Orchid Extends Industry-First Identity Control Plane in Response to Agentic Dark Matter Breaking the Established IAM Paradigm

Unlocks safe Agent AI adoption by solving identity at its core

NEW YORK , May 28, 2026 (GLOBE NEWSWIRE) -- Orchid Security, the company solving identity at its core, today announced a major extension to its Identity Control Plane - introducing delegation-aware identity enrichment, chain-of-delegation audit, and its own graph-native chatbot to unlock safe Agent AI adoption across the enterprise.

As enterprises rapidly adopt AI agents, two-thirds reported already using them in production according to a 2025 Team8 CISO Village Survey. The established identity and access management (IAM) models are beginning to break down as they struggle to accommodate these hybrid, delegated actors. Further, Gartner's recently published Market Guide for AI Agents warns that while adoption is accelerating, governance and control mechanisms are not keeping pace. As one example, the recently published Identity Gap: 2026 Snapshot reports that 67% of nonhuman accounts are local- unseen and unmanaged by enterprises.

The Agentic Challenge is Structural

Today’s IAM systems are designed for only two types of actors:

1. Humans (employees, contractors, vendors, customers): creative, yet methodical, human actors receive permissions that are narrowly scoped to keep that creativity within cyber safe and compliant bounds; supported by a manual change management process to revisit permissions upon request; and
   
2. Non-humans (machines, services, and bots): fast and relentless in performing rigidly defined tasks repeatedly, traditional non-human actors have been granted broad permissions for an indefinite period; their coding (rather than credentials) keeps them in check, with no need for a change management process.

AI agents combine the creativity of humans with the speed and scale of machines, making both established IAM categories inadequate. Grant them broad, static access, and, as recent news reports show, they become a major risk. Restrict them like humans, and manual change processes collapse under their velocity.

Further, unlike traditional humans or service accounts, agents do not simply request access and perform isolated actions. They operate through chains of delegation, inheriting authority from humans, machines, services, bots, and other agents, then acting at machine speed across systems.

A New Class of Actor Must Be Supported

Governing this new AI agent actor requires a third category that extends the existing IAM model: offering granular, dynamic permissions that are evaluated and enforced in real time, based not only on the immediate requested action, but on the full intent and delegation path behind it, a fusion of just-in-time access and zero-trust enforcement built for agentic AI.

Without continuous observability into that delegation chain, organizations cannot reliably determine what an agent should be allowed to do, why it is doing it, or which inherited authority it is using. This creates an “Agent AI Authority Gap”: a blind spot between what enterprises believe is governed and what agents can actually execute.

Identity Must Become “Operationalized”

Today, the risk posed by agent AI is compounded by Identity Dark Matter: the unseen and unmanaged identity layer that already represents 57% of enterprise identity, according to Orchid’s recent Identity Gap Snapshot. AI agents do not create this risk from scratch. They expose it, accelerate it, and weaponize it, turning hidden local accounts, unmanaged access paths, excessive privileges, and hardcoded credentials into stealthy, high-speed attack surfaces.

To address these structural and operational challenges, Orchid has introduced three new capabilities:

• Agentic Enrichment: Map and enrich AI agents with their originating identities, owners, applications, permissions, and business context to understand who or what they represent and what authority they inherit.
• Agentic Observability: Continuously monitor AI agents across their access, authorization paths, activity, and full chain of delegation to understand what they can do, what they are doing, and whether intent aligns with expected behavior.
• Agentic Guardrails: Enforce application AI-readiness by eliminating Identity Dark Matter, applying least privilege, and strengthening identity hygiene to keep agent actions within their defined bounds, context, and intent in real-time.
  

Orchid is uniquely positioned to unlock safe agent AI adoption by solving identity at its core. It is the only platform that discovers, observes, and distinguishes all identity actors: human, machine, bot, service, and now Agent AI, across both managed and unmanaged environments. This comprehensive visibility enables Orchid to bind and enrich every authorization with full chain-of-delegation context, capturing not just who is acting, but upon whose delegated authority, under what conditions, for what purpose, and for which period of time.

“AI agents are not just new identities, they are delegated identities,” added Roy Katmor, CEO of Orchid Security. “If you can’t see the delegation chain, you can’t govern the agent. By pairing every agent with its originating identity and enforcing dynamic guardrails in real time, we’re enabling enterprises to scale AI safely, turning agents into trusted teammates rather than unmanaged dark matter.”

To learn more about Orchid Security’s observability for Agent AI or to request a demo, visit https://www.orchid.security/use-case/guardrails-for-autonomous-identity .

Identiverse 2026

Orchid Security will be on-site at Identiverse 2026, Booth #239, from June 15 - 18. Attendees interested in learning how organizations can safely scale agentic AI while reducing unmanaged identity risk are encouraged to stop by or schedule a meeting with the team onsite.

Orchid Security will also be hosting the following sessions during the event:

When “Lazy” AI Agents Meet Broken Identity Hygiene
Tuesday, June 16 | 1:15 PM – 1:30 PM | Oceanside E

From Seeing to Knowing: The Identity Observability Frontier
Wednesday, June 17 | 7:15 AM – 8:15 AM | Oceanside E

About Orchid Security

Orchid Security sees straight into the application binary to deliver the industry’s first Identity Control Plane, transforming IAM complexity into clarity, compliance, and control. Its Identity-First Security Orchestration platform continuously discovers enterprise applications, analyzes their native authentication and authorization flows, and accelerates onboarding into governance systems, putting true identity insight in front of security leaders and practitioners, without the months of manual work traditionally required for each task or informational ask. By exposing and remediating the ‘identity dark matter’ hidden across modern environments, Orchid helps enterprises solve identity at its core; reducing risk, lowering operational costs, and achieving compliance at scale.

Media Contact

Chloe Amante
camante@montner.com
Montner Tech PR

Photos accompanying this announcement are available at:

https://www.globenewswire.com/NewsRoom/AttachmentNg/e2e6d933-56ea-4107-b493-00fa38ef7a95

https://www.globenewswire.com/NewsRoom/AttachmentNg/b7679591-8627-4d18-873d-82bc4c80b25a

https://www.globenewswire.com/NewsRoom/AttachmentNg/dcbf4e3c-6b2c-484b-8fc4-7d745ea485d6 

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.