Zone boundary: OWASP LLM Top 10 = model-layer risks (prompt injection, hallucination, poisoning). Not our fight. OWASP NHI Top 10 = identity governance risks (overprivileged agents, stale credentials, no kill switch). Our domain, SE depth. Identity governance limits what a compromised agent can reach. That's blast radius. Zone 1: you establish the frame. Zone 2: the buyer wants to engineer the controls.
Zone 1: Not Our Fight
These topics are real. They're also outside Okta's scope. Validate, name the boundary, pivot to blast radius. Same move every time.
Prompt Injection
You hear: "What's your approach to prompt injection?" Or: "How do you prevent someone from hijacking the agent's instructions?"
What this is: Attacks that trick an AI model into executing unintended actions. OWASP LLM Top 10 #1. NIST's January 2026 RFI on AI agent security made this the threat every federal security team can name.
Why they're raising it: Their CISO read the NIST coverage. This is the AI risk they feel confident mentioning.
Your redirect: "Prompt injection is real, and there are vendors focused specifically on that model-layer defense. Our piece is the blast radius question. If an agent does get manipulated, what can it actually touch? Identity governance makes sure every agent runs least privilege with scoped credentials and a kill switch. We're the containment layer."
Hallucination
You hear: "What happens when the agent hallucinates and takes the wrong action?" Or: "We're worried about the model acting on bad information."
What this is: AI generates incorrect outputs that agents can execute. OWASP LLM Top 10 #9. Agents that can modify files and execute scripts turn hallucination from embarrassing into operational.
Why they're raising it: They've seen the demos. They're imagining an agent with write access doing something irreversible.
Your redirect: "Model accuracy lives with the model vendor. Where we come in is limiting the damage if the model gets it wrong. Identity governance determines whether the agent has the permissions to do anything harmful. Scoped access, vaulted credentials, immediate revocation. That's what we control."
AI Bias and Fairness
You hear: "We need to make sure these AI tools aren't introducing bias." Or from SLED: "Our equity coordinator is asking about algorithmic fairness in the tools we're deploying for student services."
What this is: Systematic errors in AI outputs producing unfair outcomes. A model training and evaluation problem.
Why they're raising it: OMB responsible AI mandates and state-level equity requirements have oversight offices asking questions the IT team can't fully answer yet.
Your redirect: "Bias evaluation sits with the model provider and your responsible AI team. What we govern is the agent itself: registered, scoped to least privilege, fully auditable. If you need to show an auditor exactly what an agent accessed and why, that's identity governance. Different problem, different toolset."
Model Observability
You hear: "We need visibility into what the model is actually doing. Why it made that decision."
What this is: Monitoring and explaining an AI model's internal reasoning. Interpretability tooling, not identity.
Why they're raising it: FISMA and emerging AI mandates require explaining automated decisions. They're conflating model explainability with access visibility.
Your redirect: "Model observability — the 'why did it reason that way' question — is a different toolset entirely. On the identity side, we show you which agent accessed which resource, with what credentials, when, under whose authorization. You need both audit trails. We own the identity side."
Training Data Poisoning / LLM Red Teaming / Model Safety Testing
You hear: "What about data poisoning in the training pipeline?" Or: "We need to red-team our AI models before deployment."
If any of these come up, the frame is identical. Model-layer concerns, OWASP LLM Top 10. Validate, name it as outside your scope, pivot: "That's a model-layer problem. We're focused on containment — limiting what happens when something goes wrong at that layer."
Zone 2: Bring In Your SE
These conversations land in OWASP NHI Top 10 territory: identity governance risks that are ours, but require depth you shouldn't improvise. Recognize the trigger, bridge with credibility, hand off with context. Holiday week or not, send the handoff template before the next meeting.
FedRAMP Authorization Status ⚠️
You hear: "Is this covered under your existing FedRAMP authorization?" Or: "Can we deploy the AI Agents piece inside our FedRAMP boundary?" Or from procurement: "We need authorization documentation before this goes further."
Why this crosses the line: Okta for Government High is FedRAMP High authorized. OIG and Workflows are FedRAMP High authorized (per Okta's federal blog, January 2026; not separately listed on FedRAMP Marketplace).
Okta for AI Agents (GA April 30, 2026) has no confirmed FedRAMP authorization at any impact level as of May 2026. Whether AI Agents components fall within the existing authorization boundary requires your SE and Okta's federal compliance team.
What you say to the buyer: "Our Government High platform and identity governance capabilities are FedRAMP High authorized. For the AI Agents capabilities specifically, I want to bring in my solutions engineer and our federal compliance team to give you a precise answer on the authorization boundary and what that means for your timeline."
What you send the SE: Universal template, plus: Buyer asking about FedRAMP authorization for AI Agents specifically. Confirm current authorization boundary status with federal compliance before responding.
Protocol-Level Questions (XAA, OAuth/OIDC, ID-JAG, SCIM)
You hear: "Walk me through the XAA flow." Or: "How does token delegation work across our systems?" Or: "We need to understand the ID-JAG token exchange for our architecture review."
Why this crosses the line: Implementation-layer questions about token exchange and cross-app authorization. XAA is Early Access, not GA (as of May 2026). Do not position it as generally available. (See XAA Situation Card and Field Glossary: ID-JAG.)
What you say to the buyer: "You're asking exactly the right questions for an architecture session. Let me get my SE on the next call to walk through the token flows against your environment."
What you send the SE: Universal template, plus: Protocol(s) asked about: [XAA / ID-JAG / SCIM]. Buyer's technical depth: [security architect / IT director / developer].
Deployment Architecture
You hear: "How does the Agent Gateway fit into our existing network?" Or: "We need to understand the topology before our security review board."
Why this crosses the line: Architecture requires knowledge of the buyer's current environment you haven't scoped. (See Agent Gateway Situation Card.)
What you say to the buyer: "That's an architecture conversation I want to get right. Let me bring in my SE so we can map this to your environment specifically."
What you send the SE: Universal template, plus: Known existing stack: [Entra / Ping / SailPoint / other]. Buyer wants architecture walkthrough of: [Agent Gateway / ISPM / other].
Custom Policy Configuration
You hear: "Can we require human approval above a certain risk threshold?" Or: "We need custom access rules based on our data classification levels."
Why this crosses the line: Custom policy design requires mapping the buyer's governance model to current capabilities versus roadmap. Human-in-the-loop controls for high-stakes actions are roadmap, not GA (as of May 2026).
What you say to the buyer: "We can absolutely talk policy design. Let me bring my SE in to map your requirements to what's available today and what's coming."
What you send the SE: Universal template, plus: Policy requirement: [verbatim]. Flag if buyer mentioned human-in-the-loop — roadmap, not GA.
Competitive Technical Bake-Off
You hear: "We're evaluating you against [competitor]." Or: "Microsoft says Entra handles this natively."
Why this crosses the line: Bake-offs require SE-led demos and competitive depth. See the relevant Competitor Card for positioning guidance.
What you say to the buyer: "Good. Let me bring in my SE to scope the evaluation criteria with you so we're testing what actually matters for your environment."
What you send the SE: Universal template, plus: Competitor: [name]. Evaluation criteria buyer stated: [verbatim]. Competitor footprint in account: [what's deployed].
Pricing and Packaging for Bundled Deals
You hear: "What does this cost bundled with our existing contract?" Or: "We need pricing that works with our IDIQ vehicle." Or from SLED: "Can you price this through our state cooperative purchasing agreement?"
Why this crosses the line: Bundled pricing with existing contracts requires deal desk involvement and potentially non-standard packaging for federal procurement vehicles or state cooperative agreements.
What you say to the buyer: "Let me pull together the right team for pricing. I want to structure this around your procurement vehicle and existing contract terms."
What you send the SE: Universal template, plus: Existing contract: [products, vehicle, renewal date]. Procurement vehicle: [IDIQ / BPA / state cooperative / other].
Universal SE Handoff Template
Copy this. Fill it in. Send it before the next meeting, not after. If the buyer asked during a short week, that's more reason to send it today.
TO: [SE name]
ACCOUNT: [Agency / organization]
WHO ASKED: [Name, title, role]
THEIR QUESTION: [What they actually said — verbatim or close]
WHAT I'VE POSITIONED: [What you told them so far]
DEAL CONTEXT: [Stage, timeline, competing vendors, procurement vehicle]Things to follow up on...
- NIST agentic control overlays: The NIST COSAiS project developing SP 800-53 control overlays for agentic AI use cases remains in development while federal deployments are already underway, which means your buyers are deploying without a finalized control framework.
- CSA governance gap data: A January 2026 CSA/Oasis Security survey of 383 IT and security professionals found that 78% of organizations lack formally adopted policies for creating or removing AI identities, a stat worth having in your back pocket for expansion conversations.
- Federal AI use case acceleration: OMB's latest inventory documents 3,611 AI use cases across 56 agencies, more than doubling the prior year, which means the identity governance conversation is scaling whether your accounts are ready or not.
- State AI enforcement momentum: Morgan Lewis tracks how California, Texas, and Colorado are imposing AI governance requirements that turn identity governance into a compliance question for SLED accounts deploying AI in benefits, healthcare, and education.