Israel Duanis

We shipped Autopilot 10 weeks ago. Autopilot is our autonomous AI agent for identity governance, designed to continuously monitor identity environments, evaluate risk in context, and take action without waiting for human review.

Since then, what's surprised me most isn't about the product. It's about what enterprise security leaders actually want from autonomy, and how dramatically that differs from what the identity industry has been selling them for the last decade.

What follows are notes from inside that learning. Real conversations with the security teams running Autopilot today, plus the CISOs, Heads of IAM, and identity architects evaluating it for the next wave. Across retail, financial services, healthcare, hospitality, and Big Tech. The patterns showed up faster than I expected. They were more uniform than I expected. And one of them surprised me.

The pattern across every conversation

Different industries. Different sizes. Different titles. The same line, in slightly different words.

A CISO at a global financial services firm put it most directly: "I don't need another alert and a warning. I need something to take action."

A senior identity architect at a Fortune 500 retailer framed the other side of the same coin: "I need a log of every action the agent takes, with the reasoning. We still work with auditors, and 'the system decided' isn't a good enough answer."

On the surface those two statements look opposite. One asks for autonomy. The other asks for documentation. But they're the same insight, said from two seats: enterprises want autonomous action, and they want a clean audit trail of every action that gets taken. Autonomy without auditability is a non-starter in any regulated environment. Auditability without autonomy is the status quo we've all been stuck with for a decade.

The thing that's been mis-sold for ten years is that autonomy and accountability are opposites. They're not. They're complementary. Customers are not asking us to choose between "fully automated" and "humans review everything." They're asking for a system that does the work and shows its work, at the same time, every time.

Almost nobody in the legacy identity governance market has built that combination. They've built two products: rules engines that fire alerts, and access reviews that get rubber-stamped quarterly. Neither is autonomous. Neither produces the kind of action-level audit trail a regulated environment can defend. Both are exhausting.

We built Autopilot to do both: take the action, and produce a complete, defensible audit log of every step it took and why. That's the unlock.

The crawl-walk-run shape they're choosing themselves

I expected we'd have to convince buyers to start small with autonomy. To meet them where they were, hand-hold them through a phased rollout, and prove value before unlocking more.

Instead, security teams are articulating the pattern back to us before we pitch it.

A Head of Security at a healthcare enterprise said it clearly: "Trust in autonomy builds over time. So maybe it prompts me first, but as we get comfortable with it, this just needs to run. I've got an agent for that. It just happens."

Almost every conversation followed this shape. Phase 1: the agent investigates, surfaces a recommendation, a human clicks. Phase 2: an admin pre-approves classes of action, and the agent executes. Then, eventually, full autonomy on narrow, well-bounded tasks.

This is buyers leading the architecture, not vendors prescribing it. That's a tell. It means the market has matured past the question of whether autonomy belongs in identity governance and moved to the question of how to operationalize it without losing accountability.

The teams we're working with don't need convincing. They need a credible path. We've built that path into Autopilot from day one.

What buyers are rejecting

Every demo we ran ended in a comparison. Security leaders held Autopilot up against their existing IGA stack, and named what was breaking.

The list rhymes across industries.

Quarterly access reviews are theater. A senior security leader at a global financial data firm asked his team, almost rhetorically, "would you rather have compliance or security?" The framing was sharp because it was honest. Quarterly UAR cycles exist for auditors, not for defenders. Everybody in the room knows it. Nobody in legacy IGA has the architecture to fix it, because their architecture is built around the cycle. Ours isn't.

Rules-based systems produce more alerts, not more action. Several CISOs described arriving at security programs that had ten thousand identity rules and one human staring at the dashboard. The rules weren't wrong. They were just disconnected from the question of who actually had the authority to act on them. Autopilot collapses that gap.

Legacy deployments take years and don't reduce manual work. One enterprise security leader described getting more value in three weeks of running Linx than in three years of running two of the largest legacy IGA platforms combined. I'm not going to name the platforms. The point wasn't that those tools are bad. It's that they were built for a different era of identity, one where humans had time to be in the loop on every decision. That era is over.

One enterprise we engaged with was running five identity products simultaneously. Five. They had to deprovision one because it was disrupting the others. This is what the end-state of "buy more tools" looks like. It's not a security program. It's a tax on the security team. We replace that stack with one platform that does what those five together couldn't do.

These aren't edge cases. They're the pattern.

The agents teams want first

When teams pick their first Autopilot deployment, three patterns dominate.

Admin Drift Monitor. Listens for any access change that elevates someone to admin. Runs a peer comparison and a JIT/access-profile check. Only fires if it finds no justification for the elevation. The reason this one wins is concrete: it produces almost zero false positives, because the bar for "should this human be admin" is exceptionally well-defined inside any mature security program. Teams audit the agent's reasoning easily. They trust it within days. Then they extend it.

UAR Reviewer Classifier. Continuously evaluates entitlements during access review campaigns and pre-recommends approve/deny before the human even opens the review. The pattern: stop asking humans to be the first decision-makers. Make them the second. The human's time is worth far more on the close calls than on the obvious ones.

Access Profile Tuner. The next agent we're shipping. It continuously refines access profiles based on real usage patterns, tightening over-provisioned access automatically and surfacing the gap between what someone has and what they actually use day to day. Same architectural pattern as the first two: narrow scope, accountable action, the human as the second decision-maker, not the first.

What links these three agents is what they aren't. They aren't general-purpose AI assistants. They aren't conversational chatbots. They aren't models that "help you think about identity." They're narrow, accountable, single-purpose agents. They do one thing. They do it well. They show their work.

This is the part of the next 12 months in identity that I think the industry is going to get wrong. The future isn't going to be one giant AI that handles all of identity governance. It's going to be a fleet of narrow agents, each one auditable, each one deployed when the team is ready, each one retired or replaced as the threat shape changes.

The phrase I've started using internally is "the control plane is the agent fleet, not the model." That's the architectural bet behind Autopilot. We've built it that way because the security teams running it are operating that way.

We make autonomy boring. Boring in the way that fire suppression in a data center is boring. Specifically engineered, well-instrumented, mostly invisible, deeply trusted. That's the bar we set for Autopilot, and it's the bar we're meeting.

What this means for the next twelve months

A few predictions, from where I sit 10 weeks in.

The identity governance category is going to fragment along the autonomy axis. Vendors who ship generic "AI-powered" features bolted onto rules engines will lose share to vendors who ship narrow, accountable agents that customers can audit, deploy, and extend. The winners will be the ones who make autonomy explicable, not the ones who make it impressive. We've made our bet, and the market is validating it in real time.

The "control plane" framing is the right one, but it goes beyond agents. Microsoft, Okta, and others are now naming their agent control surfaces. That's a market-defining moment. The deeper truth, though, is that the agent control plane only works if the identity control plane underneath it is unified. You can't govern an agent's actions if you don't have a unified record of every human, machine, service account, and agent identity in your environment. Identity becomes the substrate. The agent layer is the workload. Linx is the only platform built for both.

CISOs are going to keep telling us they want autonomy and verification together. I expect this signal to get louder, not quieter. The boards of the companies our customers serve are starting to ask "are we governable?" instead of "are we secure?" That's a more sophisticated question, and it's going to drive procurement priorities for the next two years. The platforms that answer it well will define the next decade of security.

The bar for what counts as "autonomous identity security" is going to rise quickly. Six months from now, the demo bar will be entirely different from where it is today. The bar is being set by the platforms shipping today, with skin in the game. We are one of them.

Closing

We shipped Autopilot 10 weeks ago. The conversations are different from the ones I had a year ago. Different from six months ago. Different from 10 weeks ago.

The market is moving, and it's moving toward something specific: autonomous identity governance that earns trust by showing its work. That's exactly what we built.

If you're a CISO or Head of IAM thinking about how autonomy fits into your identity program, what to deploy first, how to phase trust, where the audit trail needs to live, we'd be glad to compare notes. The companies that figure this out first won't be the ones who buy the most tools. They'll be the ones who deploy autonomy with discipline. We're doing it now. Come see what 10 weeks of shipping autonomous identity governance actually looks like.

10 weeks in, that's what I'm certain of.

Frequently asked questions

What is autonomous identity security?

Autonomous identity security is the use of AI agents to continuously monitor identity environments, evaluate risk in context, and take action in real time without waiting for human review. It replaces the periodic, alert-driven model of legacy identity governance with a continuous, agent-driven model that operates at machine speed and produces a complete audit trail of every action taken.

What is Linx Security's Autopilot?

Autopilot is Linx Security's autonomous AI agent for identity governance. It runs as a fleet of narrow, single-purpose agents, including Admin Drift Monitor, UAR Reviewer Classifier, and Access Profile Tuner, that each perform a specific identity governance task continuously, with full action logging and customer-readable rationale on every decision. Autopilot is shipping today, with deployments and active engagements across retail, financial services, healthcare, hospitality, and Big Tech.

How is autonomous identity security different from legacy IGA?

Legacy identity governance platforms are built around quarterly access review cycles, rule-based alerting, and human-in-the-loop decision making. Autonomous identity security is built around continuous monitoring, AI-driven contextual risk evaluation, and direct action by accountable agents. Linx Security delivers value in weeks rather than the months or years typically required by legacy IGA platforms.

Which Autopilot agents do customers deploy first?

The two most common first deployments are Admin Drift Monitor, which detects unauthorized administrative privilege elevation and only fires when it finds no business justification, and UAR Reviewer Classifier, which pre-classifies entitlements during access review campaigns to reduce human review time. Access Profile Tuner is the next agent shipping, continuously refining access profiles based on actual usage patterns. Teams typically extend to additional agents over the following 30 to 90 days as trust in the platform builds.

How does autonomous identity governance work with auditors?

Autonomous identity security only works in regulated environments if every action the system takes produces a complete, defensible audit trail. Linx Security's Autopilot logs every action with full reasoning, the data inputs the agent used, and the policy or context that triggered the decision. This satisfies SOC 2, ISO 27001, NIST, and most regulatory frameworks while maintaining continuous autonomous operation.

Who should consider autonomous identity security?

Autonomous identity security is most relevant for CISOs, Heads of Identity and Access Management, and security architects at enterprises with more than 1,000 employees or significant non-human identity sprawl across service accounts, machine identities, AI agents, and contractor access. Companies operating in regulated industries (financial services, healthcare, retail, hospitality) and those running multiple legacy identity tools simultaneously typically see the fastest value from migrating to a single autonomous platform.

We're at one of those rare moments where an entire software category gets rewritten from scratch. Not improved. Replaced. AI isn't making identity governance faster - it's making the old architecture obsolete.

When Niv and I started Linx two years ago, we made a bet: that the identity governance category was overdue for a fundamental rethink, and that AI-native architecture - not AI bolted onto legacy infrastructure - would be what made that possible. That the future of IGA wasn't periodic reviews and manual workflows. It was continuous, autonomous, and built for a world where humans, machines, and AI agents all coexist inside the same enterprise.

Today, I'm proud to announce that Linx Security has raised a $50M Series B, led by Insight Partners, with continued support from Cyberstarts and Index Ventures - bringing our total funding to $83 million. And alongside this round, we've launched Linx Autopilot: the industry's first AI agent purpose-built for Identity Governance and Administration.

This isn't just a funding milestone. It's a signal that the IGA category is at an inflection point - and that Linx is leading it.

Why Now

The identity landscape has been transformed by three forces converging at once.

First, AI agents are proliferating inside every enterprise - not as experiments, but as active participants in business workflows. They hold credentials. They access sensitive systems. They act with autonomy. And almost none of today's governance frameworks were built to manage them.

Second, the attack surface has exploded. One breach, one over-privileged service account, one dormant credential - and the damage can be catastrophic. Boards know it. CISOs feel it daily. The compliance frameworks are finally catching up.

Third - and this is what excites me most - the technology is finally ready. AI-native architecture makes it possible to do in seconds what traditional tools take weeks to accomplish: detect, evaluate risk in context, and act. Not reactively. Continuously.

IGA was always treated as a necessary evil. A compliance checkbox. Something you suffered through. We built Linx on the premise that it doesn't have to be that way.

What We're Building - and Why It Matters Now

The enterprise of 2026 doesn't look like the enterprise IGA was designed for. AI agents are being provisioned inside every workflow. Non-human identities now outnumber human ones. The attack surface isn't growing linearly - it's multiplying. And the governance frameworks built for a world of on-prem directories and annual access reviews were simply never designed for this reality.

Linx is built AI-native from the ground up - not AI layered onto legacy architecture. That distinction matters more than it might sound. It's what allows us to move from periodic, reactive governance to something fundamentally different: continuous, autonomous identity security that operates at the speed of the business and the speed of the threat.

Think of it as having a security operator working 24/7 on your behalf - one that monitors every identity in your environment, detects risk in context as it emerges, and acts before the damage is done. When a privileged account behaves unexpectedly, it responds. When an AI agent is provisioned with excessive permissions, it sees it. When an employee moves roles and leaves ghost access behind, it remediates - before an attacker finds it first.

Security teams don't lose control. They gain leverage. The tedious, repetitive work gets handled autonomously. The decisions that require human judgment get escalated. That's what modern identity governance looks like - and that's what we're delivering.

To the People Who Made This Possible

None of this happens without the people.

To Niv - twenty years of shared history, and I still learn something from you every week. Building this company alongside you has been one of the great privileges of my career. You push this product to places I wouldn't have imagined.

To Sarit - your technical vision and relentless standards are woven into every line of this platform. What you've built with the engineering team is something we'll be proud of for a long time.

To our entire Linx team - 100 people who bet on a vision and made it real. Every customer win, every product breakthrough, every late night - that's us, together. I'm incredibly proud of what we've built as a team.

To Teddie, Elan and the Insight Partners team - your belief in where this market is going gave us a true partner for the next chapter. And to Gili at Cyberstarts, and Shardul at Index Ventures - you've been with us from the beginning, and your conviction in this vision has never wavered. We don't get here without all of you.

And to our customers - the security leaders and identity practitioners who chose to build with us early, challenged us to be better, and trusted us with what matters most. You are the reason we do this. Your trust is the highest validation we know.

What Comes Next

The market isn't just ready, it's asking for it. Every security leader we talk to, every enterprise scrambling to govern AI agents they provisioned last quarter with no visibility into what they can access, confirms what we believed two years ago: this category was overdue, and the moment is now.

What comes next is simple to say and hard to execute: we scale. We're growing the team, accelerating the Autopilot roadmap, and going deeper with the enterprises already trusting us to govern millions of identities in production.

The IGA category is being rewritten. The window to define what the next generation looks like is open.

We intend to define it.

‍

- Israel Duanis, CEO & Co-Founder, Linx Security

How Forrester defines the new workforce identity stack

Forrester defines workforce identity security platforms as unified platforms that govern, administer, and enforce identity security safeguards across workforce users, human and nonhuman, to protect networks, applications, and data. These platforms pull together identity data sources, SSO, MFA, access management, and identity governance, then layer on AI-driven identity intelligence and analytics.

In other words, this is no longer “just IAM.” The platform is expected to:

• Deliver identity-centric security and help prevent identity-based attacks by eliminating security gaps and reducing the attack surface.
• Maintain regulatory compliance and audit readiness across frameworks like SOX, GDPR, PCI DSS, and DORA.
• Improve workforce productivity with streamlined onboarding, access requests, SSO, and self-service.

Forrester also calls out the growing pressure from nonhuman identities and AI:

• The proliferation of nonhuman identities (NHIs) like service accounts, workloads, APIs, and AI agents is now a primary challenge that drives identity sprawl and business risk.
• The agentic AI workforce is named as the top disruptor, requiring new governance, lifecycle, and risk detection models, along with support for emerging AI security protocols and standards.

This is exactly the world Linx was built for: a mix of humans, machines, and AI agents that all need access, all the time.

Where Linx shows up in the Forrester Landscape

The report covers 32 vendors globally. Linx Security is listed among those vendors, alongside hyperscalers, long-time IAM players, and a small number of specialized identity security platforms.

Forrester then breaks the market into:

• Core use cases: identity and access policy administration, workforce onboarding and offboarding, secure workforce access, and regulatory compliance reporting.
• Extended use cases: IAM process automation, identity governance, identity security posture management, identity threat detection and response, machine and AI agent identity management, and third-party access management.

In the extended use case matrix, Linx is listed in three specific areas:

1. Identity governance
2. Machine and AI agent identity management
3. Identity security posture management

Those three are not generic checkboxes for us. They are the center of how the Linx platform is designed.

Why these areas matter, and how they map to what Linx does

1. Identity governance: modern IGA that people actually use

Forrester treats identity governance as one of the extended use cases that differentiates workforce identity platforms beyond basic IAM.

In practice, that means:

• Running access reviews that do more than produce spreadsheets.
• Enforcing least privilege without creating months of manual role modeling.
• Proving to auditors, at any time, who has access to what and why.

Linx leans into modern IGA with AI-assisted access reviews, contextual recommendations, and immutable, auditor-ready reports. The goal is simple: get your certifications done faster, with higher quality decisions, and leave behind an evidence trail that stands up in front of a regulator or a board.

2. Machine and AI agent identity management: securing the agentic workforce

Forrester calls out the proliferation of nonhuman identities and the rise of agentic AI as both a primary challenge and the top disruptor in this market.

This is where Linx has been investing heavily:

• Treating AI agents, service accounts, and workloads as first-class identities, not an afterthought.
• Giving security teams visibility into what those agents can reach, and what they actually use.
• Applying the same least-privilege, lifecycle, and review controls to nonhuman identities that you already expect for human users.

As enterprises push more work into autonomous agents, this becomes a board-level risk question, not a tooling detail. Seeing Linx recognized in this emerging use case is a strong signal that we are aligned with how the category will evolve over the next few years.

3. Identity security posture management: from “who has access” to “what should we fix first”

Forrester describes how workforce identity platforms are increasingly defined by AI-driven identity security intelligence. They are expected to detect drift and misconfiguration, and support real-time identity threat detection and response.

That is essentially the identity security posture management problem:

• You need a complete map of identities, entitlements, and relationships.
• You need to know which patterns represent real risk, not just noise.
• You need a path to remediate excessive or toxic access, not just report on it.

Linx tackles this with graph-based visibility across SaaS, cloud, and business apps, layered with AI that flags excessive privileges and risky access paths. Then, instead of stopping at “observability,” we allow teams to actually remediate from within the platform, with automation where appropriate and human review where needed.

What this means for customers

This Forrester Landscape is not a ranking or a Wave. It is a map of who is in the game and how the market is shifting. Being included is step one. Being listed in extended use cases that sit at the heart of the next identity decade is the more important part.

For our customers and partners, the message is straightforward:

• You are not alone in feeling that traditional IAM and legacy IGA were not designed for today’s mix of humans, machines, and AI agents.
• Analysts now describe the market in terms that match the problems you are bringing to us every week: posture management, governance that works at scale, and control over nonhuman identities.
• Linx is recognized as one of the vendors focused on exactly those problems, not as a generalist tool trying to be everything to everyone.

We will keep sharing more detail on how we approach identity governance, posture, and AI agent control over the coming months. For now, this report is a useful validation that the hard problems you are asking us to solve are the same ones reshaping the entire workforce identity security market.

Find the full report here: Forrester Workforce Identity Security Platforms Landscape.

After a little over a year of relentlessly hard (and fun!) work alongside my co-founder, Niv Goldenberg, I’m excited to share that today Linx Security is emerging from stealth.

Already working with large-scale companies across a large variety of industries such as financial services, retail, real estate, technology companies and others, Linx is helping them dramatically shrink their identity attack surface and close major gaps in compliance—by enabling them to finally get control over their whole identity lifecycle.

Here is how we got to where we are today.

From physics to 8200 to identity security

Niv and I go back a long time. Twenty years back, in fact.

We first met while working together in the army’s cybersecurity unit (8200, the NSA equivalent). The sheer urgency and complexity of the projects we were tasked with played a critical role in molding our approach to problem-solving. And we found a mutual passion for tackling challenges head-on—especially, the types of challenges that others had already given up on.

Our shared passion continued through university, where we collaborated on physics and computer science projects. And it carried through to our professional roles—myself as the Director of Engineering at Checkpoint Security, and Niv as the VP of Product at Transmit Security. But we always knew that one day, we would tackle some of the world’s most complex issues together.

From our origins in physics to 20+ years in the cybersecurity space gave us dual abilities: one, the ability to ask the right questions (which is never as straightforward as it seems), and two, the ability to find the most practical way to resolve the problem—quickly. “Who should have access to what?” is such an easy question to ask, but so difficult to resolve. But as soon as this problem is solved, it would significantly relieve the pressure from enterprises where most of them have moved to having identity as their main perimeter. A complexity that we feel fortunate to have the opportunity at Linx to solve.

The evolution of identity security

Identity Authorization used to be simple. It was a closed system, on-prem, based on one source of truth—the Active Directory.

Meaning the biggest problem for companies was authentication and verification. Ensuring only authorized users had access to your systems, assets, and information.

But just as the law of conservation of momentum states, momentum is constant in an isolated system unless an external force is applied.

And that’s exactly what happened to identity. In a very short period of time, it had multiple, external forces thrown at it—which significantly increased its momentum, causing identity management and security to spin out of control.

First, it was the shift of infrastructure and applications to the cloud—beyond the control of on-prem solutions. Second, this shift to the cloud led to a rapid increase in the scale of human identities—we see this today, with one person owning multiple online aliases and login credentials. And third, the fast introduction of machine identities to organizations.

Further complicating matters, at large organizations, identity is fractured across three siloed teams: identity, security, and IT. Each team tackles identity from a different perspective, using their own tools for their specific responsibilities within the lifecycle. This fragmented approach creates a complex mess, filled with security and compliance risks – even with the wealth of existing solutions available.

And even though countless solutions existed for identity verification, authentication, and security, companies were still struggling to get identity under control.

We thought—why? Why does it have to be so hard? Why does it have to be so complicated?

That was the moment we knew we had found the challenge we wanted to solve.

So we rolled up our sleeves and got to work.

Uniting security, identity, and IT teams to get control over identity security

The result is what you see today: Linx, a refreshingly different identity security platform that is a significant departure from existing solutions.

Linx enables organizations to finally get the whole identity lifecycle under control with a radically modern approach that unites identity, security, and IT ops teams—by mapping the hidden relationships between employees, their digital identities, and the apps, software, platforms, and programs they have access to.

By providing the right tools, visibility, and understanding, along with deeply contextual insights and automated workflows, Linx allows these teams to work together efficiently and seamlessly to control and secure identity. Enabling organizations to ultimately shrink their identity attack surface and close gaps in compliance.

To our customers, we thank you for your ongoing support and trust. And to Index and Cyberstarts, and to our advisors—your guidance has been instrumental in making this product a reality.

To my co-founder, Niv, and the rest of our amazing team—I'm incredibly proud of what we've accomplished so far, and I can't wait to share even more details about our product and vision as the months unfold.

We are excited for what the future holds as we untangle the complexity of identity security. Once and for all.