Unlocks safe Agent AI adoption by solving identity at its core.
New York – May 26, 2026 – Orchid Security, the company bringing clarity and control to the complexity of enterprise identity, today announced a major extension to its Identity Control Plane - introducing delegation-aware identity enrichment, chain-of-delegation audit, and its own built-in AI agent to unlock safe Agent AI adoption across the enterprise.
As enterprises rapidly adopt AI agents- 2/3 reported already using them in production according to a 2025 Team8 CISO Village Survey-, the established identity and access management (IAM) models are beginning to break down as they struggle to accommodate these hybrid, delegated actors. Further, Gartner's recently published Market Guide for AI Agents warns that while adoption is accelerating, governance and control mechanisms are not keeping pace. As one example, the recently published Identity Gap: 2026 Snapshot showed that 67% of nonhuman accounts are local- unseen and unmanaged by enterprises.
The challenge is structural. Today’s IAM systems are designed for only two types of actors:
- Humans (employees, contractors, vendors, customers):
creative, yet methodical, human actors receive permissions that are narrowly scoped to keep that creativity within cyber safe and compliant bounds; supported by a manual change management process to revisit permissions upon request; and - Non-humans (machines, services, and bots): Fast and relentless in performing rigidly defined tasks repeatedly, traditional non-human actors have been granted broad permissions for an indefinite period; their coding (rather than credentials) keeps them in check, with no need for a change management process.
Unfortunately, AI agents combine the creativity of humans with the speed and scale of machines, making both established IAM models inadequate. Grant them broad, static access, and, as recent news reports show, they become a major risk. Restrict them like humans, and manual change processes collapse under their velocity.
What's missing is a new model for this new class of actor: granular, dynamic permissions evaluated and enforced in real time, at machine speed. And there's a second dimension that makes this harder. AI agents are delegated actors - extensions of existing enterprise identities, inheriting authority from humans, machines, services, and bots. Without continuous observability of the full delegation chain, organizations cannot properly govern what agents are allowed to do. This creates an “Agent AI Authority Gap.”
Finally, the prevalence of Identity Dark Matter (the unseen, unmanaged layer of identity accounting for 57% of all identity according to the recent Identity Gap Snapshot) undermining the foundation of IAM makes this even worse: agents don't create new risk, they expose, accelerate, and weaponize the risk that was already there.
To address this, Orchid is introducing three new capabilities:
- Agentic Observability: Identify and monitor AI agents alongside traditional actors, with full visibility into their access, authorization, and activity.
- Agentic Delegation: Link agents to their originating identities and dynamically align their permissions based on delegation context.
- Agentic Safe Guardrails: Application AI-readiness by eliminating identity dark matter, enforcing least-privilege access, and providing security teams full visibility and control over every agent action."
Orchid is uniquely positioned to unlock safe agent AI adoption by solving identity at its core. It is the only platform that discovers, observes, and distinguishes all identity actors: human, machine, bot, service, and now Agent AI, across both managed and unmanaged environments. This comprehensive visibility enables Orchid to bind and enrich every authorization with full chain-of-delegation context, capturing not just who is acting, but upon whose delegated authority, under what conditions, for what purpose and for which period of time.
“AI agents have the potential to be as transformative as any major technological shift we’ve seen,” said Jeremy Embalabala, CISO at Hub International. “But without proper identity controls, they risk becoming the fastest-growing source of enterprise risk.”
“AI agents are not just new identities, they are delegated identities,” added Roy Katmor, CEO of Orchid Security. “If you can’t see the delegation chain, you can’t govern the agent. By pairing every agent with its originating identity and enforcing dynamic guardrails in real time, we’re enabling enterprises to scale AI safely, turning agents into trusted teammates rather than unmanaged dark matter.”
To learn more about Orchid Security’s identity audit capabilities or to request a demo, visit https://www.orchid.security/platform.
About Orchid Security
Orchid Security provides the industry’s first Identity Control Plane, an independent layer between enterprise applications (on-premise, co-located, cloud-hosted or SaaS) and your IAM tooling (IdP, PAM, IGA, etc.). The solution continuously discovers enterprise applications, analyzes native authentication and authorization flows, surfaces identity utilization and accelerates onboarding into governance systems. By exposing and remediating Identity Dark Matter across modern environments, Orchid helps enterprises reduce risk (83% out of the box), lower operational costs (by 75%+), speed the business (reducing effort by 90%+) and achieve compliance at scale. Orchid serves global enterprises across financial services, healthcare, and critical infrastructure. Enterprises now have comprehensive visibility, insight and control across human, non-human, and Agent-AI identities, closing the gap between identity intent and identity execution.
.png)
