SailPoint Agentic Fabric: Governing AI Agents as First-Class Identities

SailPoint just drew the sharpest line yet in the industry: AI agents are identities, and they need the same governance rigor as any privileged human account.

Announced May 11, 2026, SailPoint Agentic Fabric is a dedicated product line for governing non-human identities — specifically the AI agents now proliferating across cloud environments, applications, and endpoints. It pairs directly with Identity Security Cloud, which handles human identities, creating a single unified platform that covers every identity type in the enterprise.

What Agentic Fabric actually does

The product is built around three functions that IAM practitioners will immediately recognize as the IGA lifecycle applied to AI agents:

  • Discover — Builds a complete inventory of AI agents, machine identities, and applications across cloud environments, then maps their relationships to critical data using an identity graph. You cannot govern what you cannot see.
  • Govern — Maps every agent to a human owner, enforces lifecycle controls, and manages access policies. Accountability has to trace back to a person.
  • Protect — Enforces real-time authorization controls, threat detection, and automated response to maintain least-privilege as agents act autonomously.

Why the packaging matters

SailPoint is also shipping two new Agentic Packages: Agentic Business for foundational governance with least-privilege access, and Agentic Business Plus for zero-standing privilege with just-in-time access. The progression mirrors how organizations matured their PAM programs — start with visibility and baseline controls, then move to ephemeral access. A free Discovery Tool trial is available now for net new customers and existing IdentityIQ and Identity Security Cloud customers who need immediate visibility into shadow AI. The full Agentic Fabric product and packages are available this summer.

For identity teams, the message is clear: the tools to govern AI agents at enterprise scale are no longer vaporware. The question is whether your program is ready to extend IGA discipline to identities that act at machine speed.

📌 Source: SailPoint Press Release