Beyond the Hype: Why Identity is the Key to Unlocking Agentic AI Across UK Sectors
Welcome to the era of agentic AI - autonomous digital coworkers capable of analysing data, calling APIs, and executing complex, multi-step workflows across distributed business applications.
We have seen incredible growth of AI Agents with market analysts projecting that 40% of enterprise applications will feature task-specific AI agents by the end of this year. (Source: Gartner Cybersecurity Trends 2026).
The true frontier for agentic AI across UK enterprises is not a lack of technological enthusiasm or a deficit of innovative ideas. Rather, the real blocker keeping impactful automation locked within sandboxed testing environments is the challenge of enterprise trust. We have seen that while 91% of enterprises are already deploying AI agents (Source: Okta AI at Work 2025: Securing the AI-powered workforce) 82% of them remain at limited or moderate use likely due to the fact that they do not have a comprehensive governance strategy.
The core opportunity for British organisations today is enabling teams to safely move AI agents into production at scale and at speed. In order to do this we must tackle the core organisational and technical risks that currently restrict deployment. At Okta, our position is clear: agentic AI readiness is identity readiness.
The Multi-Sector Opportunity for the UK
The commercial and operational opportunities for agentic AI span virtually every major UK sector concentrated heavily in three operational buckets: automating repetitive tasks (81%), enhancing customer service or support (65%), and optimising internal workflows (60%). (Source: Okta Businesses at Work 2026 report).
In retail and commerce, we are seeing the emergence of autonomous AI shopping assistants that do not merely suggest products, but can now automatically track live supplier shipping, check real-time inventory levels, and securely handle tailored purchases for thousands of customers at once.
In the public sector, AI citizen advice copilots can instantly navigate complex structural silos of regulatory guidelines and historical data, providing local councils and public bodies with verified, structured information while seamlessly maintaining human-in-the-loop oversight for high-risk actions.
Meanwhile, in the healthcare space, AI medical assistants can analyse massive diagnostic datasets to aid clinicians with continuous telemetry, accelerating time-to-care while operating within strictly defined privacy and authorisation perimeters.
Shifting the Paradigm: From Pilot Projects to Secure, Production-Ready Scale
Enterprise leaders want to capture these efficiencies, but deployment remains constrained by significant trust boundaries. Organisations are worried about data leakage, a lack of human oversight, over-privileged delegated permissions, uncontrolled agent-to-agent communication, and a general inability to audit or govern what an agent is doing on behalf of a human user.
Right now, engineering and security teams find themselves caught in a high-stakes gridlock. Business units want the immediate productivity gains of autonomous digital assistants, but compliance and security leaders are holding back greenlights due to an array of fundamental operational risks, including:
Data leakage concerns: Deep worries about how autonomous AI systems access, use, and potentially expose sensitive company information when searching through internal files.
Lack of human oversight: The difficulty of maintaining a deterministic ‘human-in-the-loop’ mechanism when an agent runs complex workflows asynchronously.
Unclear delegated permissions: The risk of agents acting on behalf of a human user while carrying overly broad, hardcoded administrative rights.
Uncontrolled agent-to-agent communication: A complete lack of visibility when different AI systems automatically trigger other software tools and external services behind the scenes.
Inability to govern agent capabilities: A systemic structural failure in auditing, constraining, or proving what an agent did on behalf of an enterprise user.
The roadblock to scaling agentic AI is not an algorithmic issue, it is fundamentally an identity, authorisation, and trust architecture challenge. By equipping developers with the right secure-by-design tooling, organisations can transform agents into auditable, bounded, first-class corporate citizens. Resolving this ‘auth debt’ helps ensure that UK businesses can stop building fragmented, DIY security plumbing and confidently launch production-ready AI experiences that can deliver measurable value from day one.
As organisations move beyond internal copilots and begin deploying customer-facing AI agents, the challenge shifts from authentication to delegated trust. AI agents increasingly need permission to act on behalf of users across applications, APIs and partner ecosystems. The critical question is no longer simply "Who is the user?" but rather "What is this agent allowed to do on the user's behalf?" Establishing explicit consent, fine-grained authorisation and continuous governance will be essential to enabling agents to operate safely, transparently and within clearly defined trust boundaries.
The Core Blocker: The Trust Gap and the ‘UK Policy Illusion’
In addition to having a unified Identity Security Fabric (ISF) another lever that must be addressed before deployment can scale safely: the severe perception gap between executives and workers regarding security policies. In the UK market, this dynamic manifests as a distinct Policy Clarity Illusion.
Okta’s global data highlights a startling contradiction:
A striking 96% of UK executives report complete confidence in their visibility into internal AI utilisation—the highest visibility confidence reported globally. Furthermore, 75% of these corporate leaders state that their corporate AI usage policies are "very clear".
However, the reality on the ground tells an entirely different story. A massive 55% of UK knowledge workers admit to actively using unapproved, unsanctioned ‘Shadow AI’ tools to complete their day-to-day work. This creates a governance gap with only 34% of organisations applying the same security controls to their digital workforce as their human workforce.
While 51.4% of UK firms report they have not experienced a confirmed AI-related security incident yet, operating within this blind spot creates an unmanageable surface area for credential abuse and systemic exposure.
Policy and Regulatory Levers: Machine-Speed Compliance
The final lever we look at is structural. Historically, identity lifecycle models were built entirely around human workflows, relying on HR databases to serve as the single source of corporate truth. For autonomous agents, there is no traditional HR system for agents.
To enable responsible deployment at scale, organisations must move away from slow, manual verification processes and deploy automated governance infrastructures:
Equal Governance Standards: Currently, only 32% of companies govern AI agents with the same strict compliance rigor applied to human users (Source: Okta AI Agents at Work 2026 report). Agents must be integrated fully into the core unified identity security fabric.
Navigating Regulatory Mandates: Regulatory expectations around automated decision-making are tightening worldwide. Compliance and regulatory requirements rank as a top-two security concern for 50% of executives, meaning governance must transition into an automated, continuous process to stay compliant (Source: Okta Businesses at Work 2026 report).
Clear the Identity Debt to Speed Up Innovation
The UK has a spectacular window of opportunity to lead the global agentic revolution. But to win this race, engineering teams must focus their energy on refining model logic and building competitive sector features - not spending time manually building custom identity plumbing, secret vaults, and DIY authorization layers from scratch.
By anchoring your machine automation to a vendor-neutral, standards-first identity fabric, your business can reduce the compliance bottlenecks slowing down your roadmaps. You can confidently greenlight your agent rollouts, enable strict regulatory compliance, and safely unlock machine-speed innovation today.
Ultimately, as British enterprises look to capture the transformative value of autonomous digital workflows, the defining lesson of this new era is clear: you cannot scale what you cannot secure, and you cannot secure what you cannot identify. True agentic AI readiness is identity readiness and getting identity right is how the UK turns AI potential into production-ready reality.
Disclaimer: These materials are for general informational purposes only and do not constitute legal, privacy, security, compliance, or business advice. The content may not reflect the most current security, legal and/or privacy developments. You are solely responsible for obtaining advice from your own legal and/or professional advisor and should not rely on these materials. Okta makes no representations or warranties regarding this content and is not liable for any loss or damages resulting from your implementation of these recommendations. Information on Okta’s contractual assurances to its customers may be found at okta.com/agreements.
Okta
Okta
techUK - Seizing the AI Opportunity
The UK is a global leader in AI innovation, development and adoption.
AI has the potential to boost UK GDP by £550 billion by 2035, making adoption an urgent economic priority. techUK and our members are committed to working with the Government to turn the AI Opportunities Action Plan into reality. Together we can ensure the UK seizes the opportunities presented by AI technology and continues to be a world leader in AI development.
Get involved: techUK runs a busy calendar of activities including events, reports, and insights to demonstrate some of the most significant AI opportunities for the UK. Our AI Hub is where you will find details of all upcoming activity. We also send a monthly AI newsletter which you can subscribe to here.
Derek Thompson, Senior Vice President and GM, EMEA at Workato, shares his insights on how agentic AI is at risk of becoming a 'side project' for many, without intelligent and ambitious enterprise integration.
Read Okta's guest blog, discussing how the core opportunity for British organisations today is enabling teams to safely move AI agents into production at scale and at speed.
Sign-up to our monthly newsletter to get the latest updates and opportunities from our AI and Data Analytics Programme straight to your inbox.
Contact the team
Kir Nuthi
Head of AI and Data, techUK
Kir Nuthi
Head of AI and Data, techUK
Kir Nuthi is the Head of AI and Data at techUK.
She holds over seven years of Government Affairs and Tech Policy experience in the US and UK. Kir previously headed up the regulatory portfolio at a UK advocacy group for tech startups and held various public affairs in US tech policy. All involved policy research and campaigns on competition, artificial intelligence, access to data, and pro-innovation regulation.
Kir has an MSc in International Public Policy from University College London and a BA in both Political Science (International Relations) and Economics from the University of California San Diego.
Outside of techUK, you are likely to find her attempting studies at art galleries, attempting an elusive headstand at yoga, mending and binding books, or chasing her dog Maya around South London's many parks.
Usman joined techUK in January 2024 as Programme Manager for Artificial Intelligence.
He leads techUK’s AI Adoption programme, supporting members of all sizes and sectors in adopting AI at scale. His work involves identifying barriers to adoption, exploring solutions, and helping to unlock AI’s transformative potential, particularly its benefits for people, the economy, society, and the planet. He is also committed to advancing the UK’s AI sector and ensuring the UK remains a global leader in AI by working closely with techUK members, the UK Government, regulators, and devolved and local authorities.
Since joining techUK, Usman has delivered a regular drumbeat of activity to engage members and advance techUK's AI programme. This has included two campaign weeks, the creation of the AI Adoption Hub (now the AI Hub), the AI Leader's Event Series, the Putting AI into Action webinar series and the Industrial AI sprint campaign.
Before joining techUK, Usman worked as a policy, regulatory and government/public affairs professional in the advertising sector. He has also worked in sales, marketing, and FinTech.
Usman holds an MSc from the London School of Economics and Political Science (LSE), a GDL and LLB from BPP Law School, and a BA from Queen Mary University of London.
When he isn’t working, Usman enjoys spending time with his family and friends. He also has a keen interest in running, reading and travelling.
Sue leads techUK's Technology and Innovation work. This includes work programmes on AI, Cloud, Data, Quantum, Semiconductors, Digital ID and Digital ethics as well as emerging and transformative technologies and innovation policy. In 2025, Sue was honoured with an Order of the British Empire (OBE) for services to the Technology Industry in the New Year Honours List. She has also been recognised as one of the most influential people in UK tech by Computer Weekly's UKtech50 Longlist and was inducted into the Computer Weekly Most Influential Women in UK Tech Hall of Fame.
A key influencer in driving forward the tech agenda in the UK, in December 2025 Sue was appointed to the UK Government’s Women in Tech Taskforce by the Technology Secretary of State. She also sits on the UK Government’s Smart Data Council, Satellite Applications Catapult Advisory Group, Bank of England’s AI Consortium and BSI’s Digital Strategic Advisory Group. Previously, Sue was a member of the Independent Future of Compute Review and co-chaired the National Data Strategy Forum. As well as being recognised in the UK's Big Data 100 and the Global Top 100 Data Visionaries in 2020, Sue has been shortlisted for the Milton Keynes Women Leaders Awards and has been a judge for the Loebner Prize in AI, the UK Tech 50 and annual UK Cloud Awards. She is a regular industry speaker on issues including AI ethics, data protection and cyber security.
Prior to joining techUK in January 2015, Sue was responsible for Symantec's Government Relations in the UK and Ireland. Before that, Sue was senior policy advisor at the Confederation of British Industry (CBI). Sue has an BA degree on History and American Studies from Leeds University and a Master’s Degree in International Relations and Diplomacy from the University of Birmingham. Sue is a keen sportswoman and in 2016 achieved a lifelong ambition to swim the English Channel.
Visit our AI Hub - the home of all our AI content:
Enquire about membership:
Become a techUK member
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.