Orchid Security, a leader in identity-first security orchestration, introduced Identity Audit, a groundbreaking capability designed to illuminate previously unseen identity behavior within enterprise environments. This new solution delivers the industry’s first complete, evidence-based view of identity activity spanning both managed and unmanaged systems to help organizations confidently manage risk, meet compliance goals, and strengthen governance.
Analysis across enterprise estates has revealed that nearly 46% of identity activity occurs outside centralized Identity and Access Management (IAM) tools, hidden within overlooked apps, local accounts, unmanaged permissions, and opaque authentication flows. Orchid refers to this unseen portion of identity usage as identity dark matter, a blind spot that traditional IAM solutions are unable to address. Identity Audit brings this critical data into clear focus, enabling teams to prove how identities are used across the full application landscape not just infer it from partial logs.
Shedding Light on Identity Dark Matter
Modern enterprises often operate hundreds or thousands of applications, each with unique authentication and authorization logic. While IAM systems govern parts of this environment, a growing share of identity activity remains deeply embedded in application code, infrastructure, and automated machine accounts outside of centralized visibility. This gap has widened further with the rise of non-human identities (NHIs) and agentic AI that elude conventional IAM governance.
Identity blind spots create challenges for security and governance teams, who frequently rely on partial IAM data, manual owner attestations, and documentation reviews when responding to audits, regulatory inquiries, or security incidents methods that often produce an incomplete and inaccurate view of actual identity behavior.
“This ‘identity dark matter’ represents the critical disparity between an organization’s intended security policy and the actual effective access that should exist and be the primary goal of most IAM programs. In the complex landscape of modern cybersecurity, this silent but pervasive threat lurks,” explains Lawrence Pingree, head of data security and AI research at Software Analyst Cyber Research. “Despite massive investment in Identity Access Management (IAM), organizations still often remain vulnerable. The ‘front door’ is locked, but attackers are bypassing it entirely through unmanaged, invisible vectors, often introduced through code or entitlements.”
Pingree added, “Orchid’s Identity Audit surfaces identity activity as it occurs directly inside applications and across unmanaged environments, allowing organizations to distinguish real from expected behavior. This insight can help organizations reduce risk and strengthen governance, finally bringing accountability to areas of identity that have historically gone unseen.”
Also Read: Radware Unveils Unified API Security Service Delivering Full Lifecycle Protection in Real Time
Early Deployment Insights
Initial implementations of Identity Audit have uncovered compelling trends indicating that identity risk is both widespread and poorly understood:
- 85% of applications contain accounts tied to legacy or external domains, with 20% involving consumer email domains.
- 70% of applications grant excessive access privileges, and 60% provide broad administrative or API access to external third parties.
- 40% of accounts are orphaned, and in some cases, orphaned accounts account for up to 60% of an application’s identity footprint.
These early findings underscore persistent gaps in identity control, emphasizing the need for continuous, data-driven observability rather than periodic, manual checks.
A New Standard for Identity Observability
Identity Audit applies Orchid’s observability principles directly to identity activity, converting static policy data into continuous runtime insights. Instead of inferring risk from configurations and integrations alone, the platform observes identity behavior in real time as it unfolds within each application.
Technology collects rich telemetry such as login attempts, successful or failed authentications, Joiner/Mover/Leaver changes, etc. , directly from applications. Orchid then takes these signals to the next level through AI, powered analytics that transform raw telemetry into scalable actionable intelligence, thus equipping security teams with both context and clarity.
With Identity Audit, organizations are now empowered to:
- Gain a complete view of identity activity across all applications, regardless of IAM control coverage.
- Enforce least privilege by validating whether assigned access is actually being used in practice.
- Detect and eliminate orphaned accounts, reducing risk and shrinking attack surfaces.
- Accelerate incident investigation and response by tracing identity behavior across systems.
- Verify adoption of security controls such as SSO, MFA, and strong password policies in real use cases.
- Minimize audit preparation time by generating continuous compliance evidence mapped to regulatory frameworks.
“Identity decisions are only as good as the data behind them,” said Roy Katmor, co-founder and CEO at Orchid Security. “For years, teams have been making high-stake decisions based on fragments of information. Our new capability delivers a cross-estate Identity Audit that shows not just how IAM is implemented, but how identity is actually used in practice across every application, providing real-world visibility into who or what is acting, including agentic AI, the intent behind each action, and the true privilege being exercised. This complete context becomes the data foundation teams need to make confident identity decisions, and Orchid’s platform turns that insight into action with no-code remediation by orchestrating changes across the existing IAM stack.”
“Identity dark matter is where attackers hide and where audits fail,” added Katmor. “As identity becomes the control plane for the enterprise, including its AI and cloud-native systems, complete visibility and thus control and governance is no longer optional. It is essential.”