.jpg)
Orca Security, the pioneer of agentless cloud security, today announced major enhancements to the Orca Platform, introducing new AI-powered security agents, real-time detection of AI usage across cloud environments, remediation-focused workflows, and code reachability analysis to help organizations move beyond fragmented alerts to faster investigation and measurable risk reduction.
Orca Security unveils new AI-driven capabilities including autonomous agents and runtime AI threat detection ahead of RSAC 2026.
Threat Investigation Agent automatically analyzes risk and produces transparent investigation reports with recommended containment actions.
AppSec Triage Agent analyzes SAST findings to identify false positives and reduce alert fatigue.
Runtime AI Threat Detection identifies when workloads and identities interact with AI models and third-party AI tools.
Orca Missions groups related findings into focused remediation initiatives with clear objectives and verification.
Code Reachability Analysis determines whether vulnerable code paths are actually invoked in applications.
As enterprises accelerate AI adoption and scale across multi-cloud environments, security teams are inundated with alerts yet lack the context and prioritization needed to distinguish real, business-critical risk from background noise. Research shows that 84% of organizations now run AI workloads in the cloud, and 62% already have vulnerable AI packages in their environments. Orca's latest innovations extend its unified platform to help teams understand threats faster, focus on truly exploitable vulnerabilities, and take action with confidence.
"Security teams don't need more data. They need to know what actually matters and what to do about it," said Gil Geron, CEO and co-founder of Orca Security. "These new capabilities are designed to turn complex cloud risk into clear, actionable guidance so teams can make faster decisions and reduce exposure in a measurable way. That shift from information to action is what ultimately improves security outcomes."
Threat Investigation Agent
Orca's Threat Investigation Agent automatically analyzes risk, correlates signals across the cloud environment, and produces transparent investigation reports with recommended containment actions.
AppSec Triage Agent
The new AppSec Triage Agent analyzes SAST findings to identify false positives, reduce alert fatigue, and help teams focus on real vulnerabilities.
Runtime AI Threat Detection
Orca now identifies when workloads, identities, and processes interact with AI models, MCP servers, and third-party AI tools. This enables security teams to understand how AI is being used, detect potential exposure of sensitive data, and implement AI governance based on real runtime activity.
Orca Missions
Orca groups related findings into Missions—focused remediation initiatives with clear objectives and verification—allowing teams to resolve clusters of risk efficiently and track meaningful improvements in their security posture.
Code Reachability Analysis
Orca now analyzes whether vulnerable code paths are actually invoked in applications, in addition to identifying vulnerable packages. Combined with Orca's existing Agentless and Dynamic Reachability Analysis, this provides comprehensive context to help teams prioritize vulnerabilities that are truly exploitable.
These enhancements build on Orca's agentless-first architecture, which provides deep visibility and risk prioritization across cloud infrastructure, workloads, identities, applications, and now AI systems, without requiring agents.
"Cloud security tools generate an incredible amount of data, but what teams really need is help understanding what to do next," said Erika Voss, SVP, Chief Security Officer at Blue Yonder. "What stands out about Orca is the way it connects the dots. Instead of spending hours piecing together alerts, our team can see what actually happened, what's exposed, and where to focus first."
Orca Security will showcase these new capabilities at RSA Conference 2026 in San Francisco. Attendees can visit Orca at Booth #1035 in the South Hall of Moscone Center to see live demonstrations.
About Orca Security
Orca enables organizations to make cloud security a strategic advantage. With the most comprehensive coverage and visibility across multi-cloud environments, the agentless-first Orca Platform unites teams to eliminate complexities, vulnerabilities and risks. Backed by Temasek, CapitalG, ICONIQ Capital, Redpoint Ventures and others, Orca is trusted by hundreds of organizations, including SAP, Gannett, Autodesk, Lemonade and Digital Turbine.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.