On April 28, 2026, Silverfort, a leading identity security company, announced its acquisition of Fabrix Security, an AI-native identity security startup. This strategic move brings together Silverfort’s Runtime Access Protection (RAP) technology with Fabrix’s advanced AI decisioning engine to create the first autonomous identity security platform that operates effectively at runtime.
The combined solution targets the fast-growing challenges of securing autonomous AI agents that plan, act, use tools, and delegate tasks across enterprise systems at machine speed. Traditional identity and access management tools, built for human users and static configurations, struggle to provide the visibility, context, and real-time controls required in the agentic era.
The unified platform will enable organizations to discover, monitor, evaluate risk, and enforce access decisions for both human and non-human identities continuously. Joint capabilities are expected to become available to customers in the second half of 2026. This acquisition positions Silverfort to lead in protecting the expanding agentic workforce while maintaining strong security, governance, and compliance standards.
Key Terms
Runtime Identity Security: The practice of continuously monitoring, analyzing, and enforcing access decisions and agent behavior while identities and systems are actively operating, allowing dynamic responses rather than relying solely on pre-configured rules.
Autonomous / Agentic AI: AI systems that independently set goals, plan actions, interact with tools and APIs, make decisions, and delegate tasks with little or no constant human supervision.
Admin-Time Controls: Static permissions, roles, policies, and access rights that are defined and granted during initial setup or configuration and remain fixed until manually reviewed or updated.
Knowledge Graph (Identity Context): A dynamic, interconnected data structure that captures rich information about identities, permissions, relationships, behavioral patterns, intent, and business context to support intelligent, real-time authorization decisions.
Non-Human Identities (NHIs): Service accounts, API keys, OAuth tokens, bots, and now AI agents that operate with delegated authority inside enterprise environments, often requiring different governance approaches than human users.
Conditions Driving the Acquisition
Several converging factors created strong momentum for this acquisition. Enterprises are rapidly deploying autonomous AI agents to automate complex workflows in areas such as finance, operations, compliance, and customer service. Many organizations now manage hundreds or thousands of these agents, each capable of making thousands of decisions and tool calls per minute.
At the same time, the volume and diversity of non-human identities have exploded. These identities often receive broad permissions during deployment, creating significant risk when combined with limited real-time oversight. Traditional identity security tools were designed for slower, human-driven processes and rely heavily on periodic access reviews and static rules set at admin time.
Adversaries are also adopting AI to accelerate attacks, using stolen credentials and over-privileged accounts to move laterally at speeds that outpace human response. Regulators are increasing expectations for accountability, auditability, and demonstrable controls over autonomous systems. Organizations face pressure to scale agentic AI adoption for competitive advantage without compromising security or compliance.
The gap between the speed of agent operations and the capabilities of legacy identity tools has become unsustainable. This acquisition directly responds to the need for identity security that matches the autonomy, velocity, and scale of modern AI agents while delivering the contextual intelligence required for safe runtime enforcement.
What Identity Security Looked Like Before
Prior to this acquisition, identity security for AI agents and non-human identities depended primarily on static, admin-time controls. Security teams manually configured permissions, OAuth scopes, service accounts, and access policies at the time of deployment. Once granted, these permissions typically remained in place with only occasional periodic reviews.
Visibility into agent activities was often limited to after-the-fact log analysis, which proved difficult to scale across thousands of agents and complex tool interactions. There was minimal ability to understand an agent’s intent or evaluate risk in the moment of access. Behavioral monitoring for non-human identities was rudimentary, and organizations lacked mechanisms to dynamically adjust permissions based on changing context or observed behavior.
Just-In-Time access was rarely practical because systems could not make fast, intelligent authorization decisions without introducing friction that slowed business operations. Audit trails existed but were frequently incomplete or hard to correlate, making it challenging to reconstruct sequences of agent actions for internal investigations or regulatory inquiries.
As agent deployments grew, many enterprises operated with a difficult tradeoff: grant broad access to maintain productivity or impose restrictive controls that limited the value of agentic AI. Shadow agents operating outside formal processes added further risk, and security teams struggled to keep pace with the volume and velocity of agent-driven activity.
What Identity Security Looks Like After
With the integration of Fabrix Security’s technology, identity security moves to a new level of autonomy and real-time capability. The combined platform uses a rich identity knowledge graph to provide deep context on identities, permissions, intent, relationships, and business processes. This intelligence feeds into Silverfort’s Runtime Access Protection to enable precise, dynamic decision-making and enforcement while agents are operating.
Organizations now gain continuous visibility into every agent action, real-time behavioral evaluation, and automated risk-based responses at machine speed. Just-In-Time access becomes practical and scalable, with permissions granted or adjusted based on current context rather than fixed rules. The system can detect anomalous agent behavior instantly and intervene when necessary without disrupting legitimate operations.
Audit and compliance capabilities improve significantly through detailed, session-level trails that capture agent reasoning, decisions, and actions. Security teams can enforce least-privilege principles dynamically across both human and non-human identities under a unified framework. The platform supports the full lifecycle of agentic identities, from discovery and risk assessment to ongoing monitoring and automated governance.
This shift allows enterprises to scale AI agent deployments confidently while maintaining strong controls. It closes critical gaps in visibility and response time, enabling organizations to adopt agentic AI more aggressively without increasing exposure to identity-based risks.
Our Take
AI Security Take
This acquisition represents a meaningful advancement in AI governance for production environments. As organizations deploy large numbers of autonomous agents, identity security must evolve into a continuous, intelligent control layer that operates at the same speed as the agents it protects.
Silverfort’s combination with Fabrix delivers runtime decisioning and enforcement backed by rich contextual intelligence. It strengthens core governance areas including security through real-time intervention, monitoring via continuous behavioral analysis, and compliance through detailed, regulator-ready audit evidence.
For CISOs, AI governance leaders, and risk teams, the central lesson is that static, admin-time identity controls are insufficient for the agentic era. Purpose-built runtime identity infrastructure is becoming essential infrastructure for responsible scaling of autonomous AI. Early adopters of such platforms will benefit from better visibility, reduced risk, and stronger accountability as agent deployments expand across the enterprise.
Organizations should evaluate their current identity security posture against the demands of agentic workflows and consider platforms that deliver autonomous, context-aware controls at runtime. This approach turns identity security from a potential bottleneck into an enabler of safe, scalable AI adoption.
