SailPoint Launches Agentic Fabric to Address AI Identity Security Risks

The rapid integration of AI agents into enterprise systems has exposed significant security vulnerabilities, prompting urgent calls for enhanced oversight. In response, SailPoint has introduced Agentic Fabric, a platform designed to give organizations visibility and control over AI agents and other non-human identities that access critical data and systems. This initiative comes as businesses increasingly deploy AI at scale within cloud environments, often without fully understanding the access privileges of these autonomous entities.

SailPoint's new offering fills a crucial gap in identity security. Traditionally, identity management tools have focused on human users, leaving a void in managing the behaviors and risks associated with AI agents. Matt Mills, President at SailPoint, stated, "AI agents are transforming how work gets done, but they're also introducing a new class of identity risk that most organisations aren't prepared for." The challenge is that AI agents operate at machine speed across various infrastructures, often without a defined owner, which increases the potential attack surface.

Agentic Fabric aims to address this governance gap by providing a comprehensive approach to identity security. The platform works alongside SailPoint's existing Identity Security Cloud, which focuses on human identities. Together, they create a unified control plane, allowing organizations to manage every type of identity effectively. Chandra Gnanasambandam, EVP of Product and CTO at SailPoint, highlighted the need for integrated governance as the identity landscape evolves, saying, "As this new identity landscape takes shape, organisations need a way to govern and protect human, machine and AI identities together. Agentic Fabric is a major step forward in helping customers secure the AI era."

Key Features of Agentic Fabric

Agentic Fabric is structured around three core functions, each crucial for enhancing security. The first function is discovery, where the platform maps all AI agents, machine identities, and applications across cloud environments and endpoints. This process creates an identity graph, linking agents to the data and systems they interact with. Such visibility is vital for security teams, especially in identifying shadow AI deployments that might bypass centralized IT controls.

The second function focuses on governance, assigning each AI agent a human owner and applying lifecycle controls along with access policies. This accountability is essential for threat modeling, clarifying what actions an agent can perform and who authorized them. The final function is protection, which includes real-time authorization controls, threat detection, and automated response capabilities, all designed to ensure least-privilege access. This strategy minimizes risks in case an agent is compromised or behaves erratically.

Commercial Packages and Future Rollout

Alongside the launch of Agentic Fabric, SailPoint is introducing two commercial packages. The first, Agentic Business, provides foundational governance with least-privilege access for all identity types. The more advanced Agentic Business Plus package features zero-standing privilege and just-in-time access, tailored for organizations with complex or high-risk environments. Both packages are designed to integrate smoothly with existing security architectures, enhancing current identity-centric security models rather than replacing them.

As part of this rollout, SailPoint is offering organizations a free Discovery Tool trial, allowing businesses to map shadow AI and unregistered applications within their infrastructure. This trial is accessible to both new customers and existing users of the IdentityIQ and Identity Security Cloud products. With the general availability of Agentic Fabric and its associated packages expected this summer, organizations will soon have a comprehensive solution for tackling the evolving identity security challenges posed by AI agents and non-human identities.