.png){kind=small}
.png)
.png)
What is dark matter? But the scientific explanation
Astronomers have a problem. Galaxies spin too fast. Stars should fly apart, but they don’t. The math does not add up.
The missing ingredient is what scientists call dark matter. It makes up about 27 percent of the universe. You cannot see it with telescopes because it does not interact with light. But you can see its pull. Without it, galaxies would unravel.
Dark matter is invisible. But it shapes everything.
How this plays out in IAM
Identity has its own version of dark matter. IAM tools give you what looks like the full picture. You see apps connected to governance, accounts tied to users, and policies that define access. That is the visible universe of identity.
But breaches keep happening. Audits fail. Access anomalies show up where they should not. Which means the math does not add up here either.
That hidden layer is identity dark matter:
- Applications no one ever onboarded into IAM, floating outside governance
- Orphaned accounts left behind after people leave
- Machine identities are multiplying faster than anyone can track
- Access paths that look closed in policy but stay wide open in practice
You rarely see these risks directly. You feel their pull. The failed audit. The suspicious login from an unmanaged app. The breach traced back to an account nobody remembered existed.
Like cosmic dark matter, identity dark matter is invisible to dashboards but impossible to ignore once you measure the effects.
Why do we call it “identity dark matter” at Orchid
We could have gone with another acronym, but IAM already drowns in alphabet soup: IGA, PAM, MFA, RBAC, ABAC, and more. Nobody wanted another.
So we borrowed from science. Dark matter makes the point. It is hidden but powerful. It turns something abstract into something you can picture. And, yes, it is just a little more fun to say out loud.
And selfishly, if you shorten it, the acronym is IDM. Which is perfect, because now I get to look like a visionary who branded my LinkedIn years ahead of time.
Where we go from here
Identity dark matter is not a theory. It is the everyday blind spot shaping IAM programs right now. At Orchid, we are choosing to name it, measure it, and shine a light on it.
This marks the beginning of a journey we are embarking on with you. In the weeks ahead, we will explore what identity dark matter is made of, why it keeps growing, and how security teams can finally get ahead of it. Some parts will feel familiar. Others may catch you off guard.
Here is the simple truth: you cannot protect what you cannot see. And in today’s world, attackers are betting that your blind spots will stay blind.
We are shining a light on identity dark matter. Stay with us as we map the invisible.
Recommended Resources
Want to brush up on the science before we go further? Here are a few quick explainers that make the concept and the metaphor stick:
- Dark Matter Explained in 5 Minutes - a fast, visual crash course
- The Story of Dark Matter | Crash Course - a more narrative approach with context
- What Is Dark Matter? An Astrophysicist Explains - expert-led, concise, and credible
- NASA’s Dark Matter Overview - a solid reference from NASA
.png)
.png)
.png)
