Last week identity governance and administration (IGA) giants SailPoint announced its intention to acquire Israeli startup Entro Security as part of a broader strategy to expand beyond traditional IGA into the rapidly growing areas of non-human identity (NHI), machine identity, secrets management, and agentic AI security.

What does this tell us? Well the press release starts of by stating that Sailpoint are a “a leader in enterprise identity security”. This is interesting. Without getting into the word wars, identity security is a broader discipline than just identity data risk management - which is what IGA and more latterly identity security posture management (ISPM) entertain.

Identity Security is typically two things: it covers the entire end to end identity life cycle - from creation and storage to use and behaviour. It is also product agnostic and overlays the entire IAM infrastructure stack.

We can see end to end capabilities such as ISPM and identity threat detection and response (ITDR) as being part of the identity security story. Certainly Sailpoint are more than just IGA in 2026 but equally are only part of the identity security story.

Order Paperback Now

However Sailpoint have evolved recently to describe their offering as an identity “fabric”.

“As organizations rapidly deploy autonomous AI agents, complex cloud architectures, and programmatic workflows, today's modern security demands are no longer defined by traditional perimeters. Instead, they are governed by who or what is accessing data, when, why, and under what conditions. By integrating Entro’s specialized capabilities to directly address the unique challenges of the AI era, SailPoint expects to further expand how customers easily identify, govern, and protect these high-risk assets from a single, unified platform.”

Does this indicate that Sailpoint didn’t have AI capabilities prior to the acquisition? The past three years have seen Sailpoint’s (and also the likes of Okta, CyberArk and Microsoft amongst others) alter their strategic narrative to both a) use more security centric terms and b) apply their core functions to more than just human-centric identities.

A ChatGPT query against the use of AI/NHI as a narrative term by Sailpoint results in:

• Late 2023 – Mid 2024 (The “Machine Identity” Phase): Initial mentions focused broadly on “Machine Identity Security,” tackling traditional non-human accounts like Robotic Process Automation (RPA) and standard service accounts. [1, 2]

• Late 2024 – 2025 (The “AI Agent” Surge): The terminology shifted heavily toward the convergence of AI and NHI. The site began heavily indexing terms like Agent Identity Security (AIS) to address the risks of autonomous AI workloads acting as non-human entities. [1]

• 2026 (The “Agentic Fabric” Era): The frequency of “AI + NHI” reached its highest peak following SailPoint’s official launch of the SailPoint Agentic Fabric and their announced acquisition of Entro Security, solidifying NHIDR (Non-Human Identity Detection and Response) as a primary core marketing message. [1, 2, 3, 4, 5]

So who are Entro and what will they provide to the Sailpoint platform? The press release goes on to quote Entro CEO Itzik Alvas:

“We built Entro with a clear mission: to secure the modern cloud by discovering and protecting the sheer volume of credentials and non-human identities powering it. As enterprises embrace more automation and agentic workloads, this massive identity layer is only becoming more critical to protect. We are excited to integrate our deep, seamless discovery and lineage mapping engine into SailPoint's comprehensive identity security framework and Agentic Fabric. I believe that together, our combined non-human and AI capabilities will supercharge SailPoint's proven ability to secure every identity, human and non-human, across the global enterprise landscape."

So we see there that we have two non-functional missions - cloud and non-human identity management.

The combined platform will provide:

1. Discovery & credentials coverage

2. Deep context & human ownership attribution

3. Real-time detection & active protection:

The acquisition is strategically significant because it strengthens SailPoint's recently launched fabric narrative, which is designed to secure AI agents and autonomous workloads as first-class identities.

Entro brings deep capabilities in discovering, inventorying, and protecting machine credentials, API keys, tokens, certificates, secrets, and AI-agent access paths across cloud, SaaS, CI/CD, and developer environments.

Whilst Sailpoint may have had some of these capabilities natively, this undoubtedly provides unique and specialised expansion.

Takeaway

From an industry analyst perspective, this is less about SailPoint acquiring a secrets-management startup and more about SailPoint positioning itself for the next phase of identity security:

From Identity Governance → Identity Security → Agentic Identity Security.

The acquisition also validates the growing importance of identity within the broader control plane narrative both the foundational cyber capabilities, but also non-human and agentic identity.

The emerging view is that identity platforms must govern not only who has access, but also which workloads and agents are acting, why they are acting, and how they are using credentials and permissions at runtime.

Export from The Cyber Hut’s Market Matrix

(NB - market score based on age, funding, headcount coefficients, capability score based on breadth and depth, forward looking and uniqueness)

The Cyber Hut in conversation with Entro Security, February 2025

Arrange Analyst Inquiry

Questions and Comments? Continue the Conversation

Join The Cyber Hut Slack