Opal Security develops a robust risk layer for its authorization reasoning platform as Identity security poses new challenges for enterprises deploying LLM agents and other AI
Opal Security, the leader in AI-native security for every identity, today unveiled enhancements to its authorization reasoning platform and agentic AI roadmap – designed to address the challenge of authorization with the speed, scale, and fluidity of modern infrastructure. The updates come as organizations increasingly deploy autonomous AI systems that require access to sensitive resources, fundamentally changing how security teams must approach authorization.
Catch more CIO Insights: Ghost Security Releases Groundbreaking Research: AI-Driven Analysis Exposes Flaws in Static Application Security Testing
According to RSA’s 2025 ID IQ report, AI agents and other non-human identities (NHIs) now outnumber employees by 5x in large enterprises. Meanwhile, 72% of CISOs say authorization is the biggest barrier to scaling AI adoption safely. With AI agents driving real work inside companies, security teams must now manage access not only for people – but also for service accounts, LLMs, and agents acting across business-critical systems. What was once a routine IT task has now become one of the most complex, high-stakes questions facing nearly every enterprise: “who (or what) should be allowed to do what?”.
Read More on CIO Influence: AI-Augmented Risk Scoring in Shared Data Ecosystems
To keep access under control, Opal Security has introduced three critical capabilities:
- Unified visibility and control across both human and non-human identities: Users now have access to a single-pane interface from which security teams can view, manage, and secure all human and non-human identities across cloud, infrastructure, SaaS, and even on-premises systems. Essential controls ranging from risk assessments and irregular access monitoring to just-in-time (JIT) provisioning and policy enforcement cover all identity types.
- Intelligent prioritization and guided, explainable remediation of identity risks: Opal Security’s risk layer dynamically surfaces and prioritizes identity risks in the context of each customer’s environment. A proprietary machine learning model ranks risks using historical access patterns, resource sensitivity, and more, while a dedicated LLM provides and justifies remediation guidance – helping teams understand not only what to fix, but why. Built-in orchestration capabilities give security teams the option to directly enforce these remedial actions or automatically route them to other humans, AI agents, or shared workflows – all with human-in-the-loop oversight. The risk layer (and its UI dashboard, the “Risk Center”) also gives teams insight into the downstream impact of changes before they’re made, reducing the likelihood of unintentional disruptions, or “SCIMcidents,” from overly aggressive access cleanups or policy enforcements.
- Composable authorization for agentic and hybrid workflows: Unlike standard tools that still treat identity as static and human-centric, Opal Security is building toward a composable, agent-aware authorization framework to further equip security teams to govern these workflows without slowing innovation. The resulting architecture will enable customers to allow AI agents to call Opal Security for data or access decisions – with human oversight and governance – applying consistent policy across both human and automated actors and delegate tasks to agents securely, with auditability and built-in guardrails. Users will also be able to federate authorization in multi-agent environments and compose custom automations and insights via Opal Security’s orchestration layer, policy engine, and/or robust library of templates.
“Security teams can’t prevent what they can’t see. With AI agents now accessing critical systems, traditional security approaches are leaving dangerous blind spots,” shared Umaimah Khan, Co-Founder and CEO of Opal Security. “Opal Security tackles this head-on by continuously monitoring and adjusting access rights based on actual need and risk. By unifying visibility and control across both human and machine identities, we’re helping organizations close the security gaps that could lead to the next major breach.”
With this announcement, Opal Security aims to continue building toward a composable, agent-aware authorization framework to further equip security teams to govern these evolving workflows without slowing innovation. The company has raised $32 million in total funding from investors such as Greylock, Battery Ventures, and Box Group.
[To share your insights with us, please write to psen@itechseries.com ]
