Situation Card — "The Chatbot Is Becoming an Agent" (SLED)

What you'll hear

“

"We've had a citizen-facing chatbot for about a year. Leadership loves it. Now they want it to actually do things — process benefits, submit permits, update records. We're figuring out how to make that happen."

You're hearing the chatbot-to-agent transition. The IT director is describing a tool that answered questions becoming one that acts on a citizen's behalf, and that opens an identity governance gap they haven't scoped yet.

Recognition cues

You're in this scenario when you hear:

The chatbot is being asked to process transactions — benefits eligibility, permit submissions, record updates — not just answer questions
Language about "citizen self-service" or "reducing call center volume" by letting the chatbot handle end-to-end workflows
References to connecting the chatbot to back-end systems: benefits platforms, licensing databases, case management tools
A program manager or IT director driving the conversation, framing it around operational efficiency or constituent experience
Mentions of Copilot Studio demos, ServiceNow, or a custom build on Azure/AWS
Budget tied to digital government modernization or federal pass-through funds for service delivery

Notice what's missing from their language: zero trust, compliance frameworks, identity governance. Identity hasn't entered their vocabulary. That's your opening.

The governance gap

A chatbot that answers questions doesn't need credentials. It reads public content and returns text.

An agent that processes a benefits application needs to authenticate to the eligibility system, pull a citizen's personal data, write to a case management database, and confirm the transaction. It needs credentials, permissions, and system access. It acts with the authority of a government employee, but nobody hired it, nobody supervises it in real time, and in most current deployments, nobody can revoke its access instantly if it starts behaving unexpectedly.

The IT director is describing a chatbot upgrade. What they'll need to build is an identity governance program, and they haven't gotten there yet. The agent needs a first-class identity: registered, credentialed, scoped to least privilege, auditable, and revocable. Without that, the agency is granting unmonitored access to citizen PII through a software process with no audit trail, no access review cycle, and no kill switch.

The risk here is structural. Only 22% of state CISOs now describe themselves as "very" or "extremely" confident they can protect public data, down from 48% in 2022, according to the 2026 NASCIO-Deloitte Cybersecurity Study. Meanwhile, 78% of state CISOs cite third-party security breaches as their top anticipated threat. An ungoverned agent connecting to citizen data systems is exactly that kind of third-party exposure. And these agents will be transacting on Memorial Day weekend, at 2 a.m. on a Tuesday, whenever a citizen needs help. Nobody is watching.

Discovery questions

Ask these in sequence. They build on each other and surface the gap without requiring you to explain identity architecture.

Which systems will the agent connect to in order to complete a transaction? (Reveals blast radius. Benefits databases, case management, financial systems — each connection is an access grant that needs governance.)
Who decides what the agent is allowed to do in each system, and how is that documented? (Surfaces whether anyone has thought about permissions. In most early deployments, the answer is "the dev team configured it." That's not governance.)
If the agent started accessing records it shouldn't, how quickly could your team detect that and shut it down? (The kill-switch question. If the answer involves taking the whole service offline, you've found the gap.)
How are you planning to handle audit requirements — showing who or what accessed a citizen's record and why? (State auditors will ask this eventually. If the IT director hasn't thought about it, you've earned a follow-up meeting.)
Are you building on one platform, or will you have agents across multiple tools and environments? (Multi-platform = multi-identity problem. This is where "Microsoft handles our identity" starts to weaken.)
Is your security team involved yet, or is this still in the program office? (Tells you whether you need to help the IT director build the internal case for involving security.)

Positioning lines

Lead with the operational frame: "When your chatbot starts acting on behalf of citizens, it needs the same identity governance you'd give a new employee — credentials, defined permissions, an audit trail, and a way to revoke access if something goes wrong."

On the gap: "Most teams building agents right now are focused on making them work. The governance question — who controls what they're allowed to do, and who shuts them down when something's off — comes second. We help you get in front of it."

On auditability: "Every action your agent takes — every record accessed, every transaction processed — gets logged. When your auditor asks who accessed that benefits file, you have an answer."

What not to say

Don't say "zero trust." This buyer is an IT director thinking about citizen services. Zero trust is your internal framing, not theirs.
Don't say "comprehensive platform" or "industry-leading." Nobody on a real call talks like that.
Don't position Okta's centralized gateway for governing how AI agents authenticate and connect to enterprise tools (Auth for GenAI Agent Gateway) as available today. As of May 2026, the full MCP control-plane capability carries a "coming soon" qualifier. If the buyer asks about MCP or protocol-level agent orchestration, that's an SE conversation.
Don't claim FedRAMP authorization for Okta's AI Agents capabilities specifically. Okta Identity Governance (access lifecycle and certification workflows for non-human identities) is FedRAMP High authorized. Whether the AI Agents product set carries its own authorization is unconfirmed as of May 2026. Tell the buyer you'll get a definitive answer from your Federal team. That honesty builds more credibility than guessing.
Don't frame the risk as "you're going to get breached." No named US state AI agent data-exposure incident is on the public record. Frame the risk around audit liability, citizen trust, operational continuity. More accurate, more credible with this buyer.

Microsoft Entra in the room

Assume Microsoft is already in the account. Nearly every SLED org running M365 E3/E5 has Entra ID included in licensing. Copilot Studio is now available in GCC and GCC-High, which means the buyer's team can build agents without a separate procurement action.

When the buyer says "Microsoft handles our identity," don't argue. Ask discovery question 5 instead. Citizen services almost always involve non-Microsoft systems — benefits platforms, permitting tools, case management databases running on different stacks. The moment agents span those boundaries, the buyer needs identity governance that covers registration, credentialing, access control, and revocation regardless of where the agent lives. Entra governs Microsoft's ecosystem. Okta governs the agent across ecosystems. For deeper Microsoft positioning, pull the Copilot Studio Competitor Card.

SE handoff triggers

Bring in your SE when any of these come up. This is the card working as designed.

The buyer asks about protocol-level agent orchestration, MCP servers, or Agent Gateway capabilities
The conversation moves to specific integration architecture — APIs, connectors, how agents authenticate to a particular benefits or permitting system
The buyer wants to discuss FedRAMP authorization for AI Agents capabilities specifically
A CISO or security architect joins and shifts from operational risk to technical security requirements
The buyer asks about identity lifecycle workflows (access certifications, automated provisioning/deprovisioning) for non-human identities in detail

Your job is to open the conversation and establish the governance frame. The SE architects the solution.

Proof points

Lead with Mississippi. The state's MISSI chatbot has fielded 3 million citizen inquiries across 121,000 sources. Mississippi CIO Craig Orgeron sees what's coming:

“

"I think the tsunami is really going to be agents. These agents are going to do things on your behalf, and they are eventually going to be the drivers of digital government."

Your buyer is on this same trajectory, whether they've named it or not. (Source: StateTech Magazine, "Chatbots Open the Door to State Government Access," April 2026)

Indiana for scale. Ask Indiana displaced 2.7 million simple searches in seven months, replacing them with 370,000 chatbot conversations drawing on over 1 million state documents. Still informational — but that volume is one upgrade away from transactional. (Source: StateTech Magazine, "Chatbots Open the Door to State Government Access," April 2026)

Tennessee for governance-first thinking. Tennessee's CTO is building a statewide chatbot framework for benefits eligibility with auditability, access controls, and circuit breakers designed in from the start:

“

"Everything has to be traceable back to the decision. If you can't replay it, you can't trust it."

Use this when the buyer needs permission to slow down and build governance before scaling. (Source: StateTech Magazine, "NASCIO 2026 Midyear: States Shift From AI That Assists to AI That Acts," May 2026)

Connecticut for governance posture. Connecticut's SB 5 creates a state AI working group (appointments by July 2026) specifically tasked with advising on AI agent liability and best practices — building the governance structure before widespread deployment. Good reinforcement if your buyer is weighing whether governance can wait. It can't. (Source: Transparency Coalition AI Bill Guide: SB 5, May 2026)

The macro signal. NASCIO ranks AI and agentic AI as the #1 state CIO priority for 2026. Most states are still early in the chatbot-to-agent progression. The governance conversation is happening now, before deployments scale. (Source: StateTech Magazine, "NASCIO: State CIOs Put AI Governance First in 2026," December 2025)

Capability status — May 2026

Okta for AI Agents capabilities referenced here are based on the April 30, 2026 GA release. Agent Gateway and multi-browser shadow agent discovery carry "coming soon" qualifiers. Verify current status with your SE before making specific capability commitments. Competitive claims current as of May 2026.

Things to follow up on...

MCP spec is shifting: The 2026-07-28 MCP specification release candidate is the largest protocol revision since launch, meaning SLED accounts deploying MCP-based agents today will face reconfiguration before year-end.
NIST is watching agents: The NCCoE published a concept paper in February 2026 proposing to adapt existing identity and authorization frameworks for AI agents, which will eventually shape the compliance scaffolding SLED buyers operate inside.
State CISO confidence is cratering: The 2026 NASCIO-Deloitte Cybersecurity Study found that 78% of state CISOs now rank third-party breaches as their top anticipated threat, a signal that agent governance conversations will land with security leadership, not just IT directors.
Virginia went agentic first: Virginia's governor issued an executive order in July 2025 directing the use of agentic AI to scan regulations for conflicts and redundancies, making it one of the earliest named state-level agent deployments you can reference in conversation.