Account Executive

Orca Security deploys AI agents to defend against AI agents - and that's not as recursive as it sounds. At RSAC 2026, Orca launches autonomous Threat Investigation and AppSec Triage agents, plus runtime AI detection that tracks every LLM call, MCP server, and shadow AI deployment across your cloud estate. OpenClaw Team The security industry has been talking about "AI for security" for years. But Orca Security's RSAC 2026 announcement is the first major platform release that treats AI agents as both the threat and the response - and connects them through a single data model. Two new autonomous agents, runtime AI detection that tracks every LLM call in your cloud, and a remediation workflow engine that turns findings into resolved issues. Here's what actually shipped. The Threat Investigation Agent. Security teams drown in alerts. Cloud environments generate thousands of findings, and the highest-skill, most time-consuming work isn't triaging - it's investigating. A senior analyst spends hours correlating signals across cloud logs, identity records, network flows, and application traces to determine whether an alert is a real incident or noise. Orca's Threat Investigation Agent does that work autonomously: * Ingests the alert with full context from Orca's Unified Data Model - workload metadata, identity chains, exposure details, network topology * Correlates signals across the environment, validating facts rather than making assumptions * Produces an investigation report with a verdict, evidence chain, and proposed containment actions * Explains its reasoning - every conclusion links back to the data that supported it The transparency piece is critical. Security agents that produce verdicts without explanations are useless in regulated environments. Orca's approach - transparent decision logic with visible reasoning chains - is the design pattern that enterprise security teams actually need. The practical impact: what previously took a senior analyst 2-4 hours of manual investigation now produces actionable results in minutes. Not by cutting corners, but by automating the correlation and fact-checking that consumes most investigation time. The AppSec Triage Agent. SAST scanners are notorious for false positive rates that erode developer trust. When 60-80% of your alerts are noise, developers stop looking at any of them. Orca's AppSec Triage Agent attacks this directly: * Analyzes code context of each SAST finding - not just the pattern match, but the surrounding logic * Determines false positive likelihood based on actual code behavior (e.g., "this open redirect has explicit URL validation upstream") * Automatically deprioritizes confirmed false positives by reducing risk scores * Lets humans override - every AI triage decision can be reviewed and reversed For confirmed true positives, the agent chains into Orca's existing AI-driven code remediation to generate pull requests with fixes. The full pipeline: detect | triage | fix | PR - mostly autonomous, with human review at the merge point. Runtime AI detection: the shadow AI problem gets a solution. This is the announcement with the biggest long-term implications. Orca Sensor now identifies actual runtime usage of AI across cloud environments, regardless of provider or programming language. Not static scanning. Not configuration auditing. Real-time detection of which workloads are calling which LLMs, sending what data, through which MCP servers. What Orca now tracks: | Detection | Why It Matters | | Which workloads invoke LLMs | Inventory of AI usage across the estate | | Sensitive data sent to models | Data loss prevention for AI workflows | | External MCP server connections | Shadow tool integrations | | AI provider and model identification | Vendor risk management | | Prompt injection vulnerability assessment | Application-level risk | | Internal vs. external AI interactions | Attack surface mapping | | Identity/process to AI correlation | Governance and attribution | This addresses the visibility gap that Microsoft's shadow agent research and AvePoint's AgentPulse have highlighted. You can't govern what you can't see. Orca's approach - correlating AI runtime activity with cloud context (workloads, identities, exposure, network) - produces a richer picture than AI-only governance tools. For OpenClaw users specifically: if your agent runs in a cloud environment, this is the kind of detection that will identify your MCP server connections, LLM API calls, and data flows. Understanding what enterprise security tools can see helps you build agents that play well with governance frameworks. Orca Missions: from findings to resolution. The fourth piece is less glamorous but potentially more impactful: Orca Missions groups related security findings into remediation workflows with objectives and verification steps. Instead of presenting 47 individual alerts about a misconfigured IAM role and its downstream effects, Missions creates a single workflow: "Remediate over-permissioned service account X - 47 related findings, 3 containment actions, verification criteria." Teams work through structured missions rather than swimming in alert soup. Code reachability analysis. Orca also adds code reachability analysis that determines whether vulnerable code paths are actually executed. A critical CVE in a dependency that's imported but never called is a different risk than one in a hot code path. Combining static analysis with runtime and agentless signals produces more accurate prioritization than any single method alone. The bigger picture. Orca's release fits a pattern OpenClaw has been tracking throughout RSAC 2026 pre-announcements: * Microsoft's Agent 365 governs agents at the platform level * Salt Security's Agentic Graph maps agent attack surfaces * OWASP AIVSS scores agent vulnerabilities * Orca's agents investigate threats and triage findings autonomously The stack is assembling: score risk (AIVSS), govern access (Agent 365), map attack surface (Salt), detect and respond (Orca). Each layer addresses a different aspect of the agentic security problem. The question is whether these pieces will interoperate - or whether enterprises will need to build their own integration layer. Orca is at Booth #1035 in the South Hall at Moscone, demonstrating all four capabilities live through March 26. Liked this article? Try OpenClaw. Stop reading about automation - start using it. OpenClaw connects to your email, calendar, code, and smart home from WhatsApp or Telegram. More OpenClaw guides and analysis connected by topic, tags, and content overlap. Security - Mar 30, 2026 At RSAC 2026, Splunk unveiled six specialized AI agents for Enterprise Security - from detection building to malware reversing to guided response. The SOC is no longer a human-only operation. Security - Mar 28, 2026 Proofpoint CEO Sumit Dhawan argues AI agents behave like human insiders: non-deterministic, manipulable, and capable of behavioral drift. The fix isn't firewalls - it's the same behavioral monitoring enterprises already use for employee insider risk. Security - Mar 28, 2026 Databricks enters the security market with Lakewatch - an open, agentic SIEM built on the lakehouse architecture. Backed by two acquisitions (Antimatter, SiftD.ai) and powered by Anthropic's Claude, it's designed for petabyte-scale threat detection at 80% lower cost than legacy SIEMs. Ready to try OpenClaw? Join the waitlist for managed hosting. OpenClaw'll notify you when your spot is ready. No credit card required. OpenClaw'll notify you when hosted service launches.

Orca Security advances ai-first cloud defense with autonomous agents and Runtime AI Threat Detection. Mar 16, 2026 Prev Next 1 of 42,811 Orca Security, the pioneer of agentless cloud security, announced major enhancements to the Orca Platform, introducing new AI-powered security agents, real-time detection of AI usage across cloud environments, remediation-focused workflows, and code reachability analysis. These innovations enable organizations to move beyond fragmented alerts to faster investigation, clearer prioritization, and measurable risk reduction in the AI-era. As enterprises accelerate AI adoption and scale across multi-cloud environments, security teams are inundated with alerts yet lack the context and prioritization needed to distinguish real, business-critical risk from background noise. Research shows that 84% of organizations now run AI workloads in the cloud, and 62% already have vulnerable AI packages in their environments. Orca's latest innovations extend its unified platform to help teams understand threats faster, focus on truly exploitable vulnerabilities, and take action with confidence. "Security teams don't need more data. They need to know what actually matters and what to do about it," said Gil Geron, CEO and co-founder of Orca Security. "These new capabilities are designed to turn complex cloud risk into clear, actionable guidance so teams can make faster decisions and reduce exposure in a measurable way. That shift from information to action is what ultimately improves security outcomes." New platform capabilities include: * Threat Investigation Agent: Orca's Threat Investigation Agent automatically analyzes risk, correlates signals across the cloud environment, and produces transparent investigation reports with recommended containment actions. * AppSec Triage Agent: The new AppSec Triage Agent analyzes SAST findings to identify false positives, reduce alert fatigue, and help teams focus on real vulnerabilities. * Runtime AI Threat Detection: Orca now identifies when workloads, identities, and processes interact with AI models, MCP servers, and third-party AI tools. This enables security teams to understand how AI is being used, detect potential exposure of sensitive data, and implement AI governance based on real runtime activity. * Orca Missions: Orca groups related findings into Missions - focused remediation initiatives with clear objectives and verification - allowing teams to resolve clusters of risk efficiently and track meaningful improvements in their security posture. * Code Reachability Analysis: Orca now analyzes whether vulnerable code paths are actually invoked in applications, in addition to identifying vulnerable packages. Combined with Orca's existing Agentless and Dynamic Reachability Analysis, this provides comprehensive context to help teams prioritize vulnerabilities that are truly exploitable. These enhancements build on Orca's agentless-first architecture, which provides deep visibility and risk prioritization across cloud infrastructure, workloads, identities, applications, and now AI systems, without requiring agents. "Cloud security tools generate an incredible amount of data, but what teams really need is help understanding what to do next," said Erika Voss, SVP, Chief Security Officer at Blue Yonder. "What stands out about Orca is the way it connects the dots. Instead of spending hours piecing together alerts, our team can see what actually happened, what's exposed, and where to focus first."