SailPoint unveils AI-driven adaptive identity security shift

SailPoint has announced product updates it says mark the start of a shift to "adaptive identity security," focused on real-time governance for both human and non-human identities.

It framed the changes as a response to faster cloud adoption, wider use of AI systems, and growth in machine identities such as service accounts and workloads. The updates also reflect a stronger emphasis on least privilege and more frequent detection of identity risk.

Identity governance has typically relied on scheduled access reviews and manual certification. SailPoint argued this approach can't keep pace with change in modern IT estates, and is putting automation and AI at the centre of its platform roadmap.

Privilege focus

A set of additions targets privileged access risk. SailPoint has introduced privilege discovery and classification, along with privilege insights. The tools aim to identify and categorise privileged access across an organisation and surface information security and identity teams can use for risk management.

The updates also tie into broader work on privilege controls. SailPoint said its adaptive identity model includes universal and dynamic privilege management, with an emphasis on reducing standing access and applying just-in-time permissions across environments.

Non-human coverage

SailPoint has expanded coverage for non-human identities, including AI agents, traditional machine accounts, and service identities tied to applications and infrastructure. It introduced new connectors for SailPoint Agent Identity Security.

The connectors can discover and govern AI agents from Microsoft 365 Co-Pilot and Databricks. They also support Amazon Bedrock, Google Vertex AI, Microsoft Foundry, Salesforce Agentforce, ServiceNow AI Platform, and Snowflake Cortex AI.

Separately, SailPoint Machine Identity Security has gained full lifecycle management for traditional machine accounts. The goal is to bring machine identities into the same governance processes used for workforce access, tracking changes as systems are created, updated, and retired.

Agent changes

Another area of development is SailPoint Harbor Pilot, a suite of AI-powered agents within SailPoint Identity Security Cloud. SailPoint introduced a new agent that turns requests into a guided conversation, which it said changes how access requests are made and processed within identity programmes.

The update reflects a broader industry push toward conversational interfaces in IT and security tools, as organisations test how they fit into established approval workflows and audit requirements.

Graph integration

SailPoint has added features to Observability & Insights and Data Access Security. Updates to Observability & Insights include direct privilege visibility and risk detection within the SailPoint Identity Graph, along with identity comparisons and operational intelligence across identities.

For Data Access Security, SailPoint is integrating this part of the platform with the Identity Graph to visualise data access pathways, add context for identity and data access, and map and manage sensitive data exposure.

SailPoint also described integrated threat management as a pillar of its adaptive identity framework, positioning it as closer alignment between identity governance and security operations, with stronger correlation between identity context and threat signals.

Governance rebuild

Alongside near-term releases, SailPoint outlined governance modernisation work it plans to ship later. A next-generation access certification engine and a revamp of separation-of-duties controls are scheduled for the second half of 2026.

Access certification remains a core feature in many identity governance deployments. Separation of duties is a common requirement in regulated industries and in organisations with strong internal controls for financial and operational processes.

Chandra Gnanasambandam, EVP of Product and Chief Technology Officer at SailPoint, said the company sees a need to move from periodic reviews to continuous control.

"The old way of identity governance is simply no longer effective. It's not enough to rely on static, after-the-fact reviews in today's dynamic threat landscape," said Chandra Gnanasambandam, EVP of Product and Chief Technology Officer, SailPoint. "As a market leader, we are moving toward a new, AI-powered adaptive approach to provide continuous visibility and real-time governance for all identity types, including AI identities, machines, agents, and credentials. This year, we aim to help our customers move to least privilege or zero standing privilege. It's about truly securing the business, not just checking a box, at the speed that AI-driven enterprises demand."

SailPoint said its adaptive identity framework has four pillars: real-time governance, protection of AI and machines, universal and dynamic privilege, and integrated threat management. It described real-time governance as continuous and automated, with detection and remediation when risk appears.

A customer reference came from TMF Group, which operates across multiple jurisdictions and faces varying compliance expectations.

"Leveraging SailPoint's AI capabilities, TMF Group has elevated identity governance into a fully automated, intelligence-driven capability ensuring consistent compliance across 87 jurisdictions while supporting secure global growth," said Saurabh Gugnani, Senior Director, Global Head - Cybersecurity Engineering, Architecture & Projects at TMF Group.

SailPoint said more features are planned as it builds out the adaptive identity approach, with the next-generation access certification engine and separation-of-duties revamp expected in the second half of 2026.