Strata Identity pioneered the "Identity Orchestration" category, letting enterprises connect and migrate across incompatible identity providers (Okta, Azure AD, Ping) without rewriting apps, via its Maverics platform and abstraction "identity fabric." Distinctive for authoring open standards (IDQL/Hexa) and cross-IdP failover — the capability that drove its 2026 acquisition by Rubrik.
Acquired by Rubrik (2026) — now Rubrik Identity Continuity.
Series B · $26M · 2023 (total ~$42M); acquired by Rubrik 2026
Readibots (Kanata, Ontario; formerly Cloudbridge) builds READI, an Automation-as-a-Service platform that connects and automates identity tasks across legacy, non-API, and disconnected apps that IGA connectors can't reach. Distinctive for PowerShell-native "start-anywhere" identity automation positioned as a connectivity layer beneath existing IGA, not a replacement.
Monokee is an Italian IAM vendor pairing access management and governance with a low/no-code visual identity orchestrator for workforce and customer identities. Distinctive for drag-and-drop orchestration flows, FIDO/passwordless focus, and decentralized-identity support; a KuppingerCole Rising Star now expanding to the US via subsidiary Pure Identity Corp.
Simeio (Alpharetta, GA) is an identity-security managed-services and advisory firm delivering IAM/IGA/PAM implementation plus its own Identity Orchestrator (IO) platform and managed IDaaS. Distinctive for combining vendor-agnostic advisory, implementation, and 24/7 managed operations at enterprise scale.
SGNL builds a continuous, context-aware authorization platform that enforces zero standing privilege and real-time access decisions (using CAEP) for humans, non-human identities, and AI/MCP agents across SaaS and cloud. Distinctive for dynamic session-level authorization and revocation; acquired by CrowdStrike to power Falcon Next-Gen Identity Security.
PlainID (Tel Aviv / New York) is an enterprise authorization vendor built on Policy-Based Access Control (PBAC), centralizing runtime access decisions across apps, APIs, data, and now agentic AI. Distinctive for defining the "Authorization Management Platform" category Gartner now tracks, with fine-grained externalized policy and an agentic identity platform.
Axiomatics (founded 2006, Stockholm) is a pioneer of dynamic, runtime fine-grained authorization based on attribute-based access control (ABAC) for apps, data, APIs, and microservices. Distinctive as the leading European ABAC/policy-driven Zero Trust vendor; acquired by Italian defense group Leonardo to anchor its NATO-focused Zero Trust portfolio.
Acquired by Leonardo (2025) for NATO Zero Trust portfolio.
Arcade builds the secure action layer for AI agents — an MCP runtime handling agent authentication, tool calling, and per-user authorization with a full audit trail. It was founded by ex-Okta and Snowflake identity engineers who helped shape the MCP tool-authorization spec model providers reference.
Oso is authorization-as-a-service: developers define who can do what (RBAC, ReBAC, ABAC) through Oso Cloud instead of hardcoding access logic, including for AI applications. It evolved from a popular open-source authorization library into a managed cloud service.
C1 (formerly ConductorOne) is a Portland/San Francisco identity security company founded in 2020 by former Okta product leaders, offering an AI-native platform that governs every identity — human, machine, and AI agent — unifying identity governance (IGA), access management, and cloud PAM. Distinctive as the self-described first "multi-agent" identity security platform, with hundreds of prebuilt connectors replacing fragmented legacy tooling.
Veza is a Redwood Shores identity security company founded in 2020 whose platform goes beyond IGA to visualize and control entitlements across human, machine, and AI identities. Its distinctive core is the patented Access Graph, mapping who-can-do-what across data systems, cloud, and SaaS to enforce least privilege — the technology acquired by ServiceNow.
Acquired by ServiceNow (~$1.25B; announced Dec 2025, closed Mar 2026).
Acquired by ServiceNow · ~$1.25B · 2026 (last round Series D $108M at ~$808M)
Zilla Security, founded by serial IGA entrepreneur Deepak Taneja (ex-Aveksa), built a modern SaaS-based IGA platform designed from scratch for cloud/SaaS sprawl. Its distinctive edge is AI-generated entitlement profiles and robotic "Universal Sync" automation that cut access-review effort up to 80%; acquired by CyberArk in February 2025.
YouAttest is an Irvine, California company offering a lightweight, cloud-based IGA tool focused specifically on automating user access reviews and access-certification campaigns for compliance. Its distinctive angle is fast time-to-value and low cost via tight cloud-to-cloud integrations with IdPs like Microsoft Entra ID and Ping Identity, rather than a heavyweight suite.
BalkanID is an Austin, Texas startup (founded 2021) offering an AI-powered access governance and IGA platform built around a patent-pending identity knowledge graph for visualizing entitlements across SaaS and public cloud. Its distinctive focus is intelligent least-privilege enforcement and entitlement discovery across human, non-human, and AI-agent identities.
Andromeda Security is a San Francisco/Los Altos startup delivering an AI-powered identity security platform for human and non-human identities, spanning discovery, access, risk context, and remediation. Its distinctive approach is a data-driven, context-aware architecture that automates entitlement right-sizing and just-in-time access across the full identity lifecycle.
Orchid Security is an Israel/NYC startup (founded Dec 2023, out of stealth Jan 2025) building an identity-first security orchestration platform that uses LLMs to discover applications and assess their authentication/authorization flows without recoding. Its distinctive claim is illuminating enterprise "identity dark matter," with early Fortune 500 customers and a 2025 Gartner Cool Vendor nod.
Lumos is a San Francisco company (founded 2020) that began as an internal "AppStore" for self-service app/access requests and grew into an autonomous identity platform that discovers and manages access across all of an organization's apps. Its distinctive positioning merges SaaS management and identity governance, increasingly driven by AI agents ("Identity Agent Force") for continuous access governance.
Series B · $35M · 2024 (Scale Venture Partners, a16z; total ~$65M)
P0 Security delivers unified IGA and PAM for the cloud, governing and securing access for every human and non-human identity without slowing developers. Its agentless, cloud-native approach answers "who or what can access my cloud, and how do I govern it" in minutes.
Unosecur is a Berlin-based identity threat detection and response (ITDR) platform that secures human and non-human identities in real time with AI-driven detection and remediation. It targets the fast-moving identity attack surface created by cloud and AI.
SailPoint is an enterprise identity security (IGA) leader focused on governing access for human, machine, and now AI-agent identities across complex hybrid environments. Its distinctive edge is a mature, AI/ML-driven identity governance platform (Atlas / Identity Security Cloud) with deep policy, certification, and lifecycle capabilities at Fortune 500 scale.
Saviynt is a cloud-native identity security platform unifying identity governance, privileged access, non-human/AI-agent identity, and identity security posture management in one converged product. Its distinctiveness is a single-platform, "identity as the foundation for the AI era" approach that collapses traditionally separate IGA and PAM tooling.
Raised $700M (KKR-led, Dec 2025) at ~$3B valuation.
$700M growth round · KKR-led · Dec 2025 (~$3B valuation)
Radiant Logic runs an identity data platform (RadiantOne) that unifies fragmented identity data from legacy, cloud, and non-human sources into a single authoritative layer with identity security posture management. Its distinctive niche is being the "identity data fabric" — virtualization, observability, and now AI/MCP-driven remediation beneath the IAM stack.
SecureAuth is a workforce and customer IAM vendor centered on adaptive, risk-based authentication and continuous identity assurance. Its distinctive bet is "continuous identity authority" — real-time, per-action authorization extended to human, machine, and AI-agent identities via its Agentic Authority Platform.
CyberArk is the market leader in privileged access management and machine/secrets identity security, and as of February 2026 operates as the identity security core of Palo Alto Networks. Its distinctiveness is deep PAM plus a broad machine-identity and secrets portfolio now folded into Palo Alto's platform to secure human, machine, and agentic identities.
Acquired by Palo Alto Networks (~$25B, closed Feb 2026) — now PANW's identity core.
Acquired by Palo Alto Networks · ~$25B · closed Feb 2026 (formerly Nasdaq: CYBR)
Okta is the leading independent identity platform spanning workforce (Okta) and customer (Auth0) identity, delivering SSO, MFA, lifecycle, and governance as cloud services. Its distinctive strength is a vendor-neutral, integration-rich identity fabric now extending to agentic identity via its "Okta for AI Agents" blueprint and platform.
Ping Identity is an enterprise identity provider (merged with ForgeRock) covering workforce and customer IAM, SSO, MFA, and orchestration for large regulated organizations. Its distinctiveness is a highly configurable, orchestration-driven platform (PingOne) with strong deployment flexibility and, increasingly, runtime agent authorization and anti-deepfake defenses.
Private (Thoma Bravo-owned; acquired 2022 for $2.8B)
Strivacity is a low-code customer identity and access management (CIAM) vendor built to stand up branded sign-in, registration, and access journeys without custom coding. Its distinctive angle is speed-to-deploy for mid-market and enterprise CIAM, plus a built-in generative-AI assistant for real-time journey and compliance guidance.
$28M total raised (Series A2 $20M, SignalFire-led)
Descope is a developer-first authentication and CIAM platform delivering drag-and-drop auth flows, passwordless login, and MFA via SDKs and no-code workflows. Its distinctiveness is an early, aggressive focus on agentic identity — an Agentic Identity Hub and control plane for authenticating AI agents, MCP servers, and AI-facing APIs.
Stytch is a developer-focused authentication and identity API platform for passwordless, MFA, fraud prevention, and B2B auth. Its distinctive contribution is early agentic-identity infrastructure — Connected Apps and remote MCP authorization that let AI agents act securely on a user's behalf — the capability behind its November 2025 acquisition by Twilio.
Acquired by Twilio (announced Oct 2025; closed Nov 14, 2025).
WorkOS is a developer-focused identity platform (AuthKit, SSO, SCIM, directory sync) powering B2B SaaS and, increasingly, agentic software. It has become the auth layer under many leading AI companies, positioning to make agentic software secure by default.
Series C · $100M · 2026 · $2B valuation (Meritech)
Astrix is a pioneer in non-human identity (NHI) security, giving enterprises visibility, lifecycle management, and automated remediation for API keys, service accounts, and AI agents across SaaS, cloud, and on-prem. Founded in Tel Aviv; Cisco announced intent to acquire it in 2026 to fold NHI security into Identity Intelligence, Duo, and Secure Access.
Acquired by Cisco (~$250–350M reported, announced 2026).
Token Security is an identity-first security platform for machine identities and AI agents that discovers and right-sizes every non-human identity across cloud, SaaS, and on-prem by integrating with existing identity providers. Distinctive for shipping one of the industry's first MCP servers for agentic AI and NHI security.
Natoma builds an enterprise gateway for the Model Context Protocol (MCP), giving AI agents governed, identity-aware access to a library of out-of-the-box tools and enterprise systems. Founded in 2024 by veterans from Okta, Microsoft, Google, and Salesforce; Snowflake announced intent to acquire it in 2026 to govern agentic access to enterprise data.
Oasis Security built one of the first purpose-built platforms for non-human identity management, discovering, classifying, and governing service accounts, API keys, and workloads across hybrid cloud with policy-driven lifecycle and remediation. Founded in 2022; backed by Sequoia and Accel and distinctive for framing NHI governance as an emerging "Agentic Access" discipline.
AKA Security (formerly AKA Identity) moved the whole company to "agent harness security" — protecting the harness where AI agents actually work: reading data, using credentials, and taking action. Its first act was deploying a fleet of security agents into enterprise production; securing them exposed the harness as the real attack surface. Founded in 2023 in San Francisco by William Lin (CEO) and Rob Fry (CTO). Ships AI-TC, an open-source engine that scans every prompt and tool call locally against 101 rules across 7 packs and warns, redacts, or blocks inline (Claude Code today, Codex and Antigravity coming), plus a Managed AI Security offering.
Aembit is a non-human identity and access management company whose Workload IAM Platform enforces secretless, policy-based, auditable access between workloads and the services they reach. It brings human-style access controls — identity-driven and centrally enforced — to machine-to-service access across cloud and on-prem.
Clutch Security builds a Universal Non-Human Identity Security Platform that unifies visibility and Zero Trust control across NHIs, secrets, and AI agents. It maps every non-human identity, secret, and agent back to the humans and systems behind it, with real-time context-based access verification.
Corsha secures machine-to-machine (M2M) communication with a Machine Identity Provider that brings MFA and dynamic identities to machines, integrating with EntraID, AWS IAM, and Keycloak. It focuses on operational technology and critical infrastructure, where legacy systems meet cloud-native M2M traffic.
Infisical is an open-source platform for secrets, identity, and access management — API keys, certificates, SSH keys, and NHI credentials — with 40M+ downloads and users from Hugging Face to LG. It has grown from a developer-loved open-source tool into an enterprise NHI and access-management player.
Cyata builds the control plane for agentic identities: automated discovery, forensic observability, and just-in-time access control for AI agents across desktop, SaaS, and cloud. Its platform maps agent permissions to human owners, captures real-time reasoning justification, and enforces human-in-the-loop approvals for sensitive actions. Founded by former Cellebrite CEO Shahar Tal.
Keycard is IAM built natively for AI agents — integrating with existing identity stacks to enforce that agents can only take actions their users and builders actually intend. It is actively shaping OAuth extensions and MCP identity standards for the agent era. Co-founded by Auth0 and Passport.js veterans; backed by a16z, Boldstart, and Acrew Capital.
$38M total (seed + Series A) · a16z, Boldstart Ventures, Acrew Capital (Oct 2025)
Acsense is an IAM resilience platform providing continuous backup, point-in-time recovery, and posture management for cloud identity systems like Okta, closing the gap between disaster recovery and business continuity. Distinctive for defining "identity resilience" as a category.
Beyond Identity is a passwordless, phishing-resistant authentication platform that replaces passwords with device-bound X.509 certificates, cryptographically binding a user's identity to their device for un-phishable MFA. Founded in 2019; reached a $1.1B valuation and is extending hardware-enforced, TPM-backed security into the AI era.
Opal Security is an AI-native access governance platform giving security teams real-time visibility, policy-as-code, and just-in-time least-privilege control over every identity — employees, service accounts, and AI agents — in a single access graph. Distinctive for Paladin, an AI engine that auto-evaluates access requests and escalates only those needing human review.
Twine Security builds AI "Digital Employees" for security teams; its first, Alex, autonomously runs identity and access management tasks end to end. It tackles the security talent gap with agentic workers rather than another dashboard, co-founded by Claroty veteran Benny Porat.
Seed · $12M · Ten Eleven Ventures, Dell Technologies Capital
BeyondTrust is a global leader in privileged access management (PAM) and identity security, protecting "Paths to Privilege" across privileged accounts, sessions, and endpoints. Distinctive for an integrated PAM platform spanning human, machine, and AI-agent identities, and a seven-consecutive-year Leader placement in the Gartner Magic Quadrant for PAM.
PE-owned — Francisco Partners (2018), Clearlake Capital investment (2021)
Delinea is an enterprise PAM and identity security vendor (formed from the Thycotic–Centrify merger) whose platform is powered by Iris AI. Distinctive for pivoting PAM toward continuous, real-time authorization across human, machine, and AI-agent identities, reinforced by its StrongDM acquisition.
StrongDM (now part of Delinea) is a universal/zero-trust privileged access platform built for engineering, DevOps, and AI-driven environments. Distinctive for proxy-based, just-in-time runtime authorization that injects ephemeral credentials into developer workflows across databases, Kubernetes, SaaS, and cloud without disrupting them.
Acquired by Delinea (closed Mar 2026).
~$96M total; $34M Series C (2024). Acquired by Delinea, closed Mar 2026
Britive is a cloud-native privileged access management platform built on Zero Standing Privileges (ZSP). Distinctive as an agentless, multi-cloud PAM using patented just-in-time access that grants temporary, auto-revoked privileges across human users and autonomous AI agents.
Netwrix is a cybersecurity vendor focused on data and identity threats, offering visibility, auditing, and privileged access controls across hybrid environments. Distinctive for a broad, acquisition-built portfolio (Auditor, 1Secure ITDR, Privilege Secure) unifying data security and identity threat detection and response for mid-market and enterprise IT.
rebrand AKA Identity rebranded to AKA Security and pivoted to agent harness security; shipped AI-TC (open-source) + Managed AI Security. Moved to Non-Human & Agentic.
renamed Category "Non-Human Identity" relabeled "Non-Human & Agentic" to reflect the NHI/agent convergence.
added Added 2 final entrants to hit 50/50 — Cyata ($8.5M seed, TLV Partners) and Keycard ($38M, a16z/Boldstart/Acrew). Both verified from primary sources.