Opal Security Raises $23M as Identity Governance Expands Beyond Humans

Opal Security has raised $23M in new funding led by Greylock and Battery Ventures, with participation from Cambium Capital, bringing the company's total funding to $59M. The San Francisco-based company is building an AI-native access governance platform designed to manage identities across employees, service accounts, non-human identities, and AI agents. Founded by Umaimah Khan and Stephen Cobbe, Opal Security is currently led by CEO Howard Ting and operates at the intersection of cybersecurity, identity governance, and enterprise AI.

The funding arrives at a moment when enterprise security teams are confronting a new reality: identity governance is no longer just about people. AI agents are increasingly taking actions, accessing systems, and interacting with critical infrastructure inside organizations. For investors, the bet is not simply on identity management. The bet is that AI-driven enterprises will create a new category of governance challenges, and companies capable of controlling access at machine speed will become foundational infrastructure.

What Happened

Opal Security announced a $23M funding round led by Greylock and Battery Ventures, with participation from Cambium Capital. The raise brings the company's cumulative funding to $59M, following a $1.8M seed round, a $10M Series A, and a $22M Series B. The company describes itself as an AI-native access governance platform built to provide visibility and control across every identity operating inside an enterprise environment. That includes employees, contractors, service accounts, machine identities, and increasingly, AI agents. The Opal Security platform combines access governance, just-in-time access controls, policy automation, and identity visibility across human and non-human identities.

The timing matters. Security teams spent the last decade trying to understand human access. Then cloud infrastructure exploded. Service accounts multiplied. SaaS environments sprawled across departments. Now AI agents are arriving with the ability to request information, trigger workflows, and interact with systems independently. Each new identity creates another layer of governance complexity. Enterprises are discovering that automation doesn't eliminate security problems. It often manufactures new ones faster.

Why This Matters

Every technology cycle creates an invisible tax. Cloud computing created infrastructure sprawl. SaaS created application sprawl. AI is creating identity sprawl. That's the underlying market dynamic driving Opal Security's growth. Most organizations already struggle to answer basic questions about access. Who has permission? Why do they have it? Should they still have it? Those questions become significantly harder when thousands of non-human identities begin operating alongside employees.

This is why investors continue to fund identity security despite a crowded cybersecurity market. Greylock and Battery Ventures have backed major infrastructure and cybersecurity companies across multiple technology cycles, making their continued interest in identity governance notable. Identity remains one of the most persistent attack surfaces in modern enterprises. The challenge isn't simply preventing unauthorized access. The challenge is maintaining visibility across an environment where permissions, credentials, and identities change constantly.

Opal Security's platform is designed around that problem. The company focuses on just-in-time access, AI-powered access reviews, programmable governance, and policy controls that apply consistently across human and non-human identities. In other words, the company is trying to solve tomorrow's security problem before it becomes tomorrow's headline.

Market Context

The identity security market is experiencing a shift that feels subtle until you zoom out. Historically, identity governance platforms focused on workforce access. Employees logged in. Permissions were granted. Reviews happened periodically. Compliance boxes were checked. Everyone moved on. That model begins to break down when software itself starts behaving like a user.

AI agents don't wait for quarterly access reviews. They don't operate within traditional work schedules. They interact with systems continuously, often at a speed that makes manual oversight impractical. This creates a governance challenge that traditional Identity Governance and Administration (IGA) architectures were not designed to handle. Opal Security is positioning itself directly inside that transition.

The company's customer roster includes organizations such as Databricks, Cloudflare, Notion, Scale AI, CoreWeave, Figma, Grammarly, Elastic, Runway, Verily, Marqeta, Blend, and Superhuman. Those customers represent a useful signal. Many operate in environments where infrastructure complexity, developer velocity, and AI adoption are already accelerating. The problem is not theoretical. It is operational.

Competitive Landscape

Identity governance is not a new market. Large incumbents have spent years serving enterprise customers through traditional Identity Governance and Administration (IGA), Privileged Access Management (PAM), and Identity and Access Management (IAM) platforms. What Opal Security appears to be betting on is that the market is entering another transition period. Previous generations of identity software were largely built around compliance workflows and workforce access management. Modern environments increasingly require real-time governance, policy automation, and continuous visibility across dynamic systems.

That distinction matters. A security platform that can only explain what happened yesterday becomes less valuable in environments where AI agents are making decisions today. Investors seem to recognize this shift. Greylock and Battery Ventures are not known for placing infrastructure bets casually. Their participation suggests confidence that identity governance is becoming more important as enterprises accelerate AI deployment rather than less important.

The irony is difficult to miss. For years, AI conversations centered on productivity gains. Now a growing portion of enterprise spending is focused on controlling what those AI systems can actually touch.

What This Signals

The leadership changes at Opal Security provide another clue about where the company believes the market is heading. CEO Howard Ting has expanded the executive team with the promotion of Alex Pien to CTO and the addition of Sameer Mehta as CPO. The company also added John Clark, Michael Kwon, and Christine Ooley to strengthen engineering, product, and go-to-market capabilities. According to the company, more than 60% of the team joined since the start of 2026.

That level of hiring activity typically reflects preparation rather than maintenance. Companies don't build leadership benches because things are slowing down. They do it because they believe demand is accelerating. The broader signal extends beyond Opal Security itself. Enterprise buyers are increasingly treating identity as infrastructure rather than a compliance requirement. That distinction changes budget priorities, product expectations, and competitive positioning across the cybersecurity landscape.

The Bigger Industry Shift

Technology has a habit of solving one problem while creating 3 new ones. AI adoption is following that pattern. Organizations are deploying agents to increase productivity, automate workflows, and reduce operational friction. At the same time, every new AI-driven process introduces another identity that requires governance. AI agents are rapidly becoming a distinct enterprise identity category alongside employees, contractors, and service accounts.

The security question is evolving. For years, enterprises asked: Who has access? Increasingly, they are asking: What has access? That shift may sound small. It isn't. It represents a fundamental expansion of identity security from workforce management into machine governance.

Opal Security's funding round is ultimately a bet on that transition. The company is building around a future where employees are only one category of identity inside enterprise environments. AI agents, service accounts, and autonomous systems will require the same visibility, controls, accountability, and governance standards as people. Whether that future arrives gradually or all at once remains to be seen. The capital flowing into the sector suggests investors believe the answer is arriving faster than many organizations expect.

Frequently Asked Questions

What is Opal Security?

Opal Security is a San Francisco-based cybersecurity company that provides AI-native identity governance and access management software for enterprises.

How much funding has Opal Security raised?

Opal Security has raised $59M in total funding, including a new $23M round announced in June 2026.

Who invested in Opal Security?

Greylock and Battery Ventures led the latest funding round, with participation from Cambium Capital.

Who founded Opal Security?

Opal Security was founded in 2020 by Umaimah Khan and Stephen Cobbe.

Who is the CEO of Opal Security?

Howard Ting is the CEO of Opal Security.

What problem does Opal Security solve?

Opal Security helps organizations govern access across employees, service accounts, non-human identities, and AI agents.

Why are AI agents changing identity security?

AI agents increasingly access systems and data autonomously, creating governance and security challenges that traditional identity platforms were not designed to manage.

What is identity governance?

Identity governance is the process of controlling, reviewing, and managing access rights across users, systems, applications, and machine identities.