SailPoint Folds Entro Into Identity Security for AI Agents

As AI agents become embedded in enterprise systems, the security boundaries of identity governance are shifting. SailPoint’s integration of Entro’s machine identity capabilities into its core platform reflects a critical realization: identity security now means securing what entities do—not just who they are.

The AI Agent Identity Crisis

Traditional identity platforms assume that access control happens at the provisioning stage: an administrator grants a user or service account specific permissions, and those permissions remain static until an administrator changes them. This model breaks with AI agents.

An AI agent receiving a customer service query might determine that it needs database read access. A few minutes later, the same agent processing a different query might determine it needs access to financial records or internal communications. The agent’s resource requirements emerge at runtime based on the model’s inference, not at configuration time.

This creates a fundamental NHI governance challenge: how do you set policy for access that hasn’t been determined yet?

Runtime Control vs. Static Provisioning

Entro’s expertise lies in runtime secrets management and just-in-time credential provisioning. By integrating these capabilities into SailPoint’s governance platform, the company is building what could be called a “runtime identity control plane” for agents.

Instead of pre-provisioning agent credentials for all possible actions, governance policies can now define boundaries and scope at execution time. An AI agent requests access to a resource, the platform evaluates the request against policy (Does this agent role have permission? Is this within the rate limit? Is this resource sensitive?), and either grants scoped temporary credentials or denies the request.

Secrets Governance as a Core Identity Function

NHI security has historically treated secrets management and identity governance as separate domains. SailPoint’s acquisition collapses this distinction. Secrets are now part of the same audit trail, policy engine, and risk framework as identity permissions.

This matters because secrets exposure is one of the leading causes of identity compromise. By bringing secrets rotation, storage, and access controls into the same governance layer as identity, enterprises can enforce consistent policies: automatic rotation cycles, exposure detection, revocation workflows, and compliance reporting all operate through a single lens.

Enterprise Readiness for Autonomous Systems

The integration signals that enterprise identity governance is being rearchitected for autonomous systems. The result is a platform where human identity, service account identity, and agentic identity all operate under the same governance framework—with policies that account for the distinct behaviors and risks of each identity class.