Opal Security Launches AI Platform to End Access Sprawl

New research from Opal Labs reveals nearly half of employees have at least one entitlement they haven’t used in 90+ days, and those stale entitlements touch 79% of resources; Opal responds with Paladin, OpalScript, and OpalQuery — a unified AI-native identity security platform

Opal Security, the modern identity security and access governance company, today announced three new AI-native capabilities that together form the industry’s first unified platform for seeing, encoding, and enforcing access governance. The launch, anchored by Paladin, an access evaluation agent, positions Opal as the defining company in AI-native identity governance. Rather than bolting AI onto legacy workflows, the company is creating AI that operates as a first-class participant in access decisions, orchestration, and policy reviews.

Catch more IT Insights: ModelOps Architects: Bridging AI Strategy and Enterprise Operations

This announcement comes on the heels of new data from Opal Labs’ report The Permission Gap: How Unused Access is the Newest Security Crisis. The data is clear: overprovisioning is already out of control, and without automated governance, AI agents will increase risk exponentially.

Paladin: AI Governance that uniquely understands access

At the center of this launch is Paladin, an AI access evaluation agent that goes beyond first generation agents that merely respond to access requests and fundamentally governs access intent. Paladin automatically aligns access policies with an organization’s evolving risk tolerance and growth objectives. Paladin thinks about access in ways no other product does – investigating every access request in seconds with the expertise of a senior security engineer. When an employee requests access to a system, Paladin automatically examines the requester’s identity, access history, ticket references, resource sensitivity, and justification. It then either approves the request directly or escalates it for human review with a detailed explanation of what’s missing or concerning.

Unlike AI copilots that generate recommendations for humans to act on, Paladin operates as a first-class reviewer within Opal’s approval chain, with its own identity, audit trail, and decision authority. When Paladin escalates, the process doesn’t end there. The requester can provide additional context, and Paladin re-evaluates and resolves the request dynamically — often without a human reviewer ever getting involved. Paladin also cross-references access requests against project management systems like Linear and Jira, verifying that cited tickets exist, are active, and match the requested resource. Every decision is captured in the system’s standard activity feed with full reasoning.

The company believes that as AI agents continue to multiply, organizations will face a scale and level of complexity that no security team can handle manually. The spin-up and tear-down patterns of agents move too fast for click-based operations to keep pace. The only viable answer is automation: encoding access through systems like MCP, Terraform, or Opal’s APIs so that access governance keeps pace with AI workload velocity.

OpalScript and OpalQuery: Completing the Loop

Alongside Paladin, Opal is announcing two additional capabilities to govern access in the agentic era:

OpalScript is a Python-like policy language that lets security teams codify access decision logic as executable automations. Administrators write short scripts — or ask an AI assistant to generate and modify them in natural language — that run automatically when access events occur. OpalScript bridges the gap between rigid rule toggles and custom engineering, without filing a developer ticket. The tool lets teams express complex, organization-specific policies such as separation-of-duties enforcement to limit toxic combinations: “GitHub admins cannot be Panther admins.” As a second example, one customer scripted a workflow that requires a ticket number, group-based authorization check, a duration enforcement (≤12h in this case), admin notifications, and auto-approval logic tied to every entitlement.

Catch more IT Insights: Cognitive CIOs and the AI-Powered Enterprise: What You Need to Know

OpalQuery is an AI-powered access query environment that lets security teams, GRC analysts, and IT administrators explore their organization’s access data by describing what they’re looking for in plain English. The AI translates queries into structured filters against Opal Security’s identity and access graph, returns results instantly, and lets users save, share, and export queries for audit evidence. What previously required filing a ticket with engineering, writing custom SQL, or manually cross-referencing systems now takes seconds.

Together, the three capabilities form a closed loop: See your access posture (OpalQuery), Encode your policies (OpalScript), and Enforce them autonomously (Paladin).

The Data Behind the Launch

This announcement comes as overprovisioning reaches unprecedented levels, driven by the way access is granted in most organizations. New data from Opal Labs’ report The Permission Gap: How Unused Access is the Newest Security Crisis reveals that:

• Auto-granted access is up to 50% more likely to go unused than access that’s been manually reviewed. The faster and easier it is to give someone access, the more bloat builds up.
• Nearly half (48.6%) of all employees are holding at least one entitlement they haven’t touched in 3+ months, and 4 out of 5 resources have at least one stale assignment — each one represents an open door that most organizations can’t detect, let alone close.
• Over 40,000 active access assignments haven’t been used in 3+ months, increasing risk of breaches.
• Organizations could face up to 900,000 manual access reviews per year, costing an estimated 213,000 hours in reviewer time just to keep pace — a volume that will explode as AI agent adoption accelerates.¹

“Organizations are drowning in access they can’t see, track, or clean up fast enough,” said Howard Ting, CEO of Opal Security. “Excessive and outdated privileges are a fundamental breakdown in how organizations manage trust. Every unused permission is an open door, and most organizations have thousands of them sitting undetected. Our goal is to help teams get ahead of this problem so they can move faster while also mitigating their risk.”

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.