*Edited for clarity and brevity from our live, 90-minute Customer Advisory Board session held October 30, 2025.

Building a Culture of Listening

It’s a common misconception that community and CABs are things you build once a company is “more mature.”
We see it differently.

At Orchid, we believe in creating a culture of listening and growing together from the start - because innovation without conversation is just guesswork.

Bringing our community into the process early isn’t about validation - it’s about shared direction. The people leading identity programs in the field are the ones who see what’s coming long before anyone writes a line of code.

In that spirit, this October we hosted our first Customer Advisory Board (CAB) - a space built not for selling, but for dialogue.

An hour and a half. Nearly 30 CISOs and IAM leaders from across industries.Six live polls. Dozens of honest, challenging conversations.And one unifying theme that shaped everything: the rise of identity’s “dark matter.”

A First for Orchid - and for the Industry

For us, this CAB was more than a milestone - it was proof that the identity community is ready to have a new kind of conversation. We hoped for insight, and we got something more powerful - alignment.

Everyone in the room recognized the same shift: identity is expanding faster than visibility can keep up.

The conversation wasn’t about what tools we use - it was about what we can no longer see.

"Complexity": The Word That Kept Coming Up

We began with a warm-up question:

“When you think about identity in your organization, what’s the first word that comes to mind?”

The answers came quickly:
Complexity. Fragmentation. Sprawl. Risk. Unknowns.

Those words weren’t complaints - they were signals of a field that’s evolving faster than its controls.

When we polled the group, the average confidence score in knowing every self-hosted or disconnected app was just 2.2 out of 5. Nearly 80% admitted they don’t know what they don’t know.

That unseen space - the unmanaged apps, orphaned tokens, and service accounts drifting outside IAM oversight - is what we call identity dark matter. It’s the fastest-growing, least-understood part of enterprise identity, and it’s already outpacing the visible half.

The Friction Everyone Feels

When we asked where IAM programs hit the most friction, three themes rose to the top:

1. Privilege and machine identity control
2. App onboarding
3. Visibility across hybrid environments

Different problems, same root cause: too much dark matter, not enough light.

As one CISO put it:

“We’ve automated access, but we’ve lost awareness.”

That comment resonated across the room. The consensus was clear - automation alone can’t solve a visibility problem.

That’s exactly why our work at Orchid starts with visibility as the foundation. We collect and correlate telemetry directly from the application layer to uncover both managed and unmanaged identity - what we call App DNA.

App DNA reveals how each application authenticates, authorizes, and behaves - effectively mapping the identity patterns hiding in the dark.

Drift: The Risk You Don’t See Until It Hurts

When we asked participants what single capability they’d want most, 62% said “detect identity drift and misconfigurations.”

Drift is the quiet erosion of governance - the way privileges, tokens, and service accounts morph between audits. It’s the force that turns small inconsistencies into systemic blind spots.

That’s why Orchid’s visibility engine continuously observes authentication and access patterns, surfacing why drift happens - not just that it did.

As one CAB member said:

“I don’t need more alerts. I need to know which ones matter.”

That idea - context over noise - has become a guiding principle for how we build.

Rethinking Privilege: Danger, Not Titles

Few topics stirred more debate than privilege. Every leader had a definition - and every one was different.

In today’s landscape, privilege isn’t a title; it’s a potential danger.
A forgotten API key might hold more risk than a domain admin.
A background process could have a bigger blast radius than any human user.

That’s why we’re reframing privilege at Orchid through a contextual lens - scoring identities by their impact potential: what they can reach, how they behave, and what would happen if they were compromised.

It’s not about counting permissions. It’s about understanding risk in context.

App Onboarding: The Hidden Cost of "Doing It Right

When the topic shifted to onboarding, every CISO in the room had the same look - empathy and exhaustion.
Several estimated the cost at $12–15K per app, not including the countless hours spent helping app owners document how their systems authenticate.

One attendee said it best:

“We’re still teaching app owners how their apps log in.”

That’s the reality dark matter creates: you can’t onboard what you can’t see.

With App DNA, we start with discovery instead. By mapping every authentication path and integration upfront, teams can prioritize onboarding based on real exposure - not arbitrary order or policy.

It’s governance powered by evidence - and it’s saving time before a single connector is built.

Where the Room Agreed

Despite coming from vastly different sectors, nearly everyone aligned on one thing: the challenges around identity today are universal.

Whether you’re a global enterprise or a fast-growing startup, the same themes kept surfacing - visibility gaps, growing machine identity complexity, and the invisible weight of dark matter across hybrid environments.

What stood out most wasn’t how different the organizations were, but how similar their struggles and ambitions felt. There’s a shared sense that identity has outgrown the tools designed to manage it, and that the next wave of progress will come from understanding what’s been hiding in plain sight.

That alignment across industries and maturity levels is what makes early community building worth it. It’s how we know we’re all looking at the same horizon, together.

What This CAB Showed Us

Hosting this first CAB reinforced something fundamental: listening is a growth strategy. It proved that the hardest problems in identity aren’t about more technology - they’re about more gravity.

We learned that:

• And dark matter isn’t a metaphor anymore - it’s measurable and actionable.
• Visibility remains the foundation for every program.
• Drift is identity’s gravity - always pulling toward chaos.
• Privilege must be measured in context, not hierarchy.

Every capability we’re developing - from drift detection to contextual privilege scoring - exists to turn that dark matter into insight.

But we also walked away with a deeper truth: visibility isn’t the end. It’s the beginning. Because once you can see everything... you have to decide what to do next.

Looking Ahead

The CAB ended not with answers, but with momentum.
What happens when the invisible becomes visible?
How do we govern a world where every app, workload, and agent has its own identity?

We’ll dig deeper into those questions - and unveil new advances in machine identity visibility and agent-ready governance - at our next in-person CAB during RSA 2026.

Until then, we’ll keep listening, keep building, and keep shining light into the dark.

The future of identity isn’t out there somewhere. It’s been hiding in plain sight.

About Orchid

Orchid is building the identity control plane for the age of dark matter - where every app, user, and machine generates identity data.
We make that data visible, contextual, and continuously governable.

Our first CAB didn’t just inform our roadmap - it confirmed our direction.
And it’s only the beginning.

Author Bio

Avital (Avi) Knoller is the Head of Ecosystem, Community, and CXO Relationships at Orchid Security. She leads initiatives that connect visionaries in the identity and security space, shaping how Orchid listens, learns, and grows alongside its community. Avi believes that early, authentic collaboration is the foundation of lasting innovation.