SailPoint has launched Agentic Fabric, a new identity-security solution designed to help enterprises discover, govern and protect AI agents and other non-human identities across business systems.
The announcement is another sign that agentic AI is moving from experimentation into operational infrastructure. As agents gain access to applications, cloud environments, endpoints, data and APIs, enterprises need to know what each agent can access, who owns it, what it is allowed to do and how its activity is controlled.
That is an identity problem as much as an AI problem.
What SailPoint announced
SailPoint says Agentic Fabric is intended to extend identity security beyond human users to AI agents, machine identities and applications. The platform centres on mapping agents to the human owners, data and systems they interact with, then applying governance, authorisation and protection controls around that access.
The company describes three core capabilities:
- Discover: build an inventory of AI agents, machine identities and applications across cloud environments, application agents and endpoints.
- Govern: connect every agent to human ownership and identity context, with lifecycle controls and access policies.
- Protect: enforce real-time authorisation controls, threat detection and automated response to help maintain least-privilege access.
SailPoint also introduced Agentic Business and Agentic Business Plus packages, with the latter moving towards zero-standing privilege and just-in-time access. Agentic Fabric and the related packages are expected to be available this summer, while a Discovery Tool free trial is available now, according to the company announcement.
Why identity is becoming central to agent deployment
Traditional enterprise identity systems were built around people, service accounts and applications. AI agents complicate that model because they may act autonomously, call tools, use delegated access, persist memory, initiate workflows and operate at machine speed.
If an enterprise cannot see the agents running in its environment, cannot link them to an accountable owner and cannot restrict access based on task and context, then every successful pilot creates a new governance gap.
This is why agent identity is likely to become a serious procurement question. Buyers will not just ask whether an agent can complete a workflow. They will ask:
- Which identity does the agent use when it acts?
- Who owns and approves the agent's access?
- Can permissions be limited to the exact task and risk level?
- Can high-risk actions require escalation or human approval?
- Can agent activity be logged, monitored and investigated?
- Can access be revoked immediately if behaviour changes?
Those questions matter because enterprise AI agents will often sit close to sensitive systems: customer records, finance processes, developer tools, supply chains, HR workflows and operational data. Productivity gains are valuable, but broad agent access without accountability creates risk that security, legal and procurement teams will not ignore.
The market signal for enterprise buyers
SailPoint's move fits a wider pattern. Over the past fortnight, the agentic AI conversation has shifted heavily towards production controls: security guidance from public cyber agencies, runtime authorisation, agent control planes, multi-agent orchestration and now identity governance for non-human actors.
For enterprise buyers, this is useful. It means the market is beginning to build the control layer that serious adoption requires. The next phase is less about isolated demos and more about whether agents can be governed inside existing enterprise risk models.
Buyers evaluating agent platforms should therefore look beyond the demo workflow. A credible supplier should be able to explain how its agents authenticate, how they inherit or request access, how permissions are scoped, how actions are logged and how ownership is assigned.
The strongest buying teams will involve security and identity stakeholders early, not after a successful business-unit pilot has already created shadow access.
What this means for suppliers
For AI agent vendors, the commercial message is clear: identity, access and auditability are becoming part of the product, not optional enterprise features added later.
Suppliers that can integrate with established identity and security platforms will have an advantage, especially in regulated or complex enterprise environments. So will suppliers that can show least-privilege design, clear human ownership, approval flows, strong logs and rapid revocation.
The opportunity is also broader than one category. As AI agents spread through organisations, buyers will need tooling for identity governance, observability, runtime permissions, compliance evidence, incident response, evaluation and implementation. The agentic AI ecosystem is becoming an enterprise stack.
The Agentic Expo angle
Agentic Expo is being built around exactly this shift. Enterprise adoption will not be decided by model capability alone. It will be decided by whether buyers can find suppliers that understand the full deployment environment: identity, security, governance, integration, accountability and measurable business value.
SailPoint's announcement is a useful reminder that the agent market is maturing quickly. The companies that help enterprises control agent access safely may become just as important as the companies building the agents themselves.