Opal Security has introduced three new AI-native capabilities designed to unify how organizations view, define, and enforce access governance, marking what the company describes as the industry’s first platform to fully integrate these functions.
The launch is anchored by Paladin, an AI access evaluation agent that operates as a core decision-maker within access workflows. Rather than layering AI onto existing systems, Opal Security is positioning artificial intelligence as an active participant in access governance, handling decisions, orchestration, and policy enforcement.
Paladin Brings Autonomous Access Decision-Making
At the center of the announcement is Paladin, which evaluates access requests by analyzing identity data, access history, ticket references, resource sensitivity, and user justification. Based on this analysis, it can approve requests or escalate them for further review with detailed reasoning.
Unlike traditional AI copilots that offer recommendations, Paladin functions as a reviewer within the approval chain, maintaining its own identity, audit trail, and authority. When additional information is provided after an escalation, the system can reassess and resolve requests dynamically, often without human involvement.
Paladin also integrates with project management platforms such as Linear and Jira to verify ticket validity and alignment with requested access. Each decision is logged with full context in the system’s activity feed.
Opal Security said the increasing scale and speed of AI agents make manual access governance unsustainable. The company emphasized automation as the only viable approach, enabling organizations to manage access through systems such as MCP, Terraform, or Opal’s APIs.
OpalScript and OpalQuery Expand Governance Capabilities
In addition to Paladin, Opal Security unveiled OpalScript and OpalQuery, two tools designed to complement and complete the governance process.
OpalScript introduces a Python-like policy language that allows security teams to codify access rules into automated workflows. These scripts can be written manually or generated using natural language prompts, enabling teams to enforce complex policies without relying on engineering resources. Use cases include separation-of-duties controls and multi-step approval workflows tied to specific conditions such as ticket validation, time limits, and authorization checks.
OpalQuery provides an AI-powered interface for exploring access data using plain English queries. The tool translates user input into structured searches across the company’s identity and access graph, returning results instantly. Teams can also save, share, and export queries for audit purposes, reducing the need for custom SQL or engineering support.
Together, the three capabilities are designed to form a continuous governance loop: visibility through OpalQuery, policy creation through OpalScript, and enforcement through Paladin.
New Data Highlights Growing Access Risks
The product launch follows findings from Opal Labs’ report, The Permission Gap: How Unused Access is the Newest Security Crisis, which highlights the scale of overprovisioning in organizations.
According to the report, automatically granted access is up to 50 percent more likely to go unused than manually reviewed access. Nearly half of employees hold at least one entitlement they have not used in more than three months, while four out of five resources have at least one stale assignment.
The report also identified more than 40,000 active access assignments that have gone unused for over three months, increasing exposure to potential breaches. Additionally, organizations may face up to 900,000 manual access reviews annually, requiring an estimated 213,000 hours to manage.
Howard Ting, CEO of Opal Security, said organizations are struggling to manage excessive and outdated privileges, which create significant security risks. He noted that unused permissions represent vulnerabilities that often go undetected, and emphasized the need for tools that allow teams to move faster while reducing risk. Opal Security said the new platform capabilities, including Paladin, OpalScript, and OpalQuery, are now available to all customers.