Unleash AI adoption securely: discover, attribute, and govern AI agents throughout the enterprise
Orchid Security, the company bringing clarity and control to the complexity of enterprise identity, today announced it has been recognized as a Representative Vendor in Gartner’s Market Guide for Guardian Agents, as a vendor “managing the identities/access for AI agents with zero-trust policies and governance.”
In this inaugural market guide, Gartner asserts that “AI agents introduce new risks that outpace human review, yet most enterprises are unprepared to manage them due to fragmented organizational structures and ongoing challenges with discovery.” Orchid Security believes it concurs.
The company finds that the growing use of AI agents exponentially expands the amount of identity dark matter 一 the invisible and unmanaged layer of identity 一 within organizations, and also exploits the dark matter that already exists in order to achieve their prompted purposes as efficiently as possible by design. “For all the exciting business transformation promise of agentic AI, its growing adoption poses very real cyber, compliance and operational risks to be managed,” shares Roy Katmor, co-founder and CEO of Orchid.
In reading Gartner’s research, Orchid notes a number of key requirements to properly manage AI agents that are shaping the guardian agent market. These include:
- Human Operator Attribution: Although AI agents are assumed to act on behalf of individuals, by default they have their own identities independent of users. It is necessary to identify all agents and map their activity to the relevant human owner, for accountability, compliance, and governance.
- Activity Audit: See, log, monitor and report on agent activity and output to ensure accountability, demonstrate compliance, and enable incident response in the event of unauthorized modifications or incidents.
- Posture Management: Foster secure use of each AI agent, including proper identity and access management hygiene; centrally managed identities, strong authentication, time- and purpose-bound access, least-privilege authorization, etc..
- Runtime Inspection and Enforcement: Ensure that agentic actions and outputs remain aligned to intentions, goals, and governance policies, to maintain appropriate use.
Orchid believes these requirements align well with its view of secure AI-Agent adoption within comprehensive identity and access management, guided by five core principles:
- Human-to-Agent Attribution: Identify and classify every AI agent, whether embedded in self-hosted applications, delivered via SaaS platforms, or operating through third-party solutions, and explicitly correlate it to a responsible human owner (and, where relevant, a system/service owner). This ensures you know exactly who triggered an agent run, who approved the tool use, and who is ultimately responsible for the outcome.
- Comprehensive Activity Audit: For every agentic entity, capture full operational context: the agent identity, assigned role, intent behind the action, approvals, and the complete chain of custody from Agent → Tool/API → Action → Target. This enables accountability, compliance reporting, and rapid incident response.
- Dynamic, Context-Aware Guardrails: Ensure every AI agent’s access is continuously evaluated and enforced- based on real-time context, human owner entitlements, environment, time, purpose, sensitivity of the target, and risk signals- avoiding broad, standing privileges regardless of how the agent is implemented or integrated.
- Least Privilege: Require properly scoped permissions and Just-in-Time (JIT) elevation for agent actions, replacing persistent “god-mode” access with purpose-bound, time-bound authorization aligned to the minimum required access.
- Remediation Responses: Detect unauthorized or risky agent activity- such as attempts to bypass controls, use static secrets, exceed intended scope, or access sensitive targets- orchestrating remediation by blocking the action, stepping up approval, enforcing re-authentication, or rotating credentials via Vault/PAM integrations.
“AI agents will not be adopted safely on top of yesterday’s identity stack,” summarized Katmor. “Orchid delivers the identity infrastructure for every identity, human and non-human, including agentic AI, with attribution, audit, and least-privilege guardrails built in. That’s how enterprises unlock the full power of AI without expanding their attack surface or compromising compliance.”
Enterprise leaders for cybersecurity, identity and access management, and AI agent governance may register for select access to the Gartner Market Guide for Guardian Agents compliments of Orchid Security.
Gartner Disclaimer
Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a trademark of Gartner, Inc. and its affiliates.