Hello and welcome to Protocol Policy! Today I’m getting ready for a lot of sound and fury in Congress next year. Plus, how tech issues fared in state elections, the EU is officially taking on Microsoft’s Activision Blizzard deal, and regulators might have thoughts about Binance’s FTX rescue.

​Hearings, and maybe some listening

Republicans fell short of the midterm “red wave” they hoped for, and even today many races are still too close to call. But their likely success in taking over the House means that lawmakers will be pursuing a new set of tech priorities in a divided government — and even fewer bills will become law.

Tech policy watchers from both sides of the aisle working in government, in corporate advocacy, or for consumer groups told Protocol they expect to see a renewed focus on Section 230 and allegations of anti-conservative bias by tech companies. The best possibility for action, though, comes from areas of agreement with Democrats: Lawmakers could continue to try to build on the momentum for privacy, seek to hold together the bipartisan coalition that wants competition and antitrust reform, and pursue new directions, taking aim at Apple, Google, and TikTok.

Republicans have been saying for months they want to return to their unsubstantiated claims of politically biased content moderation by social media companies and (more recently) email providers.

• In practical terms, that could mean going after Sec. 230, likely by trying to remove legal protections for platforms when they take down constitutionally protected speech (or spam).
• Even if such a change could pass the Senate, though, President Biden would be unlikely to sign it.
• In the meantime, lawmakers can hold hearings, hauling in CEOs and digging into hot-button content moderation topics like COVID-19 and climate change — as well any government pressure (real or imagined) to handle such posts in a particular way.
• A new dynamic in the focus on moderation and Sec. 230, though, is the rise of more right-wing social apps: Elon Musk’s Twitter, Ye’s Parler, and former President Trump’s Truth Social all likely love the status quo.

Would-be GOP leaders have also said, albeit more quietly, they’re interested in building on the bipartisan progress toward a comprehensive digital privacy bill.

• Data protection, after all, is a top tech priority among voters, and the current House vehicle has gotten further than any similar measure before.
• On the other hand, if Republicans do indeed take power in the House, they’d want to put their stamp on the bill, currently known as the American Data Privacy and Protection Act. They likely would pull back on private lawsuits and AI regulation.
• Since key Democrats already stopped ADPPA in the Senate by withholding their support over concerns about trade-offs, though, moving toward a GOP version of the bill could make compromise even less likely.

Anti-tech Republicans who joined with Democrats to advance antitrust legislation may also try to give another shot to bills on self-preferencing and app stores.

• Democratic leaders (and some in the rank and file) were lukewarm on the measures, though, and those splits among will likely remain, at least for a while. On the House side, there’s also far less love for the bills among top Republicans.
• The White House has said it will push for antitrust legislation in the lame duck now that vulnerable Democrats have gotten through election season, which could theoretically mean one or both bills pass by the end of the year.
• More realistically, though, other priorities like nominations and the debt ceiling may jump ahead of competition policy in the few remaining legislative days of 2022.

Apple and Google could still find themselves facing new or different kinds of pressures, though.

• A bipartisan bill that would force Google out of the digital ads business never got much attention this year, but some experts thought it could become a rallying point if lawmakers are looking for new competition-adjacent issues that appeal to both parties.
• In addition, many Republicans are furious at both Apple and Google over the companies’ moves to restrict Parler in their app stores after Jan. 6.
• And just recently, Republican and Democratic leaders of a powerful House subcommittee pressured both Apple and Google over the presence of TikTok in their stores.

That, of course, is a good reminder that TikTok might not have a particularly happy 2023.

• Bipartisan hawkishness on China is rising, from the White House to House Republicans, and scrutiny of how much American data can be accessed by the app’s owners in Beijing could be intense. (Ditto TikTok’s content moderation.)
• There have already been renewed calls — albeit largely performative ones — for a ban on the app so long as it’s in Chinese hands.
• Bipartisan bills aiming to protect the privacy and online safety of younger users have quietly advanced in the Senate this year as well. Those could return next year, a particular wallop for an app that is so successful with teens.

The future of policy is hard to predict. Perhaps the allure of hearings on political bias for Republicans in the House will take up so much time that no one can work on TikTok. Maybe the Supreme Court will change the conversation dramatically on Sec. 230. State and international policies will shape what companies want, or fear, and control of the Senate may (again!) come down to a runoff in Georgia. Tech policy may still prove, though, it’s a rare area of bipartisan discussion.

— Ben Brody (email | twitter)

​In Washington

Peter Thiel’s gamble on J.D. Vance paid off. With ballots still left to be counted in Arizona, Blake Masters — another Thiel acolyte — has considerable ground to make up against incumbent Sen. Mark Kelly. Both Vance and Masters benefited from their ties to the venture capital world.

The Treasury Department doubled down against Tornado Cash. The department’s Office of Foreign Assets Control tied the crypto obfuscation tool to North Korea, effectively designating it as a national security threat.

​In the states

In October, Protocol wrote about some of the biggest tech issues on the ballot. Here’s how things played out yesterday:

• California’s Proposition 30 failed. The measure would have raised funding for climate initiatives by imposing a 1.75% tax on Californians with annual income above $2 million. Lyft had been a huge backer of Prop. 30.
• Montana’s Constitutional Amendment 48 passed by a huge margin. The amendment requires law enforcement to obtain a search warrant before accessing any private electronic data. The Montana Association of Chiefs of Police came out against the measure, but with 80% of the votes in, around 82% of voters in Montana voted for the amendment.
• Illinois’ Amendment 1 is still too close to call. The amendment would codify employees’ right to organize to bargain for better working conditions. The Illinois Chamber of Commerce expressed concern that it would make the state less business-friendly. Boeing, Caterpillar, Tyson, and Citadel already moved their headquarters out of Illinois in the past year.
• Washington’s Advisory 40 is also still too close to call. This was a nonbinding vote on HB 2076, which gives ride-hailing drivers benefits that include a minimum pay rate and access to sick leave. It also enshrines drivers’ status as independent contractors, which helps explain why Uber and Lyft backed the measure in the first place. Washington’s state legislature already passed the bill, and this vote is only intended to guide its decision to repeal or uphold it.

TSMC is expected to build a second chip factory in Arizona, according to The Wall Street Journal. The new fab could produce even more advanced chips than the original.

A MESSAGE FROM THE FINANCIAL TECHNOLOGY ASSOCIATION

Don’t miss out! Register today to hear some of the biggest players in fintech discuss the industry’s most pressing issues at the Financial Technology Association’s inaugural Fintech Summit: Shaping the Future of Finance. Produced in partnership with Protocol, all sessions of the event will be live-streamed on November 16th.

Learn more and reserve your spot here.

Around the world

The European Commission found that Microsoft’s attempted Activision Blizzard acquisition could “significantly reduce competition.” Microsoft can offer concessions to increase the chances of the deal going through.

The United Nations released 10 recommendations for achieving net zero emissions. Protocol’s Climate team has an overview of how those align with Big Tech’s current net zero agenda.

​In the media, culture, and metaverse

Elon Musk backtracked on an additional verification badge. For a short while, Gray Checks became the new Blue Checks. Twitter gave some already-verified individuals the additional badge to combat all the confusion that ensued after the company opened up Blue Checks to anyone who paid. Then, with a tweet (of course) fewer than 24 hours after the product rollout, Musk announced that he “killed it” and proclaimed that “Blue check will be the great leveler.”

​In data

13%: The percentage of Meta employees the company will lay off, a total of about 11,000 workers. Mark Zuckerberg took personal responsibility for being overly optimistic about growth. Salesforce is also reportedly preparing to cut as many as 2,500 employees.

​A MESSAGE FROM THE FINANCIAL TECHNOLOGY ASSOCIATION

Don’t miss out! Register today to hear some of the biggest players in fintech discuss the industry’s most pressing issues at the Financial Technology Association’s inaugural Fintech Summit: Shaping the Future of Finance. Produced in partnership with Protocol, all sessions of the event will be live-streamed on November 16th.

Learn more and reserve your spot here.

Buying Goldman Sachs​

Not so long ago, FTX founder Sam Bankman-Fried told the Financial Times that acquiring Goldman Sachs was “not out of the question at all.” Yesterday, he agreed to sell his own company to its chief rival, Binance, for pennies on the dollar. The FTX collapse was sudden and unexpected. Just a few weeks ago, it seemed to be one of the best-positioned crypto players. Crypto insiders expressed concern to Protocol over how U.S. policymakers would see this event.

Thanks for reading — see you Monday!

GitHub wants to avoid surprise disclosures of zero-day vulnerabilities in open-source software projects with the debut of private vulnerability reporting on the platform.

The service, announced on Wednesday, aims to make it more straightforward for a security researcher who finds an open-source vulnerability to report the issue to the project's maintainers, according to Justin Hutchings, director of product management at GitHub.

And for maintainers of open-source projects hosted on the repository, "we want to really take those barriers down so that those developers aren't surprised about the security problems on their own project," Hutchings told Protocol.

"One of the worst things that we hear about from developers is that they'll find out through Twitter that somebody reported a [vulnerability] on a project of theirs, and they never heard about it," he said.

"They then have their users coming to them and asking, 'Do you have a fix for this problem?' And they say, 'What problem?'" Hutchings said. "And that is just not a good day for anybody involved in open source."

A common issue is that security researchers do attempt to contact open-source maintainers to disclose vulnerabilities, but often the reports end up going to individuals that weren't prepared to receive the reports and hadn't developed a process to respond to them, Hutchings said.

As a result, "oftentimes they get ignored," he said. “It's not malice. It's just the process isn't built for success.”

The problem is particularly acute outside of the most high-profile open-source projects, Hutchings noted.

In response, GitHub’s new private channel will allow open-source maintainers and researchers to privately discuss vulnerabilities within the bounds of the platform. The Microsoft-owned code repository reports having more than 90 million users.

Private vulnerability reporting will be free on GitHub, Hutchings said, and it's now available as a public beta with plans to make it generally available in early 2023.

The goal is to "really make a difference in reducing how many times we have zero-days where the entire open-source community ended up surprised, and has to scramble to create patches," he said.

The service was announced Wednesday in connection with the GitHub Universe 2022 conference, and comes amid growing concerns in enterprise and government about the security risks posed by open-source software components. GitHub has been tackling the issue in a variety of ways, from making it easier for developers to use its database of known vulnerabilities to announcing a forthcoming two-factor authentication requirement.

On Wednesday, GitHub also disclosed other security-related updates including general availability for support of the Ruby programming language.

Outside of security, GitHub announced that seat licenses for its AI-powered code suggestion tool, Copilot, will "soon" be available for purchase by businesses.

Good morning, and welcome to Protocol Fintech. This Wednesday: how FTX collapsed, the midterms, and Zelle’s real fraud problem.

Off the chain

The midterm elections didn’t deliver any clear wins to the crypto industry, though Rep. Patrick McHenry’s likely ascension to the chair of the House Financial Services Committee could place a blockchain enthusiast in a key role. That committee will also be a thorn in the side of the CFPB’s Rohit Chopra: Expect lots of hearings about the consumer-protection agency’s push to rein in fintechs. The Senate remains a question mark, but FTX’s sudden collapse is producing a bipartisan consensus: Crypto needs better regulation sooner rather than later.

— Owen Thomas (email | twitter)

A brawl, a shotgun wedding, and the aftermath

Binance’s shock announcement of a plan to rescue archrival FTX — after days of open feuding by the companies’ CEOs on Twitter — has rattled an industry still reeling from a dramatic crash and growing regulatory scrutiny. The high-profile brawl that turned into a shotgun wedding reinforced the fear that despite the industry’s rapid growth, the crypto realm remains murky and erratic.

Can you explain this, Sam? The brouhaha began with a report that raised serious questions about FTX and Alameda Research, the trading house owned by FTX CEO Sam Bankman-Fried.

• A CoinDesk report based on a leaked balance sheet for Alameda found that much of its reserves were based on FTT, “FTX’s own centrally controlled and printed-out-of-thin-air token,” Swan Bitcoin CEO Cory Klippsten told CoinDesk.
• FTX uses FTT as a reward currency for trading discounts, but it’s thinly traded, and its price began to wobble Sunday after Binance CEO Changpeng “CZ” Zhao said his company planned to sell its FTT holdings, which dated back to an early investment by Binance in FTX. CZ compared FTT to luna, another token Binance had backed, which imploded this year. The price of FTT plummeted by another 75% on Tuesday after CZ revealed his takeover plan.
• It was a stunning turnabout for a company that seemed to be one of the winners of crypto winter. Just about four months ago, FTX stepped in to save BlockFi with a $240 million credit financing agreement — a deal in which FTX gained the option to buy the crypto lender.

The Binance-FTX rivalry has deep roots. CZ hinted that Binance’s beef with its archrival went beyond Alameda’s fuzzy finances.

• “We gave support before, but we won't pretend to make love after divorce,” he said. “We are not against anyone. But we won't support people who lobby against other industry players behind their backs.”
• It was an apparent dig at SBF’s aggressive lobbying in Washington. Bankman-Fried is known for his plan — since disavowed — to spend $1 billion in the next presidential election cycle. But he and FTX have also actively lobbied behind the scenes to shape crypto and other financial regulation.

Did FTX suddenly run out of options? SBF fired back Monday in a now-deleted tweet that claimed “a competitor is trying to go after us with false rumors” and stressed that “FTX is fine. Assets are fine.”

• Things were definitely not fine. FTX paused withdrawals for customers Tuesday and faced a “significant liquidity crunch,” according to CZ.
• Shortly thereafter, CZ and SBF were friends again. SBF portrayed the deal as “an agreement on a strategic transaction with Binance.” CZ was blunter, saying that FTX “asked for our help.”
• Of course, FTX needed Binance’s help because of a wave of withdrawals arguably encouraged by Binance’s decision to publicly announce its plan to liquidate its FTT holdings. That hurt FTX’s credibility and sent its cryptocurrency crashing, which effectively forced it to sell. Semafor reported that SBF had been scrambling, unsuccessfully, to raise more than $1 billion in financing before signing the deal with Binance.

Will the deal stick? The way CZ announced the merger plan struck some as odd.

• At this point, Binance has only signed a “nonbinding” letter of intent, according to Zhao. He stressed that Binance is in “a highly dynamic situation” in which it has “the discretion to pull out from the deal at any time.”
• Binance Chief Strategy Officer Patrick Hillmann didn’t offer much more clarity, saying in a tweet that the company knows there are “a lot of questions” and it will “have more to say in the coming days.”
• Bankman-Fried’s communications with FTX investors such as Sequoia Capital and Paradigm were hardly more reassuring. In a letter, he told them they were his “second priority” after FTX customers.
• Crypto critic Molly White told Protocol that she was “giving it decent odds that the deal doesn't go through, or that Binance threatens to pull out if they're not given very friendly terms in the deal.”

This is bad news for crypto no matter what. Whether or not the Binance-FTX merger happens, the way the drama unfolded is bound to shake confidence in crypto as a whole.

• Coinbase, crypto’s second-largest marketplace, saw its stock plunge 14% on Tuesday. Robinhood’s stock also tumbled 19%, likely due to worries about SBF’s nearly 8% stake in the online trading app, which has a strong crypto focus.
• Expressing “sympathy for everyone” caught in the FTX situation, Coinbase CEO Brian Armstrong said that “it's stressful any time there is potential for customer loss.”
• Outgoing Kraken CEO Jesse Powell said the deal is sure to draw “significant scrutiny” given the “allegations flying around” and the prospect of customer losses. The government might scrutinize a merger, he added.
• Cathy Yoon, chief legal officer at MPCH, is also “fearful of how U.S. policymakers and regulators will see this event” and its impact on the progress the industry has made “from a policy perspective.” “I’m afraid this will set us back a bit,” she told Protocol.

The FTX crisis unfolded the way crypto meltdowns typically hit — suddenly and opaquely. And the drama is far from over. “It's remarkable, again and again, how crypto personalities like SBF will claim that everything is fine up until the very second they have to admit it isn't,” White said.

— Benjamin Pimentel (email | twitter)

A MESSAGE FROM THE FINANCIAL TECHNOLOGY ASSOCIATION

Don’t miss out! Register today to hear some of the biggest players in fintech discuss the industry’s most pressing issues at the Financial Technology Association’s inaugural Fintech Summit: Shaping the Future of Finance. Produced in partnership with Protocol, all sessions of the event will be live-streamed on November 16th.

Learn more and reserve your spot here.

On the money

Goldman Sachs is fintech shopping. The investment bank has expressed interest in buying a payments-technology firm to further build out its credit card capabilities, The Wall Street Journal reported. That includes reaching out to Deserve, a company that provides card-issuing technology. (This wouldn’t be Goldman’s first buy in the category.)

Affirm shares plunged after its earnings report. The stock dropped as much as 18% after the “buy now, pay later” company revealed a weak forecast. Executives pointed to struggles at Peloton, a key partner for its installment loans.

U.S. credit card balances surged to a record high in the third quarter. Balances increased 19% to $866 billion, with average credit lines also climbing to an all-time high, according to TransUnion data.

Robinhood gave users access to IPO flops. All 23 IPOs that Robinhood opened up to customers through its IPO Access program have declined by double-digit percentages since the stocks debuted, Bloomberg found.

German regulators called on Coinbase to clean up its act. BaFin, the country's financial watchdog, ordered Coinbase's local unit to ensure it has effective risk management and internal controls in place after uncovering "organizational deficiencies."

Crypto venture investors are still pumping the brakes. October data showed the pace of crypto VC investment fell under $1 billion per month, according to a J.P. Morgan research report, less than a third of last year's pace.

​Overheard

Disgraced pharma executive turned crypto token promoter Martin Shkreli had some advice for Terraform Labs’ Do Kwon on the “UpOnly” podcast: “Jail is not that bad."

Say now, regret later? “We're just good at managing,” Affirm CEO Max Levchin told analysts on a call to discuss the “buy now, pay later” company’s earnings. Investors didn’t seem to agree

Just one question for Ravi Loganathan, head of financial institution services at Sardine

Before Sardine, Loganathan was the chief data officer of Early Warning, the fintech company behind Zelle that’s owned by the country’s seven largest banks. Now, at Sardine, he helps protect financial institutions against payment fraud.

Elizabeth Warren has been very outspoken about fraud on Zelle recently. How bad is the problem?

As we move to real-time payments and instant settlement, the fraud vectors you're seeing on the Zelle network will manifest themselves in all of these other rails and any other emerging rail that comes our way. The reason for that is, if you take a look at Zelle, or if you take a look at [The Clearing House] or what FedNow is going to be, these network operators are only transmitting messages back and forth between the sending bank and the receiver. But the majority of the fraud controls, and all of the liability, are with the sending bank.

To go a little bit deeper, think: How do you send a transaction on the Zelle network? You go to your bank's mobile banking app, you click on Zelle on the login page, and the bank is doing the fraud detection from that point onward.

The fraud vector that Zelle is fraught with is social engineering fraud. That is a fraudster, for example, using a third-party application like TeamViewer and socially engineering a relationship with the bank customer so that bank customer gives them access, or the fraudster hacking into their accounts. Then they’re now logging in to that bank account and initiating a transaction. In that instance, what failed was the fraud and risk capability on the bank’s online and mobile banking application, not the Zelle network.

A MESSAGE FROM THE FINANCIAL TECHNOLOGY ASSOCIATION

Don’t miss out! Register today to hear some of the biggest players in fintech discuss the industry’s most pressing issues at the Financial Technology Association’s inaugural Fintech Summit: Shaping the Future of Finance. Produced in partnership with Protocol, all sessions of the event will be live-streamed on November 16th.

RSVP today.

Thanks for reading — see you tomorrow!

On Wednesday, John Kerry unveiled a plan for a new carbon credit program aimed at mobilizing private capital to help middle-income countries transition away from coal and move toward renewable energy.

---

The plan, dubbed the Energy Transition Accelerator, was announced in partnership with the Bezos Earth Fund and the Rockefeller Foundation. Kerry, who is the Biden administration's climate envoy, told an audience at the COP27 climate conference in Egypt that the goal is to "have this up and running no later than COP28," which will take place next year in Dubai.

The accelerator would allow companies to buy carbon credits, which would fund renewable energy projects in developing countries. Those companies would then be able to count the emissions cuts toward the reaching of their own net zero goals.

Carbon credit programs like this have been criticized historically for a multitude of reasons, ranging from being used to greenwash corporations to being an ineffective way of achieving emissions reductions. Some organizations that were briefed on the plan prior to the announcement, including the Natural Resources Defense Council and the World Resources Institute, weren't supportive of the plan because they felt it could undermine global net zero goals, according to The New York Times.

“We’ve seen offsets being used as greenwashing and to delay action,” Harjeet Singh, head of strategy for the Climate Action Network, told E&E News. “I think the big question is, how is this going to be different?”

Those concerns echo a United Nations report published on Tuesday that found that for companies to meet their net zero goals, they "must use credits associated with a credibly governed standard-setting body that has the highest environmental integrity with attention to positive social and economic outcomes where the projects or jurisdictional programs are located." For companies to responsibly use carbon credits, they should ideally only help to cover the last 5% to 10% of emissions.

Kerry announced a few safeguards to try to quell skepticism, including that fossil fuel companies would not be allowed to participate in the program. Only companies with net zero goals and science-based interim targets will be allowed to participate, and they must use the credits to "supplement, not substitute" emission reductions. He also said that a portion of finance must go toward "supporting adaptation and resilience in vulnerable countries where it's difficult to attract capital to these two sectors."

"The fact is that we have to accelerate the clean energy transition, and, my friends, it takes money to do that," he said, noting that the bulk of that investment needs to go toward emerging and developing economies. An International Energy Agency report put out last year found that to reach net zero by midcentury, the world will need to ramp clean energy spending up to more than $4 trillion annually by 2030.

"No government in the world has enough money to get this job done," Kerry said. (Developed countries, for their part, have failed to provide promised climate aid to emerging economies. This isn't the first time the U.S. has tried to tap private money to make up the difference.)

Chile and Nigeria have expressed "early interest" in taking part in the program, as well as Microsoft and Pepsi, according to a press release from the State Department.

The agency will work alongside the Bezos Earth Fund and the Rockefeller Foundation over the next year to develop additional rules and safeguards for participating companies, as well as develop a methodology for monitoring, reporting, and verifying that the carbon credits are real, additional, and permanent.

"The beauty of voluntary carbon markets, if it is done right ... has the virtue of bringing in money that doesn't need to be repaid," Andrew Steer, president and CEO of the Bezos Earth Fund, said at the press conference.

Michelle Patron, Microsoft's director of sustainability policy, also spoke at the press conference, adding that a big focus of the company's energy procurement strategy includes enabling a just transition in the Global South. (In an interview with Protocol in the run-up to COP27, Microsoft president and vice chair Brad Smith also said working with the Global South was a high priority for the company.)

"We've seen clean energy investments in the developing world be flat since Paris, so we need investments to go up, and we need the costs to come down. And the enablers that we see at Microsoft to do that are markets, policy, and skills, and that's why this type of initiative is important," Patron said.

Okta has developed a new capability for its passwordless authentication system aimed at countering the illegitimate use of biometric login data, a move meant to head off a potential route for malicious actors who are becoming increasingly sneaky in their phishing attempts.

"Threat actors are getting better and more sophisticated, and this is kind of a quest to make sure we stay one step ahead of them," Okta co-founder and CEO Todd McKinnon said in an exclusive interview with Protocol.

The new capability for Okta's passwordless authentication product, FastPass, is now in an early access preview, and is expected to be generally available in early 2023.

Biometric data is considered an inherently more secure method of authentication given the unique nature of each person's fingerprint or facial scan. But a series of high-profile cases of thwarted multifactor authentication, including the interception of one-time passcodes, shows that login data tied to biometrics could very well become a bigger target for phishing going forward too, according to Okta.

The company’s answer to the looming threat, McKinnon said, is "to make even the biometric authenticators more anti-phishing” by default.

The method that Okta is implementing involves binding biometric login information to a user's device so that only that device can use that information for authentication.

"What that means is if someone puts up a fake phishing site and tricks you into pushing your fingerprint into the fake page, it's no use to them," McKinnon said. "They can't use that to then log in as you."

Specifically, the new capability prevents the reuse of the login keys that are generated in response to a user’s biometric data rather than protecting the biometric data itself, according to Okta. The actual biometrics are already protected since they do not leave the user's device as part of the FastPass system, the company said.

The new capability, Advanced Phishing Resistance for FastPass, comes amid research showing that identity-based attacks are now the largest source of breaches by far. The capability was announced among several Okta product updates Wednesday in connection with the company's Oktane conference.

Another update that is "coming soon" to FastPass, Okta said, will make the service available to an organization's external partners in addition to its direct employees.

Other product updates announced by Okta include another forthcoming anti-phishing service, focused on the use of WebAuthn authenticators such as biometrics or hardware security keys. The new feature will provide organizations with better controls over WebAuthn enrollment in order to prevent phishing attempts, Okta said. It's planned for early access release in the first quarter of 2023.

Meanwhile, Okta also announced several new features meant to enable automated responses to security issues as part of its no-code Okta Workflows product.

The new features include a set of pre-built security templates meant to demonstrate how workflows can be used, which security teams can then tweak to their specific needs. Okta also announced a tool that enables the no-code creation of connectors to additional data feeds in Workflows, such as threat intelligence feeds.

Ultimately, for all organizations, "you want to be able to have a simple way to automatically respond to attacks," McKinnon said. "Having an automated workflow to respond to what's going on — that's what your security operations center really wants."