Notifications
Clear all
Topic starter
07/06/2026 9:01 pm
TL;DR: C1’s selection to the 2026 Fortune Cyber 60 comes as the company says it manages millions of identities, automates access requests by up to 95%, and extends governance to non-human and AI identities as identity counts rise 100x, according to ConductorOne. The real signal is that identity programmes are being pushed toward automation, broader lifecycle coverage, and machine identity governance at the same time.
NHIMG editorial — based on content published by ConductorOne: C1 named to the Fortune Cyber 60 list of top venture-backed cybersecurity companies
Questions worth separating out
Q: How should IAM teams respond when identity governance moves toward AI-native automation?
A: They should redesign governance around decision quality, not workflow volume.
Q: Why do non-human identities need separate governance from human users?
A: Because service accounts, API keys, tokens, and certificates do not behave like people.
Q: What breaks when access reviews are used as the main control for machine identities?
A: Review cycles often assume the identity is stable, visible, and easy to map to a business owner.
Practitioner guidance
- Separate human and non-human governance flows Inventory where access requests, recertification, and offboarding still use the same workflow for people and machine identities.
- Measure automation against governance quality Do not accept automation claims without checking approval integrity, evidence capture, and exception handling.
- Tie NHI lifecycle to business ownership Assign accountable owners to every non-human identity and require a documented retirement path for credentials that outlive projects, applications, or integrations.
What's in the full analysis
ConductorOne's full post covers the market context this analysis intentionally leaves at a higher level:
- The Fortune Cyber 60 selection criteria and how the ranking was constructed across more than 500 cybersecurity startups
- The vendor's reported customer scale, including the identity volume it manages across its platform
- The stated operational impact on access-request effort and the categories of identities the platform claims to govern
- The company and investor context around the recent Series B that the recognition follows
👉 Read ConductorOne's Fortune Cyber 60 announcement and identity security context →
AI-native identity governance: what C1’s Cyber 60 placement signals?
Explore further
08/06/2026 8:47 am
AI-native identity governance is becoming the control plane conversation, not just a product claim. C1’s recognition matters because the market is rewarding platforms that reduce manual identity work while extending governance across human, NHI, and AI identities. That reflects a real operational shift: identity teams are being measured on scale, automation, and breadth of coverage, not only on access administration. The practitioner conclusion is that governance operating models now need to be designed for mixed identity populations from the start.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how incomplete NHI inventory still is in practice.
A question worth separating out:
Q: Should organisations prioritise lifecycle automation or access-request automation first?
A: Lifecycle automation usually comes first if the environment already has large volumes of stale or poorly owned machine identities. Access-request automation helps efficiency, but it does not solve the deeper risk of orphaned credentials and forgotten entitlements. Prioritise the control that reduces persistent exposure in your highest-risk identity population.
👉 Read our full editorial: C1’s Cyber 60 recognition signals demand for AI-native identity governance
