Andromeda Unveils Unified Security to Tame the Wild West of AI Agents

SAN FRANCISCO, CA – June 15, 2026 – As enterprises race to deploy autonomous AI agents to drive productivity, a vast and largely ungoverned frontier has emerged within their digital infrastructure. Today, Andromeda Security unveiled a major expansion to its identity platform, aiming to bring law and order to this new Wild West. The company has introduced a comprehensive security architecture designed specifically for agentic AI, unifying its governance with that of humans and other non-human identities (NHIs) under a single, actively enforced control plane.

This move comes at a critical juncture. The proliferation of AI agents—autonomous entities that can perform tasks, make decisions, and interact with complex systems—is creating an identity crisis for security teams. These agents, which can number in the thousands and often operate with broad permissions, represent a new and potent attack surface. Recent industry studies paint a stark picture: a staggering 47% of organizations have already reported a security incident involving an AI agent, and a mere 18% of security leaders feel their current identity systems are equipped to manage them. Andromeda's announcement directly targets this widening security gap, shifting the paradigm from passive monitoring to active, real-time enforcement.

The New Identity Crisis: Securing the Autonomous Workforce

The fundamental challenge with agentic AI is that it defies traditional security models. Unlike static applications, these agents are dynamic and non-deterministic; they can interpret instructions and adapt their behavior at runtime. This creates scenarios where an agent, while operating within its technical permissions, can violate business intent, access sensitive data, or be tricked by malicious prompts into exfiltrating credentials. This problem is compounded by the rise of “shadow AI,” where agents are deployed by teams without central IT oversight, leaving security blind to their existence, ownership, and risk posture.

Andromeda's expanded platform tackles this head-on by treating agents as first-class citizens within the identity ecosystem. By unifying Agent Access Intelligence, Management, and Governance, the system provides a centralized inventory of all agents, discovers their risk posture, and enforces granular policies on their actions. This addresses the critical need for visibility and control that most organizations currently lack.

"Scaling AI safely demands active agent security, not passive monitoring," noted Preston Horne, Security Manager for Identity & Access Management at Dark Matter Technologies, in the company's announcement. He highlighted that Andromeda's new capabilities deliver on this need, stating, "unifying them with human JML capabilities into a single continuous compliance engine is what sets this apart from other solutions we've evaluated."

From Passive Monitoring to Active Enforcement

The centerpiece of Andromeda's new offering is its shift from policy-as-code to policy-as-enforcement. The platform introduces what it calls the industry's first "Agent Application Firewall," an inline enforcement engine that operates through a high-performance gateway. This is not a traditional web firewall; instead, it inspects agent activity at the resource level, enabling organizations to set and enforce policies with unprecedented granularity.

Instead of granting an agent broad access to an entire application like Snowflake or GitHub, a security team can now restrict it to specific database tables, code repositories, or even individual API calls. This principle of least privilege is enforced in real-time. If an agent attempts an action outside its narrow scope, the gateway blocks it.

Furthermore, the platform integrates a sophisticated, step-up Just-in-Time (JIT) approval system for high-risk operations. When an agent needs to perform a sensitive task—such as modifying a production database or accessing personally identifiable information—the system can automatically trigger a human-in-the-loop approval workflow. This ensures that while agents can operate autonomously for routine tasks, critical actions remain under human oversight, dramatically reducing the potential blast radius of a compromised or misbehaving agent.

Redefining Governance for Humans, Machines, and AI

Beyond real-time enforcement, a core tenet of Andromeda's strategy is unified governance. The platform extends full Joiner, Mover, Leaver (JML) lifecycle management—a cornerstone of human identity governance—to the world of AI agents. A critical innovation here is the automated Agent Ownership Discovery and Attestation feature.

The system automatically links every autonomous or On-Behalf-Of (OBO) agent to a specific human owner who is responsible for certifying its access and behavior. This closes a dangerous blind spot that plagues many enterprises today: the “orphaned agent.” When an employee who created an agent changes roles or leaves the company, that agent can continue operating without oversight, its credentials potentially becoming stale and its purpose unknown. Andromeda's platform flags these ownership changes, ensuring the agent is either reassigned to a new owner or decommissioned, thereby maintaining a clear chain of accountability.

"Andromeda’s inline AI access management addresses the agent enforcement gap by delivering real-time, resource-level controls," said Bill Harper, Senior Director of Digital Identity at New American Funding. "It seamlessly combines with their AI Access Intelligence and Governance, providing us with the holistic context and inter-relationships across agents, NHIs, and humans needed to scale our AI initiatives safely."

Democratizing Control with Natural Language

Perhaps one of the most forward-looking features is the platform's GenAI-native conversational interface. Recognizing the complexity of managing thousands of identities and policies, Andromeda has built its own internal AI to help security teams manage the perimeter through natural language.

Instead of navigating complex menus or writing intricate policy code, an administrator can simply state their intent in a chat interface, such as, “Secure all agents with high-risk access to Snowflake.” The platform's internal agents then interpret this command, perform real-time analysis to identify the relevant agents and access paths, detect policy violations or toxic access combinations, and execute autonomous remediation to align the environment with the stated intent.

This approach not only accelerates security operations but also democratizes them, enabling a wider range of IT professionals to effectively manage the identity security posture without needing deep specialization in policy engineering. It represents a significant step toward a more intuitive and collaborative relationship between human operators and the security systems they manage.

While established identity giants like Okta and CyberArk are also extending their platforms to address non-human identities, Andromeda is making a bold play by building a unified, AI-native architecture from the ground up that treats humans, machines, and agents as co-equal participants in the enterprise. As the company demonstrates these new capabilities at the Identiverse 2026 conference this week, it is positioning itself not just as a tool vendor, but as a core enabler for enterprises looking to harness the power of agentic AI without succumbing to its inherent risks.