SailPoint warns AI agents pose growing identity security risks
SailPoint highlights the security risks posed by AI agents as organizations rapidly adopt AI amid digital threats and hybrid work environments.
Enterprises are rapidly adopting AI agents to enhance efficiency and innovation, but this surge is creating significant identity security vulnerabilities. SailPoint, a global leader in identity security, has raised alarms about the risks associated with these autonomous digital entities.
The AI Agent Paradox
According to SailPoint's latest research report, 82% of organizations already use AI agents, and 98% plan to expand their use. However, 96% of technology professionals view them as a growing security risk. These agents, which act on behalf of humans, have access to sensitive data and systems, often behaving unpredictably.
- Unintended Actions: 80% of organizations report AI agents taking unintended actions, including unauthorized system access (39%) and sharing sensitive data (33%).
- Credential Exposure: Nearly 25% of respondents say AI agents have been tricked into revealing access credentials.
- Governance Gap: Only 44% of organizations have governance policies in place to manage AI agents.
A New Class of Identity
Nam Lam, Group Vice President for Australia and New Zealand at SailPoint, emphasizes that AI agents behave more like humans than machines, requiring a new approach to governance. "AI in itself brings demonstrable value to businesses, but it's also a force multiplier for threats," Lam says. "If organizations are not prepared, threat actors can exploit these blind spots."
The Digital Arms Race
SailPoint has integrated AI into its platform, including the 'Harbor Pilot' assistant, a ChatGPT-style tool for identity workflows. However, Lam warns that bad actors are also leveraging AI, creating a digital arms race. "If cybersecurity capabilities like ours are not using AI, we're at a disadvantage," he notes.
Call to Action
SailPoint is collaborating with partners like Deloitte to help organizations mature their identity governance practices. Lam acknowledges that while awareness of AI risks is growing, execution remains a challenge. "Organizations struggle to pull together the people, processes, and technologies to govern AI agents effectively," he says.
In an era where digital identity is critical, failing to address AI agent security could pose an existential threat to organizations.
Related News
CrowdStrike Report Warns of AI-Powered Cyber Threats in 2025
The CrowdStrike 2025 Threat Hunting Report highlights how adversaries are leveraging AI to scale attacks, target cloud systems, and refine long-term cyberattack strategies.
Major AI security flaws exposed in red teaming competition
A large-scale red teaming study reveals critical vulnerabilities in leading AI agents, with every tested system failing security tests under attack.
About the Author
Dr. Emily Wang
AI Product Strategy Expert
Former Google AI Product Manager with 10 years of experience in AI product development and strategy formulation. Led multiple successful AI products from 0 to 1 development process, now provides product strategy consulting for AI startups while writing AI product analysis articles for various tech media outlets.