SailPoint charts course for AI-driven identity security

SailPoint is advancing its identity security platform with agentic artificial intelligence (AI) capabilities and is set to release new tools later this year to help organisations manage and secure the growing number of AI agents being deployed in their environments.

The identity security supplier, which has a strong presence in regulated industries across ASEAN, sees the rise of AI agents as a new frontier for governance.

“AI is securing your enterprise, but who is securing the AI? It’s an emerging problem that will explode in the next two years, where the number of agents and the accesses they have are going to be ungoverned,” said Eric Kong, SailPoint’s managing director for ASEAN, in a recent interview with Computer Weekly.

SailPoint has a history of incorporating AI and machine learning into its platform, dating back to 2017, to automate tasks like role modelling and streamlining identity processes. More recently, the company has leveraged generative AI (GenAI), using Amazon Bedrock, to auto-populate entitlement descriptions, a common pain point in access certifications.

Building on this foundation, SailPoint recently launched Harbor Pilot, its agentic AI offering to help with identity governance and administration. “We’ve launched two agents there,” Kong said. “One agent is around documentation. So, through conversational prompts, you can ask about how to do certain things and we will pull the relevant documentations together.”

“The second one is a workflow agent,” he said. “For simple tasks, you could say, ‘I’m trying to achieve these objectives. Can you build a workflow for me?’, and our agents will generate a workflow template to help you cut through that complexity.”

Kong said the initial agents are designed to assist identity specialists and are not fully autonomous yet. “You have full control over what workflows you build and what you deploy. It does not automatically deploy it,” he added, noting, however, that with the rapid developments in agentic AI, “we are just getting started and this trend is going to accelerate”.

The more significant development, according to Kong, is SailPoint’s forthcoming capability to address the governance of non-SailPoint AI agents. Expected in the second half of the year, this capability will treat AI agents as another identity type in the enterprise.

“We’re going to be looking at providing solutions to help our enterprise customers govern, manage and secure those agents,” Kong said. “We treat AI agents no differently from how we treat a human identity, machine identity or third-party identity.”

He pointed out the risks of ungoverned AI agents, including a lack of visibility into ownership and access, and the potential for excessive privileges. “Our research shows 82% of enterprises are already deploying agents, but only 44% have thought about what governance policies we are putting around them,” Kong said.

“If you’re not thinking about it, then you have no visibility into the ownership of those agents and what they can access,” he added. “There’s a good chance that you’re going to have a lot of agents with potentially excessive privileges that nobody knows about, and they could be over-provisioned with AI.”

SailPoint aims to provide enterprises with the tools to discover these agents, understand their access privileges, link them to owners and apply established identity governance principles such as access reviews and the principle of least privilege.

As AI agents become mainstream, Kong believes the complexity and scale will make human oversight alone impossible. “Being able to treat AI agents and their identities as part of the identity fabric in your organisation is going to be key,” Kong said.

In the ASEAN region, Kong said SailPoint is seeing strong demand in markets such as Singapore, Malaysia, Indonesia, Thailand and the Philippines. While not disclosing specific growth figures, Kong said the company plans to expand its sales and functional teams in the region, citing customer demand.