NEW YORK, Mar. 17, 2026, CyberNewswire—Orchid Security, the company bringing clarity and control to the complexity of enterprise identity, today announced it has been recognized as a Representative Vendor in Gartner’s Market Guide for Guardian Agents, as a vendor “managing the identities/access for AI agents with zero-trust policies and governance.”

In this inaugural market guide, Gartner asserts that:

“AI agents introduce new risks that outpace human review, yet most enterprises are unprepared to manage them due to fragmented organizational structures and ongoing challenges with discovery.”

Orchid Security concurs with this assessment. The company finds that the growing use of AI agents exponentially expands the amount of identity dark matter—the invisible and unmanaged layer of identity—within organizations. AI agents may also exploit the dark matter that already exists in order to achieve their prompted purposes as efficiently as possible by design.

Katmor

“For all the exciting business transformation promise of agentic AI, its growing adoption poses very real cyber, compliance and operational risks to be managed,” said Roy Katmor, co-founder and CEO of Orchid Security.

In reviewing Gartner’s research, Orchid notes several key requirements for properly managing AI agents that are shaping the guardian agent market:

Human operator attribution

Although AI agents are assumed to act on behalf of individuals, they have their own identities independent of users. Organizations must identify all agents and map their activity to the relevant human owner for accountability, compliance, and governance.

Activity audit

Organizations must see, log, monitor, and report on agent activity and output to ensure accountability, demonstrate compliance, and enable incident response in the event of unauthorized modifications or incidents.

Posture management

Secure use of each AI agent requires proper identity and access management hygiene, including centrally managed identities, strong authentication, time- and purpose-bound access, and least-privilege authorization.

Runtime inspection, enforcement

Agentic actions and outputs must remain aligned with intentions, goals, and governance policies to maintain appropriate use.

Secure AI agent adoption

Orchid believes these requirements align closely with its view of secure AI-agent adoption within comprehensive identity and access management, guided by five core principles:

Human-to-agent attribution

Identify and classify every AI agent—whether embedded in self-hosted applications, delivered via SaaS platforms, or operating through third-party solutions—and explicitly correlate it to a responsible human owner (and, where relevant, a system/service owner). This ensures organizations know exactly who triggered an agent run, who approved the tool use, and who is ultimately responsible for the outcome.

Comprehensive activity audit

For every agentic entity, capture the full operational context: the agent identity, assigned role, intent behind the action, approvals, and the complete chain of custody from Agent ? Tool/API ? Action ? Target. This enables accountability, compliance reporting, and rapid incident response.

Dynamic, context-aware guardrails

Ensure every AI agent’s access is continuously evaluated and enforced based on real-time context, human owner entitlements, environment, time, purpose, sensitivity of the target, and risk signals—avoiding broad, standing privileges regardless of how the agent is implemented or integrated.

Least privilege

Require properly scoped permissions and Just-in-Time (JIT) elevation for agent actions, replacing persistent “god-mode” access with purpose-bound, time-bound authorization aligned to the minimum required access.

Remediation responses

Detect unauthorized or risky agent activity—such as attempts to bypass controls, use static secrets, exceed intended scope, or access sensitive targets—and orchestrate remediation by blocking the action, stepping up approval, enforcing re-authentication, or rotating credentials via Vault/PAM integrations.

“AI agents will not be adopted safely on top of yesterday’s identity stack,” Katmor summarized.

“Orchid delivers the identity infrastructure for every identity, human and non-human—including agentic AI—with attribution, audit, and least-privilege guardrails built in. That’s how enterprises unlock the full power of AI without expanding their attack surface or compromising compliance.”

Enterprise leaders responsible for cybersecurity, identity and access management, and AI agent governance register for select access to the Gartner Market Guide for Guardian Agents, compliments of Orchid Security.

Additional resources

•Forbes: The New Perimeter is Identity—and It’s Moving Faster Than We Are

•The Hacker News: AI Agents: The Next Wave of Identity Dark Matter

•Orchid Security: When “Lazy” LLMs Meet Identity Dark Matter

•Gartner’s Market Guide for Guardian Agents, 25 February 2026

Gartner Disclaimer: Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a trademark of Gartner, Inc. and its affiliates.

About Orchid Security: Orchid Security sees straight into application binaries to deliver the industry’s first Identity Control Plane, transforming IAM complexity into clarity, compliance, and control. Its Identity-First Security Orchestration platform continuously discovers enterprise applications, analyzes their native authentication and authorization flows, and accelerates onboarding into governance systems—cutting months of manual work into a single click. The platform also observes all identity activity—managed and unmanaged—at the application level, providing a full audit of use and identifying orphan, dormant, local, and over-permissioned accounts. By exposing and remediating the “identity dark matter” hidden across modern environments, Orchid helps enterprises reduce risk, lower operational costs, and achieve compliance at scale.

Backed by Intel Capital and Team8, Orchid leverages observability, automation, and large language models to unify fragmented identity operations. Global organizations rely on Orchid to modernize identity governance, accelerate IGA adoption, and secure the next generation of applications and AI agents.

Media contact: Chloe Amante, Montner Tech PR, [email protected]

Editor’s note: This press release was provided by CyberNewswire as part of its press release syndication service. The views and claims expressed belong to the issuing organization.

March 17th, 2026 | News Alerts | Top Stories