On May 11, 2026, SailPoint launched Agentic Fabric, a new enterprise security offering designed to discover, govern, and protect AI agents and other non-human identities. The release adds a dedicated layer for organizations that are moving beyond AI pilots and now need tighter control over what autonomous agents can access, who owns them, and how they act across cloud environments, applications, and endpoints.
The launch also includes two new commercial packages, Agentic Business and Agentic Business Plus, plus a Discovery Tool free trial for visibility into shadow AI and application sprawl. SailPoint said Agentic Fabric and the new packages will be available this summer.
What SailPoint launched
At the center of the announcement is a shift from treating AI agents as an edge case inside identity systems to treating them as a core security object. SailPoint says Agentic Fabric is built to connect identities, access, and activity across the enterprise so security and platform teams can understand which agents exist, what they can reach, and which human owners are accountable for them.
The company is framing the platform around three jobs:
- Discovery: building an inventory of AI agents, machine identities, and applications across cloud environments, application agents, and endpoints.
- Governance: mapping agents to human ownership and applying lifecycle and access controls.
- Protection: enforcing real-time authorization, threat detection, and automated response to keep agent access closer to least privilege.
That matters because agent deployments create a different operational problem than classic IAM. A chatbot with read-only knowledge access is one thing. A workflow agent that can call tools, move data, request access, or trigger downstream actions creates a much wider blast radius if ownership and permissions are fuzzy.
Why this matters beyond one product launch
SailPoint’s move is really a market signal: enterprise AI security is shifting from model-level guardrails toward identity-centric control. Once agents can take actions across SaaS apps, cloud platforms, internal APIs, and endpoints, the hard question is no longer just whether the model is safe. It is whether the agent has the right identity, the right permissions, the right owner, and the right runtime controls.
That is why this announcement is more important than another security feature release. It suggests that AI agents are now large enough in enterprise environments to justify their own governance plane. In practical terms, identity teams are being pulled closer to AI platform decisions, and AI platform teams are being forced to think more like security architects.
The timing also fits SailPoint’s broader 2026 direction. In March, the company announced a strategic collaboration with AWS around a unified identity governance layer for agentic AI and deeper alignment with AWS AgentCore. Today’s Agentic Fabric launch looks like the product expression of that same thesis: AI agents should be managed as identities, not as invisible automation living outside core controls.
Business impact for enterprise AI teams
For enterprises, the most immediate takeaway is that agent sprawl is turning into an operating problem. Many organizations are already experimenting with internal copilots, workflow agents, desktop automations, and app-connected assistants across multiple teams. That creates a fast-growing inventory of non-human identities that often sit between security ownership models.
Agentic Fabric is aimed directly at that gap. Security leaders get a cleaner story for inventory and accountability. Platform teams get a path to policy enforcement that does not depend on every builder manually wiring controls. Business teams get a better chance of scaling AI without creating a shadow estate of semi-autonomous systems no one fully governs.
The two new packages also show where SailPoint thinks buyers are heading. Agentic Business focuses on least-privilege governance across identities, while Agentic Business Plus pushes toward zero-standing privilege and stronger just-in-time enforcement. That packaging suggests the company expects customers to move from visibility first to tighter runtime controls as agent usage grows.
There is also a competitive implication here. Identity vendors are no longer just defending legacy IAM budgets. They are trying to become critical infrastructure for AI deployment. If that framing holds, identity security could become one of the main control layers enterprises evaluate before letting agents operate at scale.
What to watch next
The biggest near-term question is execution. SailPoint has made the case that AI agents create a new identity problem, but buyers will now want proof that the platform can handle real multi-agent environments rather than isolated demos. Availability this summer will matter, but so will integration depth, operational usability, and whether teams can govern agent access without slowing deployment to a crawl.
Watch for three things next. First, how broadly SailPoint can discover and classify agents across major enterprise stacks. Second, whether customers adopt the new packages as a default part of AI rollout planning rather than an add-on security purchase. Third, how quickly AWS, Microsoft, Google, Okta, and other platform or identity vendors sharpen their own stories around agent identity and runtime governance.
For AI agent builders and enterprise automation teams, the practical lesson is straightforward: scaling agents is becoming less about finding one more capable model and more about building a trustworthy operating layer around identity, permissions, accountability, and action control. SailPoint’s May 11 launch does not solve that whole problem, but it makes the market direction much harder to ignore.