SailPoint enhances identity & data security with AI-driven tools
SailPoint has announced the introduction of new capabilities as part of the SailPoint Platform, outlining its direction for unifying identity, data, and security.
The SailPoint Platform is designed to address the increasing complexity and scale of identity security challenges, particularly as organisations adopt artificial intelligence and autonomous technologies. It aims to deliver identity-first, data-first security by using AI to help enterprises govern access, identify risks, and respond to changing threats.
Changing security landscape
Traditional enterprise security frameworks, which rely on defined network perimeters and departmental boundaries, are no longer adequate. In the current environment, identities include not just people, but also machines and AI agents accessing a variety of applications and repositories, expanding the potential attack surface for malicious actors. Adversaries are increasingly leveraging legitimate identities to bypass defensive measures.
The proliferation of non-human, digital identities-potentially numbering in the tens of billions-requires unified visibility and control, as organisations struggle to secure and govern these identities at scale.
"This new reality requires an adaptive identity model-a modern approach that unifies identity, data, and security to deliver continuous, contextual protection," said Chandra Gnanasambandam, EVP of Product and CTO, SailPoint. "Unlike static, siloed tools built for yesterday's environment, the SailPoint Platform sets a new standard, delivering identity security that is unified, intelligent, and adaptive by design. Our approach meets a world where perimeters have disappeared, data is scattered, and threats are intelligent, evolving and unrelenting."
Platform capabilities and enhancements
SailPoint has introduced several innovations as part of its platform strategy. Central to its offering is Atlas, the foundation for intelligent identity security. With the launch of Atlas Enterprise, new capabilities allow for dynamic security orchestration and real-time response to identified risks. Enterprises can now customise governance programmes, ingest live threat signals, and take immediate action as required. Atlas Workflows has also been updated with Adaptive Approvals, providing approval processes that adjust dynamically based on risk and business context, thereby enabling context-aware governance without impeding productivity.
The launch of the Model Context Protocol (MCP) Server extends identity security to AI-native environments, enabling agentic applications to leverage enterprise-grade identity services. This allows organisations to integrate AI systems in a way that maintains trust and compliance.
Savannah Grunden, Senior Information Security Engineer at VSP Vision, commented on these updates:
"The Adaptive Approvals capability we use through SailPoint's Identity Security Cloud is refreshingly intuitive and user friendly. SailPoint clearly thought through the use cases, striking the right balance between intelligent automation and practicality."
Securing AI agents and expanding coverage
SailPoint also announced the general availability of Agent Identity Security (AIS), intended to secure AI agents at the entitlement level. Unlike humans or traditional machines, AI agents are capable of making millions of autonomous decisions and can even generate new sub-agents, presenting unique security challenges for organisations.
Agent Identity Security provides tools for enterprises to discover, govern, and secure all agents. It enables formal certification, assignment of ownership and user accountability, and enforcement of permissions, all linked to the user and data context relevant to each agent. By tightly integrating agent activity with the data they access, the platform seeks to bring compliance and security to environments featuring high levels of AI automation.
Context and visibility
The introduction of SailPoint Observability & Insights offers organisations an interactive, graph-based tool to visualise identity relationships and access paths. This feature allows for comprehensive visibility of both human and non-human entities and their entitlements, supporting least-privilege policies and swift remediation of inconsistent or outdated permissions. Observability & Insights is fully integrated with both the SailPoint Platform and external systems, facilitating more precise action by security teams.
Data Access Security (DAS) focuses directly on the data layer, providing insight into who can access what data, how it is being used, and whether such use complies with organisational policy. DAS supports Data Certification for users and agents by leveraging identity context. A new integration with Snowflake further extends this coverage to structured data, offering centralised visibility of all forms of data access-human, machine, and AI agent-across the enterprise. This integration enhances interoperability between Agent Identity Security and Machine Identity Security, aiming to reduce the risk of unauthorised data exposure via large language models, agents, or unsanctioned applications.
According to SailPoint, the combined power of Observability & Insights and Data Access Security is intended to help enterprises eliminate blind spots and unify identity and data security measures for all types of identities.
Future developments
SailPoint has provided a preview of its roadmap, which includes Privilege Security Posture Management to automate privilege discovery and support just-in-time access models, as well as Real-time Authorisation to dynamically evaluate access requests using contextual signals. Plans also include Real-time Threat Defence and Remediation to detect and respond to identity-based threats with context-driven actions.
The planned capabilities are expected to further align identity security with data and privilege management, supporting a proactive approach to threat defence.
