this company, the Board of Directors of this company is pushing the team to adopt AI. What are we doing with AI? Has anyone heard this? What are you doing with AI? Adopt AI. And so these hard-working smart people built this great AI agent, and they probably took it to a meeting and said, look what we have? And I'm doing this at Okta. I'm saying, what do we have? What are we doing? What are we doing with AI? I don't want to miss out, and I'm sure you're doing it to your teams and your boss is doing it to you. And so this team took what they had and the boss said, "Put in production. Now". And the teams look at each other like, I'm not sure it's ready. What do you mean it's not ready? We're going AI.

So they put it in production. And so it's not a surprise that this happens. And now the threat actors have access to 64 million records about chats and conversations and personal information. It's a big issue. So we have to help. We have to do a better job here as an industry to make these kind of things successful because if we don't, AI is not going to reach its potential. So it is not just a one-off incident. The government of the United Kingdom organized a big red teaming exercise, which means a bunch of people got together and tried to break in the system so they could find the vulnerabilities before the bad guys did. And these weren't against AI agents built by a restaurant company. These are some of the most well-known AI agents that we all use.

And guess what they found. And almost all of them, the same kind of issues. Overly permissive access, not clear deployment patterns, which led to the ability to compromise these actions. And without the right identity controls, this is a big problem. If we don't do something differently we're at a risk of taking a step backwards 10 years in all the security progress we've made. We've done such a great job with phishing and cross-site scripting and building a more secure web apps. This is the potential to throw it all away and which is -- we can't let that happen. This means AI security is identity security. It's the key to agent security and the entire AI security world. And we face these clear and present challenges today.

I'll share another very memorable story from my conversation with a customer. This customer is a great Okta customer called Emerson Electric. And I was talking to [ Matt and Scott ] and we were talking about this pressure. They feel like do more with AI. They had offsite meetings and they said, we got to get together, we got to do more with AI. Of course, we do. And they looked at me and they said, Todd, we want to do all stuff with AI. If we don't get our identity foundation in order, we have no shot. We have no shot. It's not going to work. That really stuck with me. And you can't address this issue with a grab bag of stand-alone identity tools. This requires a completely new category, a unified approach that strength -- it simplifies control and strengthens protection.

Now a key thing here is that it's got to be comprehensive. It's got to cover everything. No gaps, no little wedges for any kind of threat to sneak through. It's got to cover every identity type, every use case and every resource. It's called identity security fabric. And it transcends previous identity categories. And the goal here is very simple. The goal here is zero identity-based attacks. It's a unified approach that's deployed across every identity type, employees, customers, nonhuman identities, partners, contractors, every identity use case, governance, privileged access management, access management, threat protection, posture management.

These are not individual products. They're really features of a bigger category, and it's integrated across every resource, apps, infrastructure, databases, APIs, everything, no gap, no wedge to sneak into. And it has to be fully -- it has to ensure that you are fully secure.

And it can do this with the ability to orchestrate across the fabric. So the left-hand knows what the right hand is doing. It can share risk signals, so coordinated defense against attacks and you can take actions like automating Universal Logout when any kind of threat emerges. This is what you ask us for every single day. You don't want 50 different solutions from 50 different identity vendors. Now this idea is what I've been doing in my entire career. Okta is my third job.

My first job was at a company called PeopleSoft. It was in the ERP category, unifying HR, financials, manufacturing. My second job was at Salesforce in the CRM category, unifying sales, marketing, service and support. My third job is at Okta. The category is Identity Security Fabric, and we're unifying access management, privileged access management, identity governance, posture management, identity threat protection. It's a new category.

Now it's bigger than just Okta. It will require the whole industry to work together to make this a reality, but it's our North Star. And we are continuously chasing this vision, this dream and innovating as technology evolves. This is absolutely critical to our overall vision as a company, which is to free everyone to safely use any technology. And this vision is it's more relevant and more urgent than ever in this new age of AI and all the potential that we're surrounded by. For us, securing AI agents is just like securing any other type of identity and it's what we were built to do. Today, we are unveiling three important innovations that will help all of us address the challenges of agentic security.

The first is how you can bring your Identity Security Fabric to life by bringing AI agents into the Okta platform. Second is how to strengthen the Identity Security Fabric with open industry-leading standards for AI agents. And third, how you can easily build fabric-ready agents with the Auth0 platform. It all starts with the Okta platform. It's the best, it's the fastest, it's the easiest way to build an Identity Security Fabric. It's the only modern, fully integrated, scalable, cloud-based platform. It's purpose built for IT and security teams. Individually, the products in the Okta platform are excellent. But together, they are spectacular and enable use cases that were never before possible.

And it does this in an independent and neutral way that is integrated to everything. Over 8,000 integrations in our Okta Integration Network. We don't have an opinion on which technology you choose. We focus on identity and leave the choice of technology up to you. There's no lock-in. There's no forcing of any direction of technology. So the simple way to put it is the Okta platform, it brings your Identity Security Fabric to life. That's how you simplify control and strengthen security as your environment grows. It takes you from this multivendor fragmented approach to consolidation on a single identity platform. Of course, a key feature of the Okta platform is that it continues to adapt and evolve as the technology world changes and new technologies emerge.

And that's why we're making AI agents a first-class identity in the Okta platform. This means every use case in Okta will support AI agents from storing them in Universal Directory, to discovering them with Identity Security Posture Management, to managing their access with Okta Identity Governance, to manage their access to critical resources with Okta Privileged Access. You can think about this like you've put people in Okta forever and had visibility and governance and control. And now you can do the same thing with AI agents, all with total flexibility that you would expect from Okta.

Now in an AI world, where the technology is rapidly emerging and adapting and changing every quarter, Okta is your AI partner. We focus on the fundamentals, the fundamentals of identity, governance, visibility, control and free you to choose whatever emerging technology in this dynamic landscape that serves your needs the best. You need a partner that will take care of the basics and free you to choose. Okta does that for you and make sure that your choices are future proof. So one concrete example of this is with one click, you can bring any AI agent into Universal Directory. You can decide what's the right source of truth. Should that come from Salesforce? Should that come from an agent you build yourself? Should that come from ServiceNow? Should that come from Workday? The choices are dizzying. You can choose though. You can choose, we'll take care of the visibility, the control and the governance just like any other type of identity, which is what we do for you.

This unified approach will make sure you have a great cyber posture and be free to innovate with AI to meet your business objectives. To get AI right, you have to get identity right, to get AI right you have to get identity right. And the Okta platform makes that possible by bringing your Identity Security Fabric to life. Now the Identity Security Fabric is only as complete as the standards that link it to all of your identities and all of your resources together in your environment.

We love standards. Everyone knows their value. You get in your car, your phone seamlessly hooks up to your Bluetooth. Well, sometimes it does. We're still working on that one. Standards make the Internet possible. And now it's especially important in an emerging new area like AI agents. Standardization gets everyone on the same page about where to innovate who's doing what, it's key as these technologies evolve. Now you can't have a comprehensive Identity Security Fabric if your identities and your resources aren't speaking the same language. So let's look at a concrete example here of an area that needs to standardize.

Everyone that's implementing agents, whether you're a SaaS company or whether you're building your own is doing the security and the access control slightly differently. It's hard coded and it can be brittle and error prone as we've seen, if you move it from development environment into production. When something goes wrong, there's a lack of visibility because guess who has to clean it up? IT security -- IT and security. And they go to clean it up, and it's not clear how it's implemented. It's not clear what can access what.

So there's a big opportunity to standardize that. And so there are a lot of standards in the AI world, but there's a missing standard here. And that's why Okta are working with the standards bodies to perform -- to propose a new standard, we call Cross App Access. It's focused on security and access. It lets IT and security teams set the access policies upfront for these AI agents, which makes it open and transparent and visible to everyone involved. It also -- you're clapping for the standard? Okay. This is like -- it's my kind of crowd. It's my kind of crowd. You see the value in it. It's kind of down in the details, but you see the value in it. And so you get this visibility, you get to set things up beforehand.

And most importantly, a lot of ways people do this now is that they -- when the agents start being used, they ask the users to allow all these grants, and you get this prompt that says, do you want to allow access to your calendar from this agent. Yes, yes, yes. It's complexity for the end user, and it's -- there's a total lack of visibility as things progress. So we've been working on this for a couple of years now. And we're partnering with the IETF OAuth Working Group, other ISVs and others across the industry to pioneer this new open protocol. That open protocol part is very important, and we're seeing a ton of support across the industry, technology providers signing up and getting involved here and being on board.

Now, why? Why are they doing this? These people are all busy. They're trying to push their businesses forward. The reason why is because they see the problem, they see the opportunity. They see their AI technologies going into these companies and they see the friction and they see the confusion and they see the security issues, and they see this protocol as a way to free that up and have their technology to deploy. They see it as an unlock for the entire industry, and that's why they're so excited. It's not just these listed here, there's dozens more who recognize the power here and the value of securing the agentic future with a protocol like this.

So this standard is necessary and important, but it's also kind of a continuation of what we've always done. We work with standards, and we kick start standards from the beginning, whether it's WS-Fed or SAML or OpenID Connect. And last year, I spent a bunch of time talking about our pioneering work on an open standard called IPSIE. And we're really excited how much progress IPSIE has made. The OpenID Foundation, technology providers and a bunch of you in the room have worked together to publish the first draft of IPSIE Session Lifecycle 1, which delivers standards-based single sign-on, enforceable session life cycle and transparency into authentication methods.

Now this is just the beginning. We're already working with everyone involved on higher levels to add even more use case to standardize how technology works with identity, make things more secure. That's -- it's a very important thing we're working on. And if you want to hear more about this, there's a session this afternoon with Gail Hodges from the -- who is the OpenID Foundation's Executive Director. So it's very exciting progress. It's important work because it's key to shaping the future of identity in the age of AI. And we're not stopping there. There are more standards to create. There's more innovation to push forward. We have a playbook for it.

And it starts with working with standards bodies, working with the community to crystallize these areas that need to be standardized. And then we build them into our products. We build these standards into the Okta platform. We build these standards into the Auth0 platform. And then you adopt them and you get the benefits, the security benefits of these open standards. And users of these products and technologies demand from the technical community that more and more people support them. And so the people building technology, look at the open standard and say, "Oh, I'm not going to get locked in". I can add that, that's going to solve this problem of agentic access or identity management in the enterprise. So I'm going to implement it, and that leads to more customers successful.

So what you see here is this flywheel that spins and it benefits everyone toward the goal of zero identity-based attacks. It's a powerful motion. It's happening, and you're all part of it. So it's very exciting. Now a critical part of this entire playbook is making sure that developers can build with these standards from the start. And that brings us to our Auth0 platform. The Auth0 platform is purpose-built for developers, whether that's a developer building a service or agent or application to sell to customers or it's a developer inside a company, building applications and services and agents for internal use.

Auth0 works amazing with every programming language, every platform, every framework. It's -- you can use it in really bite-sized components. So you can use it where it helps and where you don't want to do your own thing, you can -- it gets out of your way. It's perfect for a developer. And of course, it's all based on the solid foundation of security and reliability. Now for years in the Auth0 platform, we've made sure that developers could build every application standards first. And we've made it very easy by including them in Auth0. And today, we're taking that journey even further by delivering inside of the Auth0 platform Cross App Access support out of the box. So -- yes, if you clap for the standard, you have to clap for the implementation in our products. It's a rule. It's the rule of clapping.

So whether you're building an agent or you're building agentic services, which is something that an agent talks to, you can make sure that they're fabric-ready out of the box with the right levels of security and the right level of visibility. Now to bring it all together, here's a summary of everything we've covered so far. The Okta platform brings your Identity Security Fabric to life, open industry-leading standards like Cross App Access, help everything in your fabric from the identities, the identities down to the resources, making sure they all speak the same language. And the Auth0 platform makes it incredibly easy to build fabric-ready agents and agentic systems. Now together all of this ensures that you can build, deploy and manage AI agents safely, securely and at scale.

Now let's see all of this in action. So join me and welcome to the stage, Harish and Mallory, to show you what this all looks like.

All right. Thank you, Todd. What's up, Oktane? How are we feeling? I couldn't hear you. How are we doing today? That's what I'm talking about. All right. So in the next few minutes, Mallory and I are going to walk you through what it's like to bring AI agents directly inside the Okta platform into your Identity Security Fabric.

The thing is this. From every single one of you, we're hearing the same thing. We want to roll out agents really fast, but we're struggling to balance innovation and security. And specifically, we hear the same three things over and over again. The first is visibility. Where are all these agents that are in my org. The second is control. How do I ensure that it's only accessing exactly what it's allowed to access. And the third is governance. How do I ensure that over time, I don't end up with agentic sprawl? Well, the good news is this, for the last 16 years, Okta has been solving this exact problem for human identities. And now, we can do the same exact thing for AI agents.

Let's see how. We're going to start with visibility. This is your AI agent directory. If the screen looks familiar, it should. This is the same Universal Directory that many of you use on a daily basis. And now you have AI agents right alongside people and groups. That's because AI agents are a first-class identity now in the Okta platform. Let me repeat that. AI agents are a first-class identity in the Okta platform. That's right. Give it up for Universal Directory. That's right. [ Beauty ] is in the house. Okay. Now there's a lot of agents here. There's agents for customer support, there's agents for productivity, there's agents to record video calls. And what's great is these agents were built on different platforms like LangChain or Vercel or Rytr, and they also live in different platforms. Maybe they're in ServiceNow, maybe they're in Agentforce. It doesn't matter. Okta integrates to all of these, so you don't have to worry about future-proofing. We got you. Don't worry about it.

But there's one more important thing. You can see the users that actually own these agents. And that's very important when it comes to closing the accountability loop and knowing who is actually responsible for this agent. Now let's click into one of these agents. The customer support agent. This is a use case we're all familiar with. This is a very powerful agent that needs access to Service Cloud. It needs access to PagerDuty to do its job. But what's great is I can see a description of the agent, I can see the users that own that agent, and I can see the users that have access to that agent. This is the point. It's complete visibility in one place, so you know everything that's going on with your agent right inside the Okta platform. So that was part 1. That was visibility.

Let's keep moving. Let's look to the next piece of puzzle, which is control. Now as Todd said, an agent is only as powerful as the underlying apps and data and resources that it can access. The access is great, it lets the agents move fast, but it creates a big security hole. But if you remember, I'm testing you, I just said, agents are now a first-class identity in Okta, which means with managed connections, I can actually control exactly at a fine grain level what's going on with these agents. Think of this screen like the single sign-on screen for an agent. A lot of you have the SSO screen that you use to get into the various applications with Okta, this is exactly that for an AI agent.

Now what's even better is I can see all of these agents' connections in one place. I can see its service accounts. I can see its API keys, and I can see its direct agent to app connections. This last one is powerful, but also dangerous because if you're a motivated hacker, which none of you are, but if you're a motivated hacker, you can ride that direct agent to app connection directly to get the agent to spit out some sensitive data or take a malicious action. It's very dangerous stuff. But fear not, this agent supports Cross App Access, which means the IT team can control at a very fine grain level exactly what this agent has access to.

So in this case, it has read access to Google. It has read, write access to Jira. And what we've done is we've shifted what is normally embedded hidden risk. We've shifted that into the hands of the IT team. And in doing so, we've actually eliminated a critical attack path. Now control is more than just about what this agent can access. It's also about staying on top of where this agent is going. And to get a deeper look at that, I can actually go to my system logs and I can get a detailed audit trail of everywhere this agent has been in my organization. Now this screen is more than just some great graphs and some details. This data can be streamed to my security operations team so they can stay one step ahead of potential attackers.

I want to make a very important point here. Agents are now in the Okta platform, which means your IT teams, your security teams, they can move from being reactive to breaches and move into a place where they're proactive and staying one step ahead of threat actors and take care of their organization security. All right. I mentioned three things. Let's look at the third piece, which is governance. Now a lot of you are telling us this. Agents are moving rapidly from development to production. That's great, keep innovating. You do you, but you have to stay secure. And one of the big problems with agents moving really fast into production is the risk of agentic sprawl. What that means is what if you have an agent that is no longer needed, but still has long-lived over-privileged access to sensitive resources. That's the definition of sprawl. But again, agents are in the Okta platform, which means Okta Identity Governance can fix that.

In OIG, I can run a simple access review to understand, for example, who has access to Salesforce. And this review shows me my human users, but it also shows me the AI agents that are accessing Salesforce. Even better, I can see the original owner of that agent. Remember, when I called out the owner, Universal Directory, that's why closing the accountability loop. But beyond that, I can see the entitlements of this agent. I can see a risk level and governance analyzer with Okta AI can show me a recommendation of what exactly to do with this agentic access, I may want to revoke it or I may want to keep it. The point is the end user has the data they need to make the right decision to keep your organization secure.

Okay. So we covered what I would call the happy path. You're setting up an agent correctly from the get-go, you're controlling its access, you're running governance. That's great. But what about the rogue agents? What about, let's say, for example, this is just an example, what if the sales team, I love my salespeople here, but what if the sales team deploys an agent to connect to Salesforce without notifying IT? It could happen. They're very enterprising folks. Now here's the thing. The Okta platform can detect that because agents are in the platform, you don't have to hunt for rogue agents and hidden risks, we can find them for you.

And to show you more about that, I'm going to hand it to my friend, Mallory. Take it away.

Great. Thanks, Harish. This is Identity Security Posture Management or ISPM. You can think of ISPM as your real-time threat hunter. It's continuously scanning your tech stack for risks like misconfigurations, over-privileged accounts or even hidden app-to-app connections like Harish mentioned. It does this by integrating with every part of your tech stack, and it uses things like access patterns, naming conventions and a whole host of other advanced techniques to actually identify these risks.

So here, we can see that ISPM has flagged a high-risk issue called grants without Okta policy. Sounds interesting and risky, so we'll look into that. If we investigate, we can see that ISPM has flagged a rogue agent. This agent is connected to Salesforce. It was created completely outside of IT's processes, and it has broad read, write access to our customer data in Salesforce. These are obviously all really huge issues for us. But fortunately, with Okta, we don't just find this risk, we can actually remediate it. So all of the things that you just heard from Harish around visibility, control and governance are ready to be applied.

So when we find a rogue agent, we don't scramble, we can just run the play. I'm going to go ahead and remediate this risk by applying our full security model to this agent. First, for visibility. We can go ahead and bring this agent into Universal Directory, and we can do that with just one click. And then we'll assign a human owner to our agent to close that accountability loop that we've been talking about.

Second, for control, I'll go ahead and apply a baseline security policy that's going to immediately limit the permissions of this AI agent to read only. And this is going to help us shrink that blast radius if something were to happen. And then third, for governance, we'll go ahead and trigger an access certification campaign right off the bat. And the new owner, the one we assigned in Universal Directory, we will have to review this AI agent, just make sure everything still looks good with the permissions.

And just like that, we have gone from a hidden critical risk to a fully managed and governed identity in Okta. And if I head back over to Universal Directory, do that now, you can see this agent right alongside all of our other AI agents here in Okta, fully visible and fully secure. With Okta, these rogue agents have nowhere to hide. What do you think, Harish?

I think it's cool. But judging by this, I think -- they think it's pretty cool, too. So that's right, agents in the platform. Look, what you saw was the full power of the Okta platform now applied to AI agents. You saw visibility, all of your agents in one place. You saw control so that your agents don't access anything they're not allowed to. You saw governance. So you don't end up with agentic sprawl that's going to come back to haunt you later. And finally, you saw ISPM detecting and bringing a rogue agent under control.

The thing is this. Agents are going to transform business and technology as we know it. That is going to happen. But companies that invest in an Identity Security Fabric and that invest in securing every identity type across every use case integrated to every resource. Those are the ones that are going to get ahead and stay ahead in our AI future.

Thank you. Todd, back to you.

All right. Nice job, Harish. Nice job, Mallory. It's amazing. I love seeing it all, all the hard work of the entire team demonstrated on screen there. And I can't wait for all of you to get your hands on this and to make that incredibly easy. That's why we've packaged all of this up in a solution that we call Okta for AI Agents.

Now it includes everything you need to build and manage agents securely. So for agent builders, it includes Auth0 for AI agents, so you can build agents that are secured by design. And for IT and security teams, it includes all the products on the entire breadth of the Okta platform with support, especially for AI agents. So for securing AI agents, this is the most comprehensive solution in the entire market. We're amazingly proud of it, and we can't wait to have all of you use it to deliver value to your companies and your organizations.

So I want to -- to cap things off today, I want to zoom out a little bit and have a conversation with another industry leader, thinking about how to navigate this tension between innovation and security in the age of AI. So we are incredibly fortunate to have the following guest here at Oktane. So I'd like to introduce now Sarah Franklin, the CEO of Lattice. Sarah? Welcome.

Thank you. Yes, I can't do the jumping thing...

It's bigger than it looks...

It is. It takes time to walk through. What an incredible crowd. Thank you so much for having me.

Yes. Thanks for being here, so many customers of Lattice in the audience, but for those of you that aren't current on everything you guys are up to, what's the latest?

Yes. So Lattice, our mission has and always will be to make work meaningful, meaning that we help you, as employees know what to do, what your goals are, how you're doing at that. You have a conversation with your manager and bringing AI in, in a way that helps people be scaling our human potential and really helping us achieve like you said, that [ Nirvana, ] that great outcome that AI can bring to people. And we're really focused on the success of people.

I love that perspective because we talk a lot about infrastructure and standards and risk and -- but it really is all about what are we doing with all this stuff? How are we impacting positively our organizations? Do you have AI FOMO?

I don't have AI FOMO. I mean sometimes, what is it JOMO, the joy of missing out?

Yes, joy of missing out.

No. What we have is a deep belief in what we want the outcome to be with AI. You've talked about it from a security standpoint, we deeply care about the human impact. And what it means for us as people. And we don't want an outcome to be where AI is just automating us all our work. We want the AI to help us be better at our jobs. And so that's really what is so important to us and why it's an incredible opportunity right now for IT and HR to really like lock at the hip and say, let's make it secure, let's make it accountable, let's have that fabric. And let's really focus on how this is a big people transformation for all of our organizations.

When you're out there talking to customers, what is the biggest barrier to that? What slows it down? Or what does the unlock? Like for us, the whole idea here is that we're emphasizing how important identity security is to AI. What's the equivalent as you try to spread this message of empower your people and people are the key?

I mean people are afraid, AI is new. It is unknown and...

By the way, the way the industry pundits talk about, it doesn't help.

No, it scares you.

Everything is going to change. It's all horrible.

Well, it's going to change, but in a way that we want it to be more in our control than out of our control. And when we have people saying everything from we'll have massive unemployment, to we'll have massive free time. And when we're sitting here wondering how do we just get this to step one, we're all at the starting line. Not anyone here has 10 years of agentic AI experience. So we need to, like you said, be very responsible on how we bring this in and not let the fear paralyze us. We need to have the courage and the confidence together that we will not just ship something to production with the pass code of 123456 because we need it there. But that we will be very responsible in how we bring AI out.

Are customers -- like what's the biggest success story? Like do you have a customer story that demonstrates the way to do this wonderfully? What are the barriers, like what's the positive case?

So the positive case and what we've seen with Lattice is when we brought AI in as a coach and really to help people have better human...

But what does that mean? AI as a coach?

Oh, sorry. So...

I think I might need that.

You're doing great.

Presentation coaching.

No, no, no. It's more in your day-to-day job, like when you think about you show up to work, you might have -- you have goals that you want to achieve. The company has goals to achieve. Are you working on the right things? Are you doing a good job? That conversation -- one of the most important things -- you know this as a CEO is getting your people aligned and motivated and working on the most important things.

Yes. The priority alignment is really hard. Yes.

Yes. And this is where AI can really help us scale and coach us and be there for us all the time to help us understand what we should focus on, what we're doing well, what we're doing poorly. And the other thing that's very interesting with AI is that as humans, a little -- a truth about us as humans is that we are not always honest with each other. We're scared of what somebody may think. We're scared of being wrong. We're scared of not knowing what we need to do and that fear impacts our conversations. And especially when you're giving feedback, I don't want to hurt somebody's feelings by giving them feedback.

And so when you have AI that can have context of you as an employee, context of your system of record of work whether it's Salesforce, whether it's Jira, whether it's any system that you're working in and the feedback that's coming about you, your goals, your aspirations, it can help you through your daily job. And that's what's really exciting about Lattice. And what we've seen with our customers be super successful is just being able to help that conversation, be more connected and human and real because the AI is there to help you.

Yes. Yes. There's a lot of amazing potential there. When you work with your customers, do these issues of security of your solution and how manageable it is and how it hooks in with the rest of the -- does that come up a lot?

All the time. And this is why for all of you here, this is so important that you have the Okta's fabric because AI is -- I mean, it's true, I am guilty, as you said earlier, in the keynote about being a CEO of telling your team to push AI out there...

Come on.

Right. And we're having the pressure from the Board to be more efficient. The thing that is most important, I think, right now is to not just look at efficiency, but look at effectiveness. And we need to help our people be more effective with AI.

And our customers are asking us every day, okay, what does this mean? They don't yet understand everything that you showed on the screens of how these agents have autonomy or how they have access, sometimes root level access to data. And so this is -- I accept your challenge for us as an industry to really step up to the plate to say, our job is here to educate everyone on what this technology can be, but also how it can hurt us and let's do this responsibly so that we navigate more to a utopian outcome than a dystopian one.

I love that. I love that. There's so much potential and we need to stay on the side of utopia, yes...

I would love to. And I will say also at Lattice, we are a very proud Okta customer as well, and it's something that our system...

Thank you so much.

Yes. It's important that our IT teams and our HR teams, they work really well together because the directory you have of your agents also needs to be mirrored in the people directory and understanding what the goals are for these new entities, these new identities in our workforce. And so it's a new world that we're all walking into, and it's one which is great responsibility. It's actually getting a little geeky, I would say that I'm really...

Don't get geeky here.

Oh, I am not allowed to?