Summary of "The Agentic Horizon | SailPoint"

Summary of technological concepts & product features

1) Why AI agents change identity security

The speakers argue enterprises are shifting from an automated model to an autonomous enterprise, where AI agents reason, decide, and act at machine/AI speed (24/7).
Traditional human-centric identity governance—joiner/mover/leaver processes on quarterly/weekly cadences—is too slow for agent-driven access.
Key risk theme: enterprises will see an increasing number of non-human identities (agents/service accounts) operating “in the shadows,” while APIs become a top attack vector.

2) Core promise: “SailPoint Agentic Fabric”

SailPoint positions Agentic Fabric as an identity-powered, end-to-end control plane for AI agent identity security—designed as a unified alternative to piecemeal discovery and governance solutions.

The “three pillars” of Agentic Fabric

Discovery + Unified Registry
- Detects and inventories agents across multiple surfaces, then correlates them to human identities.
- Discovery sources mentioned include:
  - Cloud agent platforms (e.g., AWS Bedrock Agent Core, Microsoft, Google Cloud, etc.)
  - Enterprise apps (e.g., Salesforce, SAP, Oracle, Workday, etc.)
  - Endpoints (coding/agent tools such as “Claude/Code, Cursor, OpenAI tools”, etc.)
  - Browser-based agents
  - Network/gateway monitoring (“gateway”)
- Key capability: automatically correlate agent identities to human ownership/context using SailPoint’s identity context—contrasted with competitors that rely on shallow mappings (e.g., directory groups or crowdsourcing).
Real-time Governance + Compliance/Audit
- Lifecycle management for agents, including access requests and handling for agents/credentials/service accounts.
- Just-in-time / real-time authorization rather than standing privilege.
- Auditability for agents:
  - Evidence generation
  - Support for multiple regulatory/audit frameworks
  - “One-click evidence generation”
- Claim: agent auditing frameworks consolidate into about 9–10 controls, with “agent audit support out of the box.”
Authorize, Protect, Respond (risk + runtime controls)
- Behavioral monitoring to detect drift and malicious or out-of-mission behavior.
- Prompt injection / prompt security:
  - Scan prompts
  - Block prompts that include risky or sensitive-data content
- Shadow AI remediation:
  - Automatically block unsanctioned agents/tools
  - Remediate risk without manual firefighting
- Real-time response with blast-radius containment, including integration with security tooling (e.g., SIEM/SOC).
- Human-in-the-loop certification campaigns when new access/changes require owner attestation.

3) “Six foundational principles” for trustworthy agent governance

Across the keynote/tech sections, the platform is described as built around agent-security principles:

Immutable ownership / birthright: each agent has a designated accountable human owner that agents can’t change.
Real-time ledger / traceability: maintain an unchangeable record of agent activities.
Intent-based continuous risk evaluation: continuously reassess risk as agents operate.
Real-time authorization via privilege: emphasize just-in-time access and avoid standing privilege.
Cryptographic verification for agent-to-agent / agent-to-tool interactions to prevent abuse via token/credential passing.
Agent “moral code” / guardrails: ethical/policy guardrails to prevent agents from acting outside allowed behavior.

A real-world example was cited: an Air Canada AI chatbot fabricated a refund policy, leading to legal/accountability issues—used to emphasize why ownership immutability matters.

4) Live demo highlights (how it works in practice)

Setup in minutes:
- Identity provider connection
- Sensor deployment
- SIEM connection
- Cloud integration (example showed an AWS agent core deployment)
Dashboard/registry shows:
- Agent types (enterprise/platform agents, endpoint agents, browser agents, etc.)
- Ownership mapping and risk scores
- Tool counts, MCP servers
- An “identity graph” linking humans → agents → machines/apps → data/entitlements
Automatic remediation workflows:
- A “shadow agent” identified as unsanctioned is auto-remediated (e.g., disabled/blocked access).
- An endpoint/agent drift example:
  - If an agent connects to an unsanctioned MCP server, risk spikes
  - Policy removes the bad connection and risk returns to green without manual intervention.
Succession planning / attestations:
- Long-lived “HR-style” agents get periodic ownership review and reassignment when owners leave, maintaining an auditable chain of custody.

5) Risk management features emphasized

Risk center
- Shows risk distribution and trajectories over time
- Example claim: ~50% reduction in high-risk agents over a week
- Drivers cited: shadow AI remediation, just-in-time access removing standing privilege, and human review/oversight
ABM (Agent Behavior Monitoring)
- Establishes a baseline of allowed tool usage patterns and operating times
- Detects drift proactively and blocks/mitigates before harmful behavior completes
Prompt security center
- Scans prompts (example: thousands scanned in a week)
- Blocks prompt misuse (e.g., sensitive data in prompts, risky document uploads)

6) Compliance / audit workflow

One-click evidence generation for frameworks such as:
- SOC 2, NIST, GDPR, and the EU AI Act (mentioned as built-in support)
Custom framework support:
- Teams can define/select controls and generate audit reports
Scheduled report generation (weekly/monthly/quarterly) to prepare evidence ahead of audits

7) Packaging / adoption guidance

New simplified Agentic packages announced:
- Agentic Business
- Agentic Business Plus
Adoption narrative:
- Start with discovery and least privilege
- Progress toward zero standing privilege and more advanced just-in-time controls
Additional discussed topics:
- Investment protection plan for customers already on certain products
- Integration/compatibility across deployment scenarios (cloud vs on-prem identity governance), including IdentityIQ/IIQ, identity security cloud, and legacy/third-party governance

Main speakers / sources (as presented in the subtitles)

Kelly — CISO (customer story using SailPoint to protect identities/apps)
Wendy Woo — Chief Marketing Officer, SailPoint (event host)
Matt Mills — President, SailPoint (keynote)
Rex Stenton — Senior Managing Director, Accenture (partner discussion)
Chandra — Executive Vice President & Chief Technology Officer, SailPoint (Agentic Fabric technology)
Levent Bess — Chief Product Officer, SailPoint (product/capability overview)
Kirby — Product team (live demo walkthrough)
Y — Product manager (risk, ABM, prompt security demo segment)
John — mentioned briefly (likely an executive/producer voice in the product story)
Meredith Banchard — Chief Customer Officer, SailPoint (go-to-market / playbook / roadmap)
Additional implied / referenced sources:
- Gartner prediction
- Air Canada refund policy tribunal
- Common frameworks/regulations referenced: DORA, EU AI Act, SOC 2, NIST, GDPR