Hush Security Launches Unified Platform to Secure AI Agents and Non-Human Identities

TEL AVIV, Israel – February 24, 2026 – As enterprises race to adopt autonomous AI, a new security firm, Hush Security, has emerged from stealth to address what it calls the single largest blind spot in identity security today. The company today announced the general availability of its Unified Access Management Platform, a system purpose-built to govern the sprawling world of non-human identities (NHIs) and the powerful new class of AI agents.

The platform is the first to centralize identity-based access policies for every non-human actor across an organization's entire technology stack—from modern cloud infrastructure and APIs to the legacy databases still running critical operations. By replacing static credentials like API keys and certificates with dynamic, role-based access, Hush aims to bring the same rigorous governance applied to human users to the machines and autonomous agents now operating at unprecedented scale.

The Unseen Risk of the Agentic Era

The rise of AI-powered agents and the rapid automation of business processes have created a security challenge that traditional tools were never designed to handle. Non-human identities—which encompass everything from microservices and applications to scripts, bots, and IoT devices—are proliferating at an explosive rate. Industry research suggests these machine identities can outnumber human employees by a staggering 45-to-1, creating a vast and often unmonitored attack surface.

Unlike human accounts, these NHIs operate autonomously, 24/7, across complex systems. They are typically authenticated using static, long-lived secrets like API keys, service account credentials, and digital certificates. This "secret sprawl" is a critical vulnerability. These credentials are often hardcoded in applications, stored insecurely, and rarely rotated, making them a prime target for attackers seeking to move laterally through a network and escalate privileges.

Existing security tools have struggled to keep pace. Secret scanners can find exposed credentials but cannot remediate the underlying access problem. Vaults, while essential for storing secrets, do not govern how those secrets are used in real-time. This leaves security and Identity and Access Management (IAM) teams with a dangerous lack of visibility and control, often relying on manual processes and Jira tickets to address risks long after they've been identified. The introduction of agentic AI, which can act autonomously on a user's behalf, only amplifies this risk, creating complex permission scenarios that legacy systems cannot comprehend.

A New Paradigm: From Secrets to Identity

Hush Security's Unified Access Management Platform proposes a fundamental shift away from managing secrets and toward governing identity. Instead of storing credentials, the platform aims to make them obsolete by granting access based on a verified workload identity at the moment of a request.

The solution is built on two integrated pillars:

Runtime Visibility and Discovery: The platform features a patent-pending runtime detection engine that provides a live, dynamic view of how non-human identities operate. By correlating static identity data with real-time telemetry, it reveals how workloads actually authenticate, which permissions are used versus which are merely provisioned, and, most critically, where credentials are being actively exploited. This level of insight into runtime behavior offers a significant advantage over static analysis tools that only provide a point-in-time snapshot of potential risks.

Centralized Access and Governance: At its core, the platform acts as a unified control plane. It automatically provisions scoped, just-in-time ephemeral credentials based on verified workload identities and role-based policies. This "secretless" approach, built on open standards like the Secure Production Identity Framework for Everyone (SPIFFE), ensures that every machine-to-machine interaction is authenticated and authorized according to a centrally managed policy, effectively enforcing the principle of least privilege. A key advantage highlighted by the company is its ability to migrate an organization's existing credential-based access to this new model without requiring disruptive code changes.

Taming Autonomous AI with 'Effective Identity'

Perhaps the most forward-looking aspect of the launch is a new capability called "Effective Identity Access," designed specifically for the complexities of agentic AI. As AI agents are deployed to perform tasks on behalf of human users, they create a new and challenging identity problem: the agent's permissions are often a dynamic combination of its own intrinsic rights and the rights of the user who invoked it.

Hush's platform addresses this by calculating the real, merged permissions—the "effective identity"—for each autonomous session in real-time. This allows security teams to establish and enforce seamless zero-trust guardrails, ensuring that an AI agent, regardless of its own capabilities, cannot exceed the permissions of the user it is serving. This provides a crucial layer of accountability and control, preventing agents from becoming over-privileged vectors for attack or accidental data exposure. By treating the combined user-agent session as a single, governable identity, organizations can confidently deploy autonomous systems without sacrificing security oversight.

Redefining a Crowded Market

Hush Security enters a competitive landscape populated by identity security giants like CyberArk and Delinea, who are also expanding their privileged access management (PAM) solutions to cover non-human identities. However, Hush's leadership asserts its approach is fundamentally different.

"The agentic era demands a fundamental shift in how we think about security," said Micha Rave, CEO and co-founder at Hush Security, in the company's announcement. "The winners won't have the best scanner or the deepest vault; they'll be the ones who unify discovery, storage, and governance into a single control plane, across cloud, hybrid, and the legacy systems everyone knows exist, but no one wants to talk about."

This vision directly targets the limitations of the "vault model," which Rave argues was built for a slower, less dynamic era. The industry appears to be moving in this direction, with analyst firm Gartner predicting that 40% of organizations will adopt a "secretless" authentication approach by 2027. By focusing on runtime enforcement and eliminating static secrets entirely, Hush is positioning itself at the forefront of this next wave of identity security.

Backed by Experience and Capital

Adding to its credibility, Hush Security was founded by a team of four security veterans who previously founded Meta Networks, a zero-trust network access company acquired by Proofpoint in 2019 for $120 million. This track record of building and successfully exiting a company in the identity and access space lends significant weight to their new venture.

The company is also supported by prominent venture capital firms, including cybersecurity-focused YL Ventures and the technology-centric Battery Ventures. This strong financial backing, combined with the founders' proven expertise, signals significant confidence in Hush's mission. Furthermore, the company has already secured several Fortune 500 enterprises as paying customers, indicating that its message is resonating with large organizations grappling with the immediate and growing challenges of securing a world increasingly run by machines and AI.