Lumos Launches the Identity Agent Force to Govern Access for Every Human, NHI, and AI Identity

SAN FRANCISCO — June 15, 2026 — Lumos, the identity management platform for the agentic era, today announced the Identity Agent Force, a team of AI agents that continuously govern access across every human, machine, and AI agent in the enterprise. These agents, part of the new Agent Hub, include: an Access Review Agent, an Access Request Agent, a Role Mining Agent, an Entitlement Analyst, an NHI Owner Hunter, and an Agent Ownership Finder, with more agents shipping throughout the year.

Attackers have agents now. With offensive models like Mythos, one attacker does the work of a hundred, running phishing, credential theft, and lateral movement faster than any human team can investigate. Simultaneously, defenders have more to protect than ever. Humans, non-human identities like service accounts and API keys, and a new workforce of AI agents all must be governed and secured.

Identity teams responsible for this critical work can’t succeed with traditional, human-centric identity tools. They are already drowning in tickets, reviews, and one-off requests, and the gap widens every quarter. 

If attackers have agents, defenders need agents too. The Identity Agent Force gives enterprises fire to fight fire: an integrated team of agents that absorbs the manual work at machine speed, at massive scale, all in the background. Humans' work becomes more important. Instead of pushing tickets, they encode the system with direction, strategy, and best practices.

"AI is reshaping the enterprise faster than any technology before it, and traditional identity forces an untenable choice: move slow and die, or go fast and put the business at risk," said Andrej Safundzic, CEO of Lumos. "Attackers aren’t waiting. They are using agents to attack businesses like never before. The Identity Agent Force gives defenders the same advantage with a team of agents that not only lets them fight back, but win."

Agents do the work. Humans build the system.

Traditional identity platforms manage access through human workflows like requests, approvals, reviews, certifications. That model is periodic and manual. Access reviews happen quarterly while risk changes hourly. Engineers keep access years after they need it. Service accounts run critical workflows without clear owners. Least privilege stays a project that never finishes.

Most AI in identity today only makes that old workflow easier to talk to. A human still has to chase the issue, understand the context, and do the work.

The Identity Agent Force changes the operating model. Each agent runs continuously in the background, makes access decisions across every identity, and escalates only the exceptions that need human judgment. When a team needs more coverage, they deploy another agent from the Agent Hub.

Every agent stands on two foundations:

• A live map of every identity and every permission. Every human user, non-human identity, and AI agent, mapped down to the fine-grained access inside each app.
• Memory of how the company actually operates. Lumos remembers who owns what, which approvals route through legal, what a sales engineer should and shouldn't touch, which contractors can go near customer data. Lumos builds and maintains this context, so every new agent understands the business on day one.

Inside the Identity Agent Force

• Access Review Agent. Runs access reviews end-to-end, certifying safe access on its own and surfacing only the decisions a human needs to make.
• Access Request Agent. Grants access for exactly as long as someone, or some agent, needs it, then revokes it on its own. Standing privileges shrink with every request.
• Role Mining Agent. Learns how teams actually use access and drafts least-privilege roles in seconds, not after a year-long consulting project.
• Entitlement Analyst. Translates permissions into plain English, so approvers see what access actually grants before they say yes.
• NHI Owner Hunter. Monitors every service account, API key, and token, and shuts down the dormant or over-scoped ones before attackers find them.
• Agent Ownership Finder. Catalogs the agents and NHIs running in the business and assigns each a human owner. New agents get an owner before they get to work.

Because Lumos is built on a full Identity Governance (IGA) backbone, the agents go beyond point-in-time fixes. Every action can be translated into durable policy, improving security posture and compliance with each decision. Request a demo at lumos.com.

About Lumos

Lumos is the first identity platform built around autonomous agents, not manual workflows. Security teams use Lumos to give every human, machine, and AI agent a living control layer that watches and governs access in real time. Traditional identity governance was built for human workflows and periodic reviews. AI makes the problem bigger, messier, and faster: more identities to protect, more permissions to govern, and less time to catch abuse. Lumos helps teams at companies like Mars, Netskope, Assurant, and GitLab move faster, reduce risk, and prove compliance, all while keeping humans in control.

‍