In this article
SAN FRANCISCO and NEW YORK, December 9, 2025 — Lumos, the Autonomous Identity company, today announced the launch of Agentic User Access Reviews (UARs). This first-of-its-kind capability deploys autonomous AI agents to review user access, spot risky permissions, and enforce least privilege by default. By replacing manual spreadsheet reviews with AI-driven context and clear recommendations, Lumos helps organizations finish review campaigns up to 6x faster while eliminating the security risks associated with "rubber-stamped" approvals.
Access reviews have reached a breaking point. With the explosion of apps, identities, and data, managers are now confronted with thousands of line items but lack the context to understand who uses what. Under pressure to clear their queues, many default to a “Select All → Approve” approach. This "rubber stamping" phenomenon keeps unused and risky access in place, turning what should be a critical security control into a meaningless paperwork exercise.
Industry data confirms the scale of the problem:
- The "Rubber Stamp" Epidemic: Research indicates that "review fatigue" drives managers to approve nearly all access requests without scrutiny, undermining the security value of the audit process.
- Operational Waste: Manual reviews waste tens of thousands of dollars per employee annually in administrative time. Worse, human error leads to "dirty data" and failed audits, forcing teams to spend months fixing mistakes instead of securing the business.
- Real-World Impact: Organizations automating identity workflows report massive efficiency gains. A leading fintech company recently saved $3.5 million in unused licenses and repurposed the work of 6 full-time employees by automating access and governance workflows with Lumos.
Agentic Autonomy: Stop Guessing, Start Verifying
Lumos Agentic UARs fundamentally change the workflow. Instead of asking managers to investigate every user from scratch, the Lumos AI Identity Agent, Albus, runs the first pass.
Albus analyzes dozens of data points for every identity—including role, department, access sensitivity, last activity, peer group alignment, and SoD conflicts. It then separates low-risk, commonly used access from high-risk anomalies, suggesting exactly what to keep and what to remove based on real-time evidence.
“Traditional IGA tools just move the spreadsheet into a web app. We didn't just build a tool; we built an analyst,” said Andrej Safundzic, CEO & Co-Founder of Lumos. “Agentic User Access Reviews use Albus to do the heavy lifting first. It validates who the user is, if they actually use the access, and if it violates policy. This transforms a blind guess into a fast, verified decision and helps our customers trust that reviews are actually protecting the business, not just draining it.”
Customer Validation
Prosper, a fintech company handling sensitive financial data, uses Agentic UARs to strengthen security beyond simple compliance.
“For years, access reviews felt like a black box. Managers were asked to approve permissions without any proof that they were needed. Lumos Agentic UARs changed that. Real-time activity and last login data now sit inside the review screen so our managers can see if access is used and how risky it is. It turned a compliance chore into a real security check.” — Matthew Anderson, Sr Manager of Corporate IT, Prosper.
Key Capabilities
- Complete Visibility: Reviews cover humans, service accounts, and other non-human identities (NHI) in a single view. This eliminates the "blind spots" where over-privileged bot accounts often hide.
- Natural Language Explanations: Albus goes beyond abstract risk scores. Get explanation in plain language why an access looks safe or unsafe (e.g., "User hasn't logged in for 90 days" or "Matches peer group usage") so managers and auditors have total clarity on every decision.
- Peer and Role Analysis: Albus identifies “role anomalies”—users who have access that their teammates do not—to catch privilege creep and scope drift.
- Inactivity Detection: Automatically flags accounts and permissions that have been dormant, allowing teams to remove access before it becomes a target for takeover.
- Closed-Loop Remediation: Instantly deprovisions rejected access across more than 100 integrations and creates an immutable audit trail, eliminating the need for manual cleanup tickets.
Availability Agentic User Access Reviews are available now for Lumos customers. To learn more about how Albus is transforming UARs, visit here or read the launch blog post.
About Lumos
Lumos is the first Autonomous Identity platform to automatically discover and manage access across all your apps. Instead of being overwhelmed by the sprawl of apps and access, Lumos empowers organizations with one unified solution that controls access on auto-pilot. With Lumos, gain full visibility, enhance security, and boost productivity — all in one platform. Trusted by hundreds of companies including Pinterest, Anduril, and GitHub, Lumos powers millions of access requests across global companies. Learn more: www.lumos.com.
Media Contact
Janani Nagarajan
VP of Product Marketing
press@lumos.com
