The PAM market has changed. Has your PAM?
KuppingerCole finds that privilege is now defined by what an identity can do, not the account it holds. Non-human identities (NHIs) and AI agents outnumber human admins, infrastructure is dynamic and cloud-native, and static vaulted credentials no longer cover the risk. The 2026 Leadership Compass compares the vendors leading this shift toward short-lived, policy-driven access.


In the report
KuppingerCole’s 2026 Leadership Compass charts a PAM market moving beyond password vaults and strongly toward just-in-time access, zero standing privileges, and securing non-human identities. See why the analysts call PrivX “a thoughtful PAM offering”
- From accounts to actions — PAM is shifting to controlling privileged actions in real time. PrivX enforces policy at the moment of access, with roles recalculated from your identity sources.
- From vaults to just-in-time — The market is moving to JIT access and zero standing privileges. PrivX grants access through ephemeral certificates that leave nothing to steal.
- From humans to NHIs and AI agents — Machine identities dominate privileged activity. PrivX extends JIT, certificate-based access to non-human identities, CI/CD, and OT environments.
Analyst quote
“SSH presents a thoughtful PAM offering for organizations that want to move from vaulted credentials toward short-lived, policy-driven access with unusually strong SSH key governance and credible quantum-safe capabilities.”



