When you deploy an AI agent inside your business, you’ve just added a new employee. One that never sleeps, can access dozens of systems simultaneously, and operates at machine speed. The only problem: most companies have no idea what that agent is doing, what data it can reach, or who owns it.

That governance gap is exactly what SailPoint is addressing with Agentic Fabric, launched on May 11, 2026. It’s a dedicated platform for discovering, governing, and protecting AI agents and other non-human identities across the enterprise — and it signals that identity security is no longer just a human problem.

Why This Is Happening Now

The scale of non-human identities in enterprise environments has quietly exploded. Service accounts, API keys, bots, and now AI agents have always outnumbered human users inside large organisations. But agentic AI has made the problem dramatically more visible and more dangerous.

Traditional identity governance platforms were designed around human users: someone requests access, a manager approves it, quarterly reviews happen, offboarding occurs. That model breaks completely when the “user” is an AI agent that was spun up by a developer on a Tuesday afternoon, given broad read access to customer data, and then forgotten about.

Unlike a human employee, an AI agent can act across hundreds of systems in seconds. It can pull data, write records, trigger workflows, and make purchasing decisions — all within whatever permissions it was handed when someone created it. If those permissions were too broad, or if the agent drifts outside its original intent, most companies have no visibility and no automated response.

That’s the problem Agentic Fabric is built to solve.

What SailPoint Built

The platform organises its capabilities around three stages: Discover, Govern, and Protect.

Discover creates a complete inventory of every AI agent, machine identity, and application endpoint across cloud environments. It maps these entities against the data they can access using an identity graph, giving security teams their first clear picture of the non-human identity estate.

Govern links each AI agent back to a human owner. This sounds simple but it’s a significant operational shift. Right now, most companies cannot answer the question “who is responsible for this agent?” Agentic Fabric enforces that ownership, attaches lifecycle policies, and manages access reviews in the same way you’d manage a human employee.

Protect handles the real-time layer: enforcing authorisation controls, detecting anomalous behaviour, and triggering automated response when an agent acts outside its expected scope. The goal is least-privilege access that holds even as agents evolve and take on new tasks.

SailPoint also introduced two product packages. Agentic Business establishes foundational governance with least-privilege access across all identity types. Agentic Business Plus advances to zero-standing privilege, meaning agents receive just-in-time access for specific tasks rather than holding persistent permissions they may not always need.

Both packages are expected to reach general availability in summer 2026. A free Discovery Tool trial is available now for organisations that want to start with a baseline inventory.

What This Means for Business

If you’re running AI agents — or planning to — this launch is a signal worth paying attention to, even if you never buy SailPoint’s product.

The core insight is this: deploying an AI agent without governance is the same as hiring someone and never telling them what they’re allowed to access. It’s an audit risk, a compliance risk, and a data security risk. As AI agents gain access to financial systems, customer records, and internal knowledge bases, the blast radius of a misconfigured agent grows fast.

For businesses using Omni Ops AI agent workforces — where agents handle operations like reporting, data retrieval, and customer communication — this problem is already live. The question is not whether to govern AI agent access, but how quickly you can build that discipline into your deployment process. Most businesses underestimate the governance side of AI deployment; the three prerequisites that actually determine whether AI agent deployment works are process documentation, data accessibility, and clear human ownership — exactly the disciplines that make secure governance possible.

A few practical questions every business should ask right now:

• Can you name every AI agent operating inside your systems today?
• Do you know what data each agent can access?
• Is there a human owner on the hook for each agent’s behaviour?
• Do you have any automated response in place if an agent acts unexpectedly?

If the answer to any of these is no, you have a governance gap. That gap will matter more as regulators catch up to the reality of agentic AI in enterprise environments. The EU AI Act’s high-risk system rules, due to tighten through 2026, will apply to AI systems making consequential decisions — and that includes agents with access to sensitive business data.

SailPoint is not the only company working on this. Okta, CyberArk, and several security-focused startups are all building towards the same problem from different angles. What the Agentic Fabric launch confirms is that the market has moved: non-human identity governance is no longer a niche concern. It is becoming a standard requirement for any business serious about running AI agents at scale.

The companies that get ahead of it now will spend far less time cleaning up access problems later.

Related reading: Why most businesses aren’t ready for AI agents — the three foundations that determine whether deployment succeeds, and what an AI agent actually does all day — a walkthrough of real-world agent operations to understand what governance needs to cover. For strategic planning on AI deployment, Omni Advisory helps business leaders build AI strategies that are both commercially effective and defensible under emerging governance requirements.