Orchid Security Inc. today extended its Identity Control Plane with a set of capabilities aimed at governing artificial intelligence agents, saying existing identity and access management models cannot handle actors that inherit authority from humans and machines alike.

The identity security startup’s expansion adds three components. One is Agentic Enrichment, which maps AI agents to their originating identities, owners, applications and inherited permissions. There’s also Agentic Observability, which monitors agent access paths and the full chain of delegation behind each action. And Agentic Guardrails enforces least privilege and identity hygiene to keep agent behavior inside defined bounds. Orchid is also introducing a graph-native chatbot and chain-of-delegation auditing tied to the same control plane.

The company says traditional IAM was built for two categories of actors and AI agents fit neither. Human users get narrow permissions managed through change requests. Nonhuman accounts such as service principals and bots get broad standing access, kept in check by their code rather than their credentials. Agents combine human-style reasoning with machine speed and they act through chains of delegation that pass authority across systems in real time.

Orchid points to industry data to underline the urgency. A 2025 Team8 CISO Village Survey found that two-thirds of enterprises already run AI agents in production. Orchid’s own Identity Gap: 2026 Snapshot reported that 67% of nonhuman accounts are local, meaning they’re unseen and unmanaged by central IAM tools. Gartner Inc.’s recent Market Guide for AI Agents warned that governance is not keeping pace with adoption.

The company describes the resulting blind spot as an Agent AI Authority Gap, the space between what enterprises believe is governed and what agents can actually execute. Added to the mix is what Orchid calls Identity Dark Matter, the layer of hidden local accounts, hardcoded credentials and excessive privileges that the company says already accounts for 57% of enterprise identity. Agents do not create that exposure, but they accelerate it.

Chief Executive Roy Katmor framed the launch in terms of delegation. “AI agents are not just new identities, they are delegated identities,” he said. “If you can’t see the delegation chain, you can’t govern the agent.” The company says tying each agent to its originating human or service identity, then enforcing guardrails at runtime is what lets enterprises run agents at scale without losing oversight.

Orchid Security raised $36 million in a single round in January 2025 co-led by Team8 and Intel Capital Inc. Other investors in the company include Capital One Financial Corp. and angel investors Jeff Williams, Dror Davidoff and Zohar Alon.

Image: Orchid Security