Identity governance for every access decision.
Apply identity controls across human users, AI agents, applications, and infrastructure from a single governance layer.
0
1
Trusted by leading companies
0
2
1
2
3
4
of 4
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M 16 0 L 16 7.354 L 13.415 7.354 L 13.415 2.585 L 8.645 2.585 L 8.645 0 Z M 0 0 L 0 7.354 L 2.585 7.354 L 2.585 2.585 L 7.355 2.585 L 7.355 0 Z M 13.416 10.58 L 8.646 12.965 L 8.646 16 L 16 12.323 L 16 8.646 L 13.415 8.646 L 13.415 10.581 L 13.416 10.581 Z M 2.586 8.647 L 0 8.647 L 0 12.324 L 7.354 16 L 7.354 12.965 L 2.584 10.581 L 2.584 8.646 L 2.585 8.646 Z" fill="rgb(0, 0, 0)" height="16px" id="W3JrrWZQM" width="16.000000457763672px"/></svg>)
AI that decides, or escalates to a human.
Paladin reviews requests, applies policy, evaluates risk, and shows its reasoning.
Access granted just in time, and revoked on its own.
Grant privileged access only when needed and automatically revoke it when work is complete.
Access reviews that recommend the call, and show the proof.
AI reads each entitlement, weighs the evidence, recommends a decision, and shows its reasoning.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><g d="M 0 0 L 16 0 L 16 16 L 0 16 Z M 8 10.667 C 9.473 10.667 10.667 9.473 10.667 8 C 10.667 6.527 9.473 5.333 8 5.333 C 6.527 5.333 5.333 6.527 5.333 8 C 5.333 9.473 6.527 10.667 8 10.667 Z M 0.7 8 L 4.667 8 M 11.34 8 L 15.307 8" fill="transparent" height="16px" id="kiR6YSNnD" width="16px"><path d="M 0 0 L 16 0 L 16 16 L 0 16 Z" fill="transparent" height="16px" id="zpfMrEdsz" width="16px"/><path d="M 7.3 5.334 C 8.773 5.334 9.967 4.14 9.967 2.667 C 9.967 1.194 8.773 0 7.3 0 C 5.827 0 4.633 1.194 4.633 2.667 C 4.633 4.14 5.827 5.334 7.3 5.334 Z M 0 2.667 L 3.967 2.667 M 10.64 2.667 L 14.607 2.667" fill="transparent" height="5.334000000000003px" id="SYkB2lKJ2" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="round" stroke-width="1.333" stroke="rgb(35, 41, 51)" transform="translate(0.7 5.333)" width="14.607000343322767px"/></g></svg>)
Govern what AI can see,
access, and execute.
Apply identity controls across agents, copilots, service accounts, and autonomous systems.
0
In production.
Palo Alto Networks
REDUCTION IN PRIVILEGED ACCESS
Enforce least privilege on customer data; track elevated sessions.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M 5.333 13.333 C 5.333 13.333 10.667 10.667 10.667 6.667 L 10.667 2 L 5.333 0 L 0 2 L 0 6.667 C 0 10.667 5.333 13.333 5.333 13.333 Z" fill="transparent" height="13.333319999999999px" id="equA7u1gL" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="round" stroke-width="1.33333" stroke="rgb(255, 255, 255)" transform="translate(2.666 1.334)" width="10.666680000000001px"/></svg>)
Security engineering
Sophos
DEVELOPERS ON JUST-IN-TIME ACCESS
Phishing-resistant MFA and JIT across hundreds of AWS accounts.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M 10.667 0 L 1.333 0 C 0.597 0 0 0.597 0 1.333 L 0 6 C 0 6.736 0.597 7.333 1.333 7.333 L 10.667 7.333 C 11.403 7.333 12 6.736 12 6 L 12 1.333 C 12 0.597 11.403 0 10.667 0 Z" fill="transparent" height="7.333319999999999px" id="K6q7GL0Oo" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="round" stroke-width="1.33333" stroke="rgb(255, 255, 255)" transform="translate(2 7.334)" width="12px"/><path d="M 0 6 L 0 3.333 C 0 2.449 0.351 1.601 0.976 0.976 C 1.601 0.351 2.449 0 3.333 0 C 4.217 0 5.065 0.351 5.69 0.976 C 6.315 1.601 6.667 2.449 6.667 3.333 L 6.667 6" fill="transparent" height="6px" id="fztNhD33u" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="round" stroke-width="1.33333" stroke="rgb(255, 255, 255)" transform="translate(4.666 1.334)" width="6.666680000000001px"/></svg>)
Identity & access
Valon
ACCESS REQUESTS, DOWN FROM 3 DAYS
Time-based access to sensitive permissions, live in a single week.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M 0 0 L 0 14.667" fill="transparent" height="14.666684px" id="cBu7sIHbg" stroke-dasharray="" stroke-linecap="butt" stroke-linejoin="round" stroke-width="1.33333" stroke="rgb(255, 255, 255)" transform="translate(8 0.666)" width="1px"/><path d="M 7.333 0 L 2.333 0 C 1.714 0 1.121 0.246 0.683 0.683 C 0.246 1.121 0 1.714 0 2.333 C 0 2.952 0.246 3.546 0.683 3.983 C 1.121 4.421 1.714 4.667 2.333 4.667 L 5.667 4.667 C 6.286 4.667 6.879 4.912 7.317 5.35 C 7.754 5.788 8 6.381 8 7 C 8 7.619 7.754 8.212 7.317 8.65 C 6.879 9.088 6.286 9.333 5.667 9.333 L 0 9.333" fill="transparent" height="9.333319999999999px" id="qLYsPGXgK" stroke-dasharray="" stroke-linecap="butt" stroke-linejoin="round" stroke-width="1.33333" stroke="rgb(255, 255, 255)" transform="translate(4 3.334)" width="8px"/></svg>)
Fintech
CoinList
Every action
LOGGED FOR AUDIT
Self-hosted, with full session logging for stringent crypto compliance.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><g d="M 0 16 L 0 0 L 16 0 L 16 16 Z M 14.667 7.387 L 14.667 8.001 C 14.666 9.438 14.201 10.837 13.34 11.988 C 12.479 13.14 11.269 13.982 9.891 14.39 C 8.512 14.797 7.039 14.748 5.69 14.25 C 4.342 13.752 3.19 12.831 2.408 11.625 C 1.625 10.419 1.254 8.993 1.348 7.558 C 1.443 6.124 1.999 4.758 2.933 3.665 C 3.867 2.572 5.129 1.811 6.531 1.494 C 7.934 1.177 9.401 1.322 10.714 1.907 M 14.667 2.666 L 8 9.339 L 6 7.339" fill="transparent" height="16px" id="D3cCFWK3k" width="16px"><path d="M 0 16 L 0 0 L 16 0 L 16 16 Z" fill="transparent" height="16px" id="qhByo01LO" width="16px"/><path d="M 13.333 6.057 L 13.333 6.67 C 13.333 8.108 12.867 9.507 12.006 10.658 C 11.145 11.81 9.936 12.652 8.557 13.06 C 7.178 13.467 5.705 13.418 4.356 12.92 C 3.008 12.422 1.856 11.501 1.074 10.295 C 0.292 9.089 -0.08 7.663 0.014 6.228 C 0.109 4.794 0.665 3.428 1.599 2.335 C 2.533 1.242 3.795 0.481 5.197 0.164 C 6.6 -0.153 8.067 -0.008 9.38 0.577" fill="transparent" height="13.33331820665041px" id="Gs80lcw7T" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="miter" stroke-miterlimit="10" stroke-width="1.33333" stroke="rgb(255, 255, 255)" transform="translate(1.334 1.33)" width="13.333311084581034px"/><path d="M 8.667 0 L 2 6.673 L 0 4.673" fill="transparent" height="6.67333px" id="idsX0jB3e" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="miter" stroke-miterlimit="10" stroke-width="1.33333" stroke="rgb(255, 255, 255)" transform="translate(6 2.666)" width="8.6667px"/></g></svg>)
Compliance
In production.
Palo Alto Networks
REDUCTION IN PRIVILEGED ACCESS
Enforce least privilege on customer data; track elevated sessions.
Security engineering
Sophos
DEVELOPERS ON JUST-IN-TIME ACCESS
Phishing-resistant MFA and JIT across hundreds of AWS accounts.
Identity & access
Valon
ACCESS REQUESTS, DOWN FROM 3 DAYS
Time-based access to sensitive permissions, live in a single week.
Fintech
CoinList
Every action
LOGGED FOR AUDIT
Self-hosted, with full session logging for stringent crypto compliance.
Compliance
In production.
Palo Alto Networks
0%REDUCTION IN PRIVILEGED ACCESS
Enforce least privilege on customer data; track elevated sessions.
Security engineering
Sophos
0+DEVELOPERS ON JUST-IN-TIME ACCESS
Phishing-resistant MFA and JIT across hundreds of AWS accounts.
Identity & access
Valon
0 minACCESS REQUESTS, DOWN FROM 3 DAYS
Time-based access to sensitive permissions, live in a single week.
Fintech
CoinList
Every action
LOGGED FOR AUDIT
Self-hosted, with full session logging for stringent crypto compliance.
Compliance
“
As agents gain autonomy, they will increasingly need to be treated as identities, with circuit breakers and least-agency enforcement.”
Jason Fernandes
VP Security & Privacy, Mercari
“
Opal is one of those rare products that gives us back time to focus on what matters.”
Alfredo Hickman
CISO, Obsidian
Opal secures every identity in modern infrastructure, from employees to AI agents
“
As agents gain autonomy, they will increasingly need to be treated as identities, with circuit breakers and least-agency enforcement.”
Jason Fernandes
VP Security & Privacy, Mercari
“
Opal is one of those rare products that gives us back time to focus on what matters.”
Alfredo Hickman
CISO, Obsidian
Opal secures every identity in modern infrastructure, from employees to AI agents
“
As agents gain autonomy, they will increasingly need to be treated as identities, with circuit breakers and least-agency enforcement.”
Jason Fernandes
VP Security & Privacy, Mercari
“
Opal is one of those rare products that gives us back time to focus on what matters.”
Alfredo Hickman
CISO, Obsidian
Opal secures every identity in modern infrastructure, from employees to AI agents
ENTERPRISE READY
Built for regulated environments.
SOC 2 Type 2 certified and independently penetration-tested every year. Run Opal in our cloud or your own environment, with every access change logged and searchable, so audit evidence is a byproduct of how you operate.
/1
SOC 2 Type 2
Independently audited security controls. Full report available under NDA.
/2
Self-hosted or on-prem
Deploy in our cloud, your own VM, or Kubernetes, for the most tightly controlled environments.
/3
Encryption everywhere
TLS 1.2+ in transit, AWS KMS at rest, daily encrypted backups.
See how Opal secures enterprise environments at scale.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg"><g d="M 4.5 0 L 4.5 9.334 M 0 4.5 L 4.667 9.167 L 9.334 4.5" fill="transparent" height="9.334000000000003px" id="wVLQb2Yt7" transform="translate(2.5 2.5)" width="9.333999999999946px"><path d="M 0 0 L 0 9.334" fill="transparent" height="9.334000000000003px" id="Ho_4eUERn" stroke-dasharray="" stroke-linecap="butt" stroke-linejoin="round" stroke-width="1.2" stroke="rgb(35, 41, 51)" transform="translate(4.5 0)" width="1px"/><path d="M 0 0 L 4.667 4.667 L 9.334 0" fill="transparent" height="4.667000000000002px" id="q4SooRAjE" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="round" stroke-width="1.2" stroke="rgb(35, 41, 51)" transform="translate(0 4.5)" width="9.333999999999946px"/></g></svg>)
/4
Searchable audit log
Every access change and admin action logged, attributable, and exportable to your SIEM or S3.
/5
Tested continuously
Independent penetration testing at least annually, plus monthly vulnerability scans.
/6
Data residency and transfers
US or EU hosting, GDPR and CCPA support, and EU Standard Contractual Clauses for cross-border data.
ENTERPRISE READY
Built for regulated environments.
SOC 2 Type 2 certified and independently penetration-tested every year. Run Opal in our cloud or your own environment, with every access change logged and searchable, so audit evidence is a byproduct of how you operate.
/1
SOC 2 Type 2
Independently audited security controls. Full report available under NDA.
/2
Self-hosted or on-prem
Deploy in our cloud, your own VM, or Kubernetes, for the most tightly controlled environments.
/3
Encryption everywhere
TLS 1.2+ in transit, AWS KMS at rest, daily encrypted backups.
See how Opal secures enterprise environments at scale.
/4
Searchable audit log
Every access change and admin action logged, attributable, and exportable to your SIEM or S3.
/5
Tested continuously
Independent penetration testing at least annually, plus monthly vulnerability scans.
/6
Data residency and transfers
US or EU hosting, GDPR and CCPA support, and EU Standard Contractual Clauses for cross-border data.
ENTERPRISE READY
Built for regulated environments.
SOC 2 Type 2 certified and independently penetration-tested every year. Run Opal in our cloud or your own environment, with every access change logged and searchable, so audit evidence is a byproduct of how you operate.
/1
SOC 2 Type 2
Independently audited security controls. Full report available under NDA.
/2
Self-hosted or on-prem
Deploy in our cloud, your own VM, or Kubernetes, for the most tightly controlled environments.
/3
Encryption everywhere
TLS 1.2+ in transit, AWS KMS at rest, daily encrypted backups.
See how Opal secures enterprise environments at scale.
/4
Searchable audit log
Every access change and admin action logged, attributable, and exportable to your SIEM or S3.
/5
Tested continuously
Independent penetration testing at least annually, plus monthly vulnerability scans.
/6
Data residency and transfers
US or EU hosting, GDPR and CCPA support, and EU Standard Contractual Clauses for cross-border data.
0
CTA
0
CTA
0
CTA
AI that makes continuous access decisions, with you on the dial.
AI that makes continuous access decisions, with you on the dial.
AI that makes continuous access decisions, with you on the dial.
Everything you need to know about Opal
What is Opal Security and what does it do?
What systems does Opal integrate with?
How is Opal different from traditional IGA and IAM tools?
Can Opal govern AI agents and non-human identities?
Does Opal replace my existing identity stack?
How fast can Opal be deployed?
Who is Opal's leadership?
FAQ
Everything you need to know about Opal
What is Opal Security and what does it do?
What systems does Opal integrate with?
How is Opal different from traditional IGA and IAM tools?
Can Opal govern AI agents and non-human identities?
Does Opal replace my existing identity stack?
How fast can Opal be deployed?
Who is Opal's leadership?
FAQ
Everything you need to know about Opal
What is Opal Security and what does it do?
What systems does Opal integrate with?
How is Opal different from traditional IGA and IAM tools?
Can Opal govern AI agents and non-human identities?
Does Opal replace my existing identity stack?
How fast can Opal be deployed?
Who is Opal's leadership?
FAQ
