The Identity Crisis: Why AI Agents Are Breaking Legacy IAM
Orchid Security Inc. has launched a significant expansion of its Identity Control Plane, marking a critical shift in how enterprises manage the security of artificial intelligence agents. As organizations rush to integrate autonomous agents into production environments, they are discovering that traditional Identity and Access Management (IAM) frameworks are fundamentally ill-equipped to secure these entities.
The core of the problem lies in the nature of AI agents, which operate neither like traditional human users nor like static service accounts. Humans are typically governed by discrete, manageable permission scopes, whereas service accounts rely on rigid code-based constraints. AI agents, conversely, possess a hybrid profile: they leverage human-like reasoning capabilities alongside machine-scale execution speed, creating dynamic, real-time chains of authority that legacy systems cannot track.
Structural Limitations and the Agent AI Authority Gap
Orchid Security defines the tension between perceived governance and actual execution as the Agent AI Authority Gap. Recent research from the 2025 Team8 CISO Village Survey underscores the urgency of this issue, noting that 67% of enterprises have already deployed AI agents into live production environments.
This rapid adoption is colliding with what Orchid terms Identity Dark Matter—the hidden ecosystem of unmanaged local accounts, hardcoded secrets, and excessive permissions that already composes 57% of enterprise identity footprints. Because agents move with high velocity, they do not merely exist within this dark matter; they actively weaponize it, amplifying existing security vulnerabilities by operating across long, non-transparent chains of delegation.
The Orchid Security Solution: Visibility and Runtime Governance
To bridge this gap, Orchid has introduced a robust suite of tools designed to force agents back under the umbrella of centralized identity governance. The platform extension centers on three functional pillars:
Agentic Enrichment: This capability creates a comprehensive audit trail by linking every AI agent back to its source, including the human owner, the parent application, and the specific set of inherited permissions it utilizes.
Agentic Observability: By mapping the full chain of delegation, this module provides granular visibility into how an agent’s authority moves across disparate systems, solving the black box problem inherent in complex agent workflows.
* Agentic Guardrails: This component enforces the principle of least privilege in real-time. By applying identity hygiene at the moment of execution, it prevents agents from deviating into unauthorized activities or exceeding their intended scope.
Beyond these core pillars, the company is rolling out a graph-native chatbot and specialized chain-of-delegation auditing tools. These features are designed to democratize access to security insights, allowing teams to interrogate identity relationships within the control plane intuitively.
Market Implications and Strategic Outlook
From a strategic standpoint, Orchid’s move signals a pivot in the cybersecurity market: the transition from identity management to identity provenance. For Chief Executive Roy Katmor, the security challenge is entirely one of line-of-sight. If an enterprise cannot map the path of delegation from the initiating human user down to the agentic action, security teams are essentially flying blind.
Industry analysts have noted that governance is lagging behind adoption, and Orchid’s approach suggests that the solution is not to restrict AI usage, but to harmonize agent behavior with existing identity architectures. Supported by $36 million in funding from heavy hitters like Intel Capital and Team8, Orchid is positioning itself to become the standard-bearer for organizations struggling to secure their LLM-driven automation. As the Identity Dark Matter continues to expand, the ability to enforce strict runtime boundaries on delegating agents will likely become the primary differentiator for secure enterprise AI adoption in 2026 and beyond.