Three months ago, we launched Opti from stealth.  

Today, we're humbled and proud to announce that Opti has been selected as a launch partner for the Extended Plan for AWS Security Hub, Amazon Web Services' unified security solution - and what that means for enterprises managing identity at scale is significant. 

As a launch partner, enterprise security and IT teams can now access Opti's AI-native identity governance directly through AWS in just a few clicks. One contract, one bill, and consolidated support. No lengthy procurement cycles. No separate vendor negotiations.  

This integration addresses one of the most persistent challenges in enterprise security - one that legacy tools were never designed to solve. 

Every enterprise security leader knows the feeling: you run your quarterly access review, close out the cycle feeling like you've done your job, and three months later you do it again.  

Meanwhile, employees change roles and carry stale entitlements, new hires inherit their predecessor's access, and machine identities and AI agents proliferate faster than any manual process can track. 

What is the Extended Plan for AWS Security Hub? 

The Extended Plan for AWS Security Hub is a new plan that brings together AWS detection services and curated partner security solutions under a single-vendor experience - one contract, one bill, and unified support from AWS, covering the full security stack from endpoint and identity to cloud, AI, and security operations. 

For identity specifically, this is where Opti comes in. As a curated partner in the Extended Plan for AWS Security Hub, Opti expands the platform’s capabilities in critical ways: 

• Detect overprivileged accounts and hidden identity risks instantly, with continuous visibility across the enterprise. 

• Enforce least-privilege access automatically, extending AWS IAM and AWS Identity Center to active remediation. 

• Turn security alerts into action, adding identity risk context and automated remediation to AWS Security Hub findings. 

• Govern identities at scale, automating access reviews and translating policies into AI-driven enforcement for the AWS infrastructure and beyond. 

The identity governance problem that legacy tools can't solve 

The Extended Plan for AWS Security Hub simplifies how enterprises deploy security — but simplifying deployment only matters if the underlying problem is actually being solved. 

Identity has become the fastest-growing attack surface in the enterprise, and the majority of breaches now involve compromised credentials or excessive access. Yet most organizations are still relying on static rules, manual reviews, and point-in-time snapshots that are outdated the moment they're completed. 

The core issue isn't visibility. Most security teams know they have an excessive permissions problem. The issue is governance - the ability to continuously manage, automate, and enforce the right access across your entire identity program, at the speed and scale that modern enterprises demand. 

Today's enterprises deal with thousands of human identities, an exploding number of non-human identities, and increasingly AI agents, all accumulating excessive access, carrying stale entitlements, and sitting in manual queues. Quarterly reviews can only tell you what was true at a single point in time, not what's happening right now. Legacy IGA tools were never built to solve this, and that's exactly the gap Opti was designed to close. 

A new approach: AI-native, continuous, built for enterprise scale 

Opti uses specialized AI models trained on identity structures and access patterns across 250+ enterprise application types. Unlike general-purpose tools retrofitted for IAM, Opti was built from the ground up to understand the semantics of access - what permissions mean in context, why they exist, and what risk they pose to the organization.  

Here's a look at how Opti approaches AI-native identity governance from the ground up:

The result is a platform built for the 80% of identity work that legacy tools have always struggled with - not just detecting excessive permissions, but governing your entire identity program: automating lifecycle management, eliminating rubber-stamped access reviews, and giving security and compliance teams real, continuous control. 

This enables three things that traditional tools can’t deliver: 

1. Continuous detection and remediation of excessive permissions 
   Visibility into excessive permissions is table stakes. What enterprises actually need is the ability to act on what they find - continuously, not quarterly. Opti continuously scans for excessive and misconfigured permissions across cloud, SaaS, and on-premises environments and builds context-aware remediation plans that eliminate exposure while preserving business continuity. No manual ticketing. No waiting for the next audit cycle. 
   
   

2. Intelligent access administration that eliminates lifecycle drift 
   This is where most identity programs quietly fall apart. Employees join, move, and change roles - and access accumulates with every transition. New hires inherit their predecessor's permissions. Role changes leave stale entitlements behind. And by the time anyone notices, the blast radius has grown significantly. 
   
   Opti enforces least privilege automatically through the entire joiner, mover, and leaver process - every lifecycle event results in the right access, not inherited access. Access requests that previously sat in manual queues for days are accelerated via AI-driven recommendations delivered directly through existing ITSM workflows. No infrastructure changes. No rip-and-replace. Opti layers on top of your existing IGA and ticketing tools, turning a reactive, manual process into an intelligent, automated one.
   
   

3. Compliance and audit efficiency (without the quarterly fire drill) 
   Most enterprises know this scene: audit season arrives, and ten people spend two weeks building an Excel spreadsheet to prove who has access to what. It's resource-intensive, it's error-prone, and the moment it's done it's already out of date. 
   
   Opti replaces that process entirely. Access reviews shift from periodic, manual campaigns to continuous, risk-scored workflows - high-risk access surfaces automatically, low-risk access is deprioritized, and the audit trail maintains itself.

"What Opti is really delivering is the solution security leaders have always been looking for - Are we secure? Do we have complete visibility and understanding of the credentials out there? Are they fit for purpose? Are they least privilege? Have we reviewed them in a timely fashion? Generally, most companies can't say yes to all of those, all of the time. Opti is finally delivers that." 

-Justin Somaini, Former CSO at Unity Technologies and SAP

The result isn't just efficiency. It's a fundamentally better way to govern your identity program - one where compliance is a continuous state, not a quarterly scramble. 

Getting started with Opti on the Extended Plan for AWS Security Hub 

Identity governance is no longer a compliance checkbox. It's a continuous security operation - and it requires tools built for that reality. 

When we started building Opti, we had one conviction: identity governance has been stuck - limited app coverage, manual processes, and services costs that made every change a project. Enterprises needed a fundamentally better way to govern access at scale. 

For IAM and security teams still running JML on spreadsheets, still rubber-stamping access reviews at audit time, still manually remediating over-provisioned permissions — something better is here. And it's now accessible in just a few clicks through AWS. 

To learn more, visit Opti's Extended Plan for AWS Security Hub or schedule a demo.