Orca Security Reviews (298)

View 1 Video Reviews
Reviews

Orca Security Reviews (298)

View 1 Video Reviews
4.7
299 reviews

What do users say?

Generated using AI from real user reviews
Users consistently praise the product for its agentless setup and clear visibility into cloud security risks, which simplifies monitoring and management across multiple environments. The platform's ability to prioritize risks effectively allows teams to focus on critical issues without being overwhelmed by alerts. However, some users note that the reporting features could benefit from greater customization.

Pros & Cons

Generated from real user reviews
View All Pros and Cons
Search reviews
Filter Reviews
Clear Results
G2 reviews are authentic and verified.
SJ
Enterprise (> 1000 emp.)
"Orca Unifies AppSec, Cloud, and Agent Context in One Clear View"
5/5
What do you like best about Orca Security?

We used to split our view of risk: AppSec tools looked at the code, cloud tools looked at the infrastructure, and nobody owned the full picture for the agents that sit on top of both. In reality, the marketer was writing the Python, the analyst was shipping the agents, and those agents call the APIs, touch the containers, and invoke serverless functions across clouds. Orca ties the application, cloud, and agent context together in one unified model. When there’s an issue, we can see the agent, the vulnerable code it relies on, the service it runs on, and the data it touches—all in a single view. Review collected by and hosted on G2.com.

What do you dislike about Orca Security?

Our appsec engineers broadened their focus to include agent behaviour and the cloud context, and that shift has helped them collaborate more closely with the rest of the security team. Review collected by and hosted on G2.com.

KJ
Enterprise (> 1000 emp.)
"Orca Gives Us a Single View of AI Agent Risk Across AWS, Azure, and GCP"
5/5
What do you like best about Orca Security?

We build across AWS, Azure, and GCP. Different teams own each cloud and ship features independently, and our AI agents follow those same paths, calling services across multiple providers at once. Before Orca, that meant three different stories about where the agents lived and what they could reach. Orca connects to every account and subscription and gives us a single, contextual view of the risk tied to the AI agents and the services our business depends on. Our CISO can see the agents, their identities, and their blast radius across clouds in one place instead of chasing separate dashboards. Review collected by and hosted on G2.com.

What do you dislike about Orca Security?

Cloud specialists sometimes want more provider-specific detail at the top level, but the ability to drill down is there. Our teams have found a good balance between the unified agent view and the depth available for each cloud. Review collected by and hosted on G2.com.

PC
Enterprise (> 1000 emp.)
"Orca Brings Clear, Actionable Context to Kubernetes Security at Scale"
5/5
What do you like best about Orca Security?

Our Kubernetes footprint grew faster than our security efforts could keep up with. Engineers and analysts were pushing workloads across clusters, and misconfigurations were getting lost in the complexity. Orca surfaces Kubernetes issues in the same unified context as everything else, and it helps show which misconfigurations are actually reachable from the internet or from the identities tied to our critical services. It also makes it clearer which Kubernetes misconfigurations sit on the paths that the AI agents, or the services they drive, could realistically reach. That added context is what lets a small team keep up with the clusters that power the features our business depends on. Review collected by and hosted on G2.com.

What do you dislike about Orca Security?

Some of the Kubernetes terminology in the findings required a quick internal primer for non-cluster specialists, but once that foundation was in place, the insights became much easier to understand and act on. Review collected by and hosted on G2.com.

DC
Enterprise (> 1000 emp.)
"Orca Cuts Container CVE Noise and Highlights Real Exposure Along AI Agent Paths"
5/5
What do you like best about Orca Security?

We used to drown in container CVE lists that didn’t reflect how our teams—or the AI agents—actually use those services. Developers were shipping images quickly, product managers were prototyping and pushing features, and the agents were calling into containers in ways that security couldn’t easily prioritize.

Orca shows which container vulnerabilities sit on the assets that are truly exposed, and more importantly, which ones fall along the paths our AI agents and their tools actually traverse. It filters out the noise and surfaces the container risks that could affect real agent workflows, not just theoretical package issues. Review collected by and hosted on G2.com.

What do you dislike about Orca Security?

The container view had a lot of depth, so we spent some time tuning the filters and groupings to match how our teams and the agents use services and environments. That tuning made it much easier for both builders and security to focus on the container risks that affect agent-driven paths. Review collected by and hosted on G2.com.

SJ
Enterprise (> 1000 emp.)
"Orca Makes Serverless Security Clear and Actionable"
5/5
What do you like best about Orca Security?

Our teams leaned hard into serverless. Developers, analysts, and even marketers writing Python scripts ended up shipping Lambda functions that touched important data. Traditional tools treated those functions as an afterthought. Orca sees serverless as part of the same unified risk surface, showing permissions, data access, and exposure in the context of the features we’re building. It lets our CISO enable that speed of creation instead of asking teams to slow down. Review collected by and hosted on G2.com.

What do you dislike about Orca Security?

We still rely on separate tools for performance and latency, so we’ve had to be clear internally about which findings are security-related versus operational. That distinction is straightforward to make. Review collected by and hosted on G2.com.

AS
Enterprise (> 1000 emp.)
"Orca Delivers Crucial Visibility Into AI Agent Permissions and Blast Radius"
5/5
What do you like best about Orca Security?

The analyst spun up the AI agent with access to fourteen internal systems. Orca mapped the trust relationships the agent could traverse and surfaced the blast radius of its permissions well before we would have tripped over it during an incident. Shadow agents and their access used to be a complete blind spot for us, but now, as part of our regular posture reviews, we can quickly see what any new agents are able to reach. That visibility is really the only way to govern this stuff at the speed people are creating it. Review collected by and hosted on G2.com.

What do you dislike about Orca Security?

The agent and the identity graph have a lot of depth, so we spent some time learning how to read them properly. That effort has paid off in the quality of the insights we’re now getting. Review collected by and hosted on G2.com.

SH
Enterprise (> 1000 emp.)
"Orca Makes AI Agent Permissions and Blast Radius Clear at a Glance"
5/5
What do you like best about Orca Security?

Teams across the company started spinning up AI agents that could call APIs, trigger workflows, and act on behalf of users, and a few of those agents ended up with far more access than anyone realized. Orca surfaces those agents alongside everything else in our cloud estate, showing which identities they run as, which services they can reach, and what data sits behind those permissions. Seeing that blast radius in a single view made it straightforward to decide which agents were actually needed, where scopes should be tightened, and where guardrails should be added before they caused any trouble. Review collected by and hosted on G2.com.

What do you dislike about Orca Security?

We chose to spend some time assigning clear owners to each agent in the Orcas view, and that effort gave us much better governance and accountability. Review collected by and hosted on G2.com.

SK
Enterprise (> 1000 emp.)
"Native AI Security Built Into One Unified Platform"
5/5
What do you like best about Orca Security?

We looked at platforms that had clearly retrofitted or acquired their AI security story. With Orca, AI agents and AI services are built natively into the same unified data model that has powered the platform from day one, from code to the cloud runtime. Instead of a set of stitched-together tools, agents now show up directly in our workflows, our data pipelines, and the product our customers use, and Orca treats that entire agent footprint as a first-class part of the attack surface rather than an afterthought. Review collected by and hosted on G2.com.

What do you dislike about Orca Security?

The platform is deep enough that we were still discovering agent-focused capabilities months in, which is a good problem to have and something we’re addressing by continuing to explore more of what it can already do. Review collected by and hosted on G2.com.

JM
Enterprise (> 1000 emp.)
"Orca Brings Clear Visibility and Control to Our Growing Fleet of AI Agents"
5/5
What do you like best about Orca Security?

Inside our company, the population of spun-up AI agents has increased a lot. Marketing is writing agents into campaigns, analysts are shipping autonomous workflows, and the PM team is trying agents in new features. Almost everyone in the building can now launch an agent that talks to real systems, and that used to raise serious concerns for our security team. Orca gives us visibility and context across every one of those agents. We can catch over-permissioned agent access or a misconfigured role before a workflow runs away or an attacker would, and the builder almost never has to slow down. Review collected by and hosted on G2.com.

What do you dislike about Orca Security?

It helped our non-technical builders understand the agent findings as they related to their work. We did need a bit of internal education on our side, but once they saw the results in the context of what their agents were actually doing, it clicked. Review collected by and hosted on G2.com.

JC
Enterprise (> 1000 emp.)
"Orca’s Unified Data Model Made Agentic Workflow Governance Clear and Actionable"
5/5
What do you like best about Orca Security?

The CISO here was accountable for everyone who ships: the developer, the data scientist, the analyst deploying the agents, the PM, and the marketer writing the Python. Last month, an analyst spun up an agentic workflow with access to multiple internal systems, and nobody had told security. Orca surfaced it, mapped what the agent could reach, and we were able to govern it before it became an exposure. That’s what the unified data model actually means in practice: code, cloud, AI services, and now agents, all in one place. Review collected by and hosted on G2.com.

What do you dislike about Orca Security?

With so much consolidated into one platform, we decided to rethink some internal team boundaries around who owns the agents and their policies. That change improved clarity more than anything else. Review collected by and hosted on G2.com.