SailPoint warns AI agents pose growing identity security risks
SailPoint highlights the security risks posed by AI agents as organizations rapidly adopt AI amid digital threats and hybrid work environments.
Enterprises are rapidly adopting AI agents to enhance efficiency and innovation, but this surge is creating significant identity security vulnerabilities. SailPoint, a global leader in identity security, has raised alarms about the risks associated with these autonomous digital entities.
The AI Agent Paradox
According to SailPoint's latest research report, 82% of organizations already use AI agents, and 98% plan to expand their use. However, 96% of technology professionals view them as a growing security risk. These agents, which act on behalf of humans, have access to sensitive data and systems, often behaving unpredictably.
- Unintended Actions: 80% of organizations report AI agents taking unintended actions, including unauthorized system access (39%) and sharing sensitive data (33%).
- Credential Exposure: Nearly 25% of respondents say AI agents have been tricked into revealing access credentials.
- Governance Gap: Only 44% of organizations have governance policies in place to manage AI agents.
A New Class of Identity
Nam Lam, Group Vice President for Australia and New Zealand at SailPoint, emphasizes that AI agents behave more like humans than machines, requiring a new approach to governance. "AI in itself brings demonstrable value to businesses, but it's also a force multiplier for threats," Lam says. "If organizations are not prepared, threat actors can exploit these blind spots."
The Digital Arms Race
SailPoint has integrated AI into its platform, including the 'Harbor Pilot' assistant, a ChatGPT-style tool for identity workflows. However, Lam warns that bad actors are also leveraging AI, creating a digital arms race. "If cybersecurity capabilities like ours are not using AI, we're at a disadvantage," he notes.
Call to Action
SailPoint is collaborating with partners like Deloitte to help organizations mature their identity governance practices. Lam acknowledges that while awareness of AI risks is growing, execution remains a challenge. "Organizations struggle to pull together the people, processes, and technologies to govern AI agents effectively," he says.
In an era where digital identity is critical, failing to address AI agent security could pose an existential threat to organizations.
Related News
Zscaler CAIO on securing AI agents and blending rule-based with generative models
Claudionor Coelho Jr, Chief AI Officer at Zscaler, discusses AI's rapid evolution, cybersecurity challenges, and combining rule-based reasoning with generative models for enterprise transformation.
Rubrik Launches AI Error Recovery Tool Agent Rewind
Rubrik introduces Agent Rewind, an AI-driven data recovery solution addressing risks of autonomous AI errors in enterprises, following its Predibase acquisition.
About the Author

Dr. Emily Wang
AI Product Strategy Expert
Former Google AI Product Manager with 10 years of experience in AI product development and strategy formulation. Led multiple successful AI products from 0 to 1 development process, now provides product strategy consulting for AI startups while writing AI product analysis articles for various tech media outlets.