SailPoint’s Entro deal: what changes for NHI and AI agents?

TL;DR: Identity governance for AI agents now depends on lineage, ownership, and blast-radius control, not just inventory, as SailPoint’s intent to acquire Entro centers on deeper discovery, context mapping, and real-time protection for non-human identities, including more than 1,000 NHI and agent types and 70 enterprise sources, according to SailPoint.

NHIMG editorial — what this means for AI and NHI governance

By the numbers:

• This unified capability brings out-of-the-box coverage for over 1,000 NHI and agent types, plus the discovery of over 1,200 non-human identity types.
• Covering more than 70 critical enterprise sources across cloud environments, CI/CD pipelines, and developer tools, the platform extends governance into the systems where machine identities operate.

Questions worth separating out

Q: How should security teams govern non-human identities that span cloud, CI/CD, and developer tools?

A: Security teams should govern non-human identities by mapping each credential to an owner, an approved purpose, and a defined operational boundary.

Q: Why does ownership attribution matter for machine identity risk?

A: Ownership attribution matters because a discovered token or key is not governable until someone is accountable for it.

Q: What do security teams get wrong about NHI discovery?

A: Teams often treat discovery as the end state when it is only the first step.

Practitioner guidance

• Map every non-human identity to a human owner Require an accountable owner, business purpose, and review path for each machine identity before it is promoted to production.
• Build entitlement graphs around access context Document which tools, APIs, cloud services, and credentials each identity can reach so you can calculate blast radius and isolate overreach quickly.
• Pair certification with runtime monitoring Use access reviews for governance evidence, then layer behavioural monitoring to catch over-privileged access and scope drift between review cycles.

What's in the full announcement

SailPoint's full blog covers the operational detail this post intentionally leaves for the source:

• How SailPoint describes the planned Entro integration across discovery, ownership attribution, and NHIDR capabilities.
• The specific NHI and agent categories the combined platform says it will cover, including keys, tokens, certificates, and credentials.
• The vendor's own framing of policy-driven governance across cloud environments, CI/CD pipelines, and developer tools.
• The exact product positioning behind Agentic Fabric and how SailPoint says the acquisition extends it.

👉 Read SailPoint’s blog on its planned Entro acquisition and AI agent governance →

SailPoint’s Entro deal: what changes for NHI and AI agents?

Explore further

View Full Forum →  |  NHI Foundation Course →