SailPoint, an enterprise identity security and governance company, has announced Agentic Fabric, a new platform layer designed to bring AI agents and other non-human identities into enterprise identity governance.
The release extends SailPoint’s Identity Security Cloud model beyond human users, giving organizations a way to discover AI agents, map them to human owners, govern their access and apply real-time authorization and protection controls.
Agentic Fabric and new agentic packages are due this summer. SailPoint is also offering a Discovery Tool free trial that can surface shadow AI and applications across existing environments.
In SailPoint’s announcement, AI agents are described as systems that can act at machine speed, often without clear ownership, oversight or consistent controls.
The company’s answer is to treat those agents as identities that need the same governance discipline applied to employees, contractors, service accounts and machines.
Industry research highlights the AI control problem
The control problem is showing up in industry research. A Cloud Security Alliance survey commissioned by Aembit said in March that 73% of organizations expect AI agents to become vital within the next year, while 68% cannot clearly distinguish between human and AI agent activity.
The same CSA survey found that 85% of organizations already use AI agents in production environments, including task automation, research, developer assistance and security monitoring.
Traditional identity and access management (IAM) models were not built for that pattern of use. In a separate CSA publication on agentic AI identity and access management, the group said agentic AI introduces autonomy, ephemerality and delegation patterns that conventional IAM protocols designed for static applications and human users cannot handle cleanly.
The publication calls for traceable agent identities, fine-grained access control and real-time monitoring for multi-agent systems.
Gartner has also moved AI agent identity into the CISO agenda for 2026. Its top cybersecurity trends report names IAM for AI agents as a priority, citing identity registration and governance, credential automation and policy-driven authorization for machine actors as areas where traditional IAM strategies are under pressure.
Integrating AI agents into existing identity governance
Agentic Fabric’s mechanics follow that identity-governance logic. SailPoint says the platform can create an inventory of AI agents, machine identities and applications across cloud environments, application agents and endpoints, then map those relationships to critical data through an identity graph.
The same layer is designed to assign agents to human owners, manage lifecycle controls, enforce access policies and support threat detection and automated response.
SailPoint is also packaging the model into new commercial tiers.Agentic Business establishes least-privilege access across all identities. Agentic Business Plus adds zero-standing privilege with just-in-time access and stronger enforcement controls.
SailPoint’s May 14 packaging update describes zero-standing privilege as a model where powerful permissions are granted on demand for a specific task and revoked after they are no longer needed.
That places SailPoint’s release in the identity governance and administration market rather than in a standalone AI security niche.
Gartner defines IGA as managing the identity lifecycle and governing access across on-premises and cloud environments, with core capabilities including identity lifecycle management, entitlement management, policy and role management, auditing, provisioning, access certification and access request workflows.
The competitive landscape for AI agent security
SailPoint is entering a field where major identity vendors are already moving. CyberArk made Secure AI Agents generally available in late 2025, applying privilege controls to AI agent identities through agent discovery, least-privilege access, zero-standing privilege, activity auditing, threat detection and lifecycle management.
Okta made Okta for AI Agents generally available on April 29, giving AI agents first-class identities in Universal Directory, assigning human owners, using short-lived tokens and adding governance workflows and a kill switch for agent access.
The competitive split is becoming clearer. CyberArk is approaching AI agents through privileged access and zero-standing privilege. Okta is emphasizing agent registration, directory-based ownership and access revocation. SailPoint is tying AI agents to identity governance, access certification, human accountability and its identity graph.
Addressing identity weaknesses and autonomous vulnerabilities
Recent incident-response data strengthens the identity-security angle. Palo Alto Networks’ Unit 42 said identity weaknesses played a material role in almost 90% of its 2025 incident-response investigations, with attackers increasingly using stolen credentials and tokens to escalate privileges and move laterally.
The same report said more than 90% of breaches were materially enabled by preventable gaps such as limited visibility, inconsistent controls or excessive identity trust.
AI agents add another layer to that identity problem because they can initiate actions across APIs, SaaS tools, cloud services and data systems without a human approving each step. NIST says identity and access management is a core cybersecurity capability focused on ensuring people and non-human entities receive appropriate access to resources when needed.
OWASP’s 2026 Top 10 for Agentic Applications also treats autonomous systems as a security category of their own, covering AI agents that plan, act and make decisions across complex workflows.