Orchid Security Inc., a cybersecurity startup that uses artificial intelligence to streamline identity security orchestration, said today it has raised $36 million in seed funding to build on its work using large language models to help enterprise businesses manage their cybersecurity posture.

Orchid builds a platform that helps tackle an issue that arises in enterprise systems where numerous applications form a complex web of access points between on-premise, cloud and software-as-a-service. That can create a problem for mapping out identity and access management for which users can control what apps, when and what privileges should control what systems across the environment. The average large company can have hundreds of apps running at any time, making tracking users and their access privileges a nightmare even for the most savvy security teams.

Many companies also face a rapidly evolving software environment, where information technology teams can integrate new apps, administrative privileges can change as employees are promoted or move between departments and upgrades can break what once was a consistent identity posture. Orchid said that by using an automated platform that can attend to application-centric, identity-first security, it can get ahead of potential problems and avoid manual errors by reducing costs and delays.

Co-founder and Chief Executive Roy Katmor said the company went with large language model AI technology because the latest models showed increasing reasoning skills and code recognition that could assess identity flows. LLMs are the same technology that underlies AI chatbots such as OpenAI’s ChatGPT and Google LLC’s Gemini, which in recent months have become significantly better at reasoning over complex scenarios.

“With advancements in AI and LLM technology, we can now offer a solution that automatically assesses identity capabilities and exposures — considering target regulations, frameworks, and security best practices — offers remediations, and helps organizations elevate and ensure consistency of their identity security posture, all while significantly reducing cost and time,” said Katmor.

Orchid said it starts first by building an up-to-date inventory of applications that passively continues to continuously discover self-hosted apps on the network, including SaaS and cloud apps. It then uses the LLM analytics to assess identity controls and native authentication and compares them to compliance regulations for cybersecurity frameworks and practices.

Because LLMs use contextual reasoning and human-like explanations, the company said, it allows the system to describe remediations for current weaknesses in an organization’s current identity posture. That includes assigning accountability to the proper parties, adding better monitoring such as upgrading protocols and more.

Orchid has already signed on large customers such as Costco Wholesale Corp., Spanish multinational energy company Repsol S.A. and other Fortune 500s to secure their enterprise identity management processes.

“Our objective with Orchid is to transform our largely manual process of onboarding applications — which can take weeks after release from development — to one that is highly automated and accomplished in just days,” said Jon Raper, Costco’s chief information security officer. “Orchid greatly improves our speed to delivery for business units.”

The round was co-led by Team8 and Intel Capital. Orchid said it intends to use the new funding to build out its product and hire 20 new people by the end of the year. The focus will be on building the company’s North American and European customer base.

Image: geralt/Pixabay