![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg"><g d="M 4.5 0 L 4.5 9.334 M 0 4.5 L 4.667 9.167 L 9.334 4.5" fill="transparent" height="9.334000000000003px" id="wVLQb2Yt7" transform="translate(2.5 2.5)" width="9.333999999999946px"><path d="M 0 0 L 0 9.334" fill="transparent" height="9.334000000000003px" id="Ho_4eUERn" stroke-dasharray="" stroke-linecap="butt" stroke-linejoin="round" stroke-width="1.2" stroke="rgb(35, 41, 51)" transform="translate(4.5 0)" width="1px"/><path d="M 0 0 L 4.667 4.667 L 9.334 0" fill="transparent" height="4.667000000000002px" id="q4SooRAjE" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="round" stroke-width="1.2" stroke="rgb(35, 41, 51)" transform="translate(0 4.5)" width="9.333999999999946px"/></g></svg>)
by Sameer Mehta, CPO, Opal Security
We're bringing agents to Opal, starting with AI-guided access reviews.
Non-human and agent identities already outnumber people, and the roughly 100-hour review cycle can't keep up. The manual, human-scale way of governing access stopped working a while ago.
Governing access at machine scale takes more than workflows. It takes agents that can reason over access, make recommendations, and handle routine decisions, while a human stays accountable for the calls that matter. So we're building agents directly into Opal.
Each one is built to cut manual work, improve decision quality, and move governance faster.
Today, customers can put agents to work across:
Access reviews. Paladin reduces review effort and raises review quality.
Access requests. Paladin accelerates fulfillment while enforcing policy on every grant.
Search and access intelligence. Ask who has access to what in plain English with OpalQuery. No query language required.
Policy and remediation. AI-assisted OpalScript automates governance workflows and remediation actions.
Every agent runs on the same access graph, governance model, and audit trail, so every recommendation, decision, and action stays transparent and auditable. That's how organizations move from manual identity administration to AI-assisted governance without giving up control.
New today: AI-guided access reviews, powered by Paladin
We're building the first and last access review product for the agentic era.
The access review is where machine scale breaks first. Paladin changes that.
Up to 90% less review effort. Paladin groups the low-risk grants and shows the evidence behind each, so you clear them in one click and spend your attention on the access that could actually hurt you.
Targeted reviews in minutes. Define scope with query language, assign the right reviewers automatically, and skip the manual campaign setup.
Context for confident decisions. A unified review experience with rich access context, grouping, filtering, and prioritization.
On time and audit-ready. Automated reminders, bulk communications, progress tracking, and a complete decision history.
You set how much Paladin handles on a dial, not a switch, and a human signs off on every certification, so it holds up to an auditor.
Read the full breakdown of how it works →
Why not build this yourself?
Point a general-purpose model at your access data and it gets the routine calls right most of the time and wrong some of the time. In an access review, "wrong some of the time" is an audit finding waiting to happen.
We already have the connectors and the harness that weighs the signal into a defensible call, built over years and spread across customers. You're not in the business of building access reviews.
Proven in production, building for what comes next
"Once our access data was centralized in Opal, generating user access reviews became effortless." Sharon Aby, Senior Manager of IAM, Databricks
The best security and engineering teams protect their access with Opal. Databricks runs more than 86,000 time-bound access requests through Opal, and Chronosphere has cut standing access by 88%.
As Mercari's VP of Security and Privacy, Jason Fernandes, puts it: "Agents will need to be more and more treated as identities."
Agents will multiply faster than any identity before them, and they won't wait for a quarterly review. The teams that stay ahead won't be the ones with the most controls. They'll be the ones whose governance runs at machine speed and still answers to a human.
Ready to put agents to work on your access reviews?
Read the deep-dive blog to see how it works, join an upcoming webinar to see AI-guided access reviews in action, or schedule a demo with our team.
About Opal: Opal is the AI-native access security platform, for real-time visibility, expressive policy-as-code, and direct control over every identity — from employees to service accounts to AI agents. We are based in San Francisco, recently named to Notable Capital's Rising in Cyber 2026 list as selected by 150 leading CISOs, used by leading companies like Databricks, Notion, Cloudflare, Scale AI, CoreWeave, SpaceXAI, and Superhuman, and backed by Greylock, Battery Ventures, Silicon Valley CISO Investments (SVCI), and Cambium Capital.
