SailPoint’s Entro acquisition expands NHI governance for AI era

At a glance

What this is: SailPoint’s planned acquisition of Entro is an identity security consolidation move centred on NHI discovery, credentials, and agent governance.

Why it matters: It matters because IAM, NHI, and autonomous-identity programmes increasingly need one control model for discovery, ownership, privilege, and remediation across the full digital estate.

By the numbers:

• Entro provides out-of-the-box coverage for more than 1,000 NHI/agent types and the discovery of over 1,200 credential types across 70+ critical enterprise sources.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• Only 5.7% of organisations have full visibility into their service accounts.

👉 Read SailPoint’s acquisition announcement for Entro and agentic fabric

Context

SailPoint’s planned acquisition of Entro is best read as a response to a specific governance gap in NHI management: enterprises can no longer rely on perimeter thinking when autonomous agents, service accounts, tokens, and certificates are all active access paths. The primary keyword here is NHI governance, and this deal is about extending it across discovery, ownership, and operational control.

The practical issue is not discovery alone. Identity teams need to know which non-human identities exist, what credentials they use, who owns them, and how quickly privilege can be removed when the business relationship or workload changes. That is where NHI governance overlaps with lifecycle management, zero-standing privilege, and machine-speed remediation.

For practitioners, the strategic question is whether current identity programmes still treat non-human access as an exception class. This announcement suggests the market is moving toward unified governance across humans, workloads, and agents, with the control plane becoming more continuous and context aware.

Key questions

Q: How should security teams govern non-human identities across cloud and CI/CD systems?

A: Treat NHI governance as a continuous control problem, not an inventory exercise. Start by discovering credentials in cloud, developer, CI/CD, and SaaS tools, then tie each identity to an owner, a purpose, and a revocation path. The goal is to reduce standing access and make every credential accountable.

Q: Why do service accounts and API keys create so much identity risk?

A: Because they often hold persistent, reusable access that is difficult to observe and harder to revoke quickly. When those credentials are over-privileged or poorly owned, one exposed secret can become broad enterprise access. The risk is not the account itself, but the unresolved privilege attached to it.

Q: When should organisations prioritise zero-standing privilege for machine identities?

A: As soon as machine access is used across multiple systems or sensitive workflows. If a token or certificate can outlive the task it supports, the organisation already has standing privilege risk. Prioritise zero-standing privilege where the blast radius is highest and revocation delays are hardest to tolerate.

Q: Who should be accountable when a non-human identity is over-privileged?

A: A named human owner should be accountable for the identity’s purpose, lifecycle, and risk acceptance. Machine identities do not self-govern, so accountability must sit with the team that created, approved, or operationally depends on the credential. That is what turns attribution into governance.

How it works in practice

Why NHI discovery and credential mapping are inseparable

NHI discovery tells you what identities exist, but credential mapping tells you what they can actually do. In modern environments, a service account, API key, token, or certificate is often the real access boundary, not the workload name attached to it. When discovery is agentless and spans cloud, developer, CI/CD, and SaaS sources, the main technical benefit is exposure of dormant, duplicated, or shadow credentials that would otherwise sit outside governance. The challenge is lineage: without tying each credential back to an owner, a workload, and a use case, discovery becomes inventory rather than control.

Practical implication: require every discovered credential to resolve to an owner, a purpose, and an expiry path before it is treated as governed.

How blast radius changes identity governance

Blast radius is the distance from one compromised credential to the rest of the enterprise. Entro’s lineage mapping emphasis reflects a core identity truth: over-privilege is not just a permission issue, it is an exposure graph. If an NHI can access several systems, pipelines, or datasets, compromise of that one identity can cascade across environments. This is why access certification alone is not enough. Governance has to incorporate relationship data, active usage, and downstream access paths so that remediation can target the minimum set of entitlements with the maximum reduction in exposure.

Practical implication: use lineage data to remove the entitlements that create the largest blast radius first, not just the oldest ones.

Zero-standing privilege for machine and agent identities

Zero-standing privilege means access should exist only when a task requires it and should disappear when the task ends. For humans, that is a governance pattern. For NHIs and AI agents, it becomes a structural necessity because credentials are often long-lived, embedded, or reused across workflows. The technical risk is persistence without review. If an agent can continuously reuse the same token or secret across multiple operations, the access path becomes difficult to observe and harder to revoke. Machine-speed protection therefore depends on continuous detection, context-aware policy, and immediate revocation pathways.

Practical implication: design NHI access so that task scope, credential lifetime, and revocation are all enforced automatically.

NHI Mgmt Group analysis

Consolidation is moving identity security toward a single control plane for humans, workloads, and agents. This acquisition signals that the market no longer sees NHI discovery, credential visibility, and lifecycle governance as separate categories. Practitioners should expect the strongest platforms to converge on ownership attribution, remediation, and runtime protection in one operating model.

Blast radius, not mere inventory, is becoming the decisive NHI governance metric. Discovering 1,000 identities means little if teams cannot trace which credentials create broad downstream exposure. The practical shift is from counting identities to reducing the number of reachable systems per identity, which changes how IAM, PAM, and NHI teams prioritise remediation.

Zero-standing privilege is now being applied to machine and agent access as a baseline assumption. That matters because persistent secrets and reusable tokens were designed for static workloads, not for rapidly changing enterprise automation. The implication is that governance programmes need to treat long-lived non-human access as an architectural exception, not an acceptable default.

Agentic fabric is really a control problem about context, not just classification. Once autonomous agents can select tools and act inside business workflows, the question is no longer whether an identity exists but whether its operational boundaries are enforceable in real time. Practitioners should read this as a signal that identity programmes are shifting from static entitlement administration toward continuous behavioural containment.

Discovery without ownership attribution remains incomplete governance. The article’s emphasis on lineage mapping reflects a broader truth across identity types: access cannot be safely governed if no human is accountable for the machine identity using it. The field should treat attribution as part of the control itself, not as metadata added later.

From our research:

• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
• Our research also shows that 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• For a broader view of machine credential exposure, see 52 NHI Breaches Analysis for incident patterns and control failures.

What this signals

Blast radius will become the operating metric for NHI programmes. If identities are discovered faster than they are governed, the real question is not how many exist but how much damage any one of them can do. Teams should align review cadence, credential lifetime, and revocation speed to the systems each identity can reach.

Identity consolidation will force IAM, PAM, and cloud security teams to share the same entitlement facts. That makes lineage data and ownership attribution central to both auditability and response, especially where secrets live outside managed vaults and across build systems.

A practical signal to watch is whether your programme can prove who owns a credential and when it was last valid. If it cannot, the control is not mature enough for AI-driven workloads or high-volume machine access.

For practitioners

• Map every non-human identity to a human owner Require service accounts, API keys, tokens, and certificates to resolve to a named owner and business purpose before they are accepted into governance workflows.
• Prioritise high-blast-radius credentials first Use lineage and usage data to identify which credentials open the most downstream systems, then remediate those entitlements before low-impact accounts.
• Convert long-lived machine access to task-scoped access Replace reusable standing credentials with task-bounded access patterns, and ensure revocation is tied to workflow completion rather than manual review.
• Bring CI/CD and SaaS sources into NHI reviews Include developer tools, build pipelines, and collaboration platforms in the same review cycle as cloud accounts so hidden credentials do not escape visibility.
• Test for over-privilege at machine speed Continuously monitor active usage against granted access so over-privileged identities can be detected and reduced before they create lateral movement paths.

Key takeaways

• SailPoint’s Entro acquisition is best understood as a move toward unified governance for humans, machine identities, and AI agents.
• The biggest control issue is not discovery alone but reducing blast radius through ownership, lineage, and privilege scope.
• Enterprises should treat standing machine access as an architectural exception and move toward task-scoped, revocable control paths.

Key terms

• Non-Human Identity: A non-human identity is any digital credential used by software rather than a person, including service accounts, API keys, tokens, certificates, and AI agents. In practice, these identities often carry long-lived access and require lifecycle governance, ownership, and revocation controls similar to human identities.
• Blast Radius: Blast radius is the amount of damage a compromised identity can cause across systems, data, and workflows. For NHI governance, it is determined by privilege scope, credential reuse, and downstream dependencies, which is why lineage and entitlement review matter as much as discovery.
• Zero-Standing Privilege: Zero-standing privilege means access is not kept persistently available. A credential or entitlement should exist only for a task, then be removed or expired. For machine identities, this is a practical control against reusable secrets and unattended privilege accumulation.
• Identity Lineage: Identity lineage is the map linking a credential or account to its owner, purpose, permissions, and the systems it can reach. It turns discovery into governance by showing how an identity is connected to business operations and where remediation will reduce risk most effectively.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by SailPoint: SailPoint’s intent to acquire Entro to expand agentic fabric and NHI governance. Read the original.