SailPoint Announces Intent to Acquire Entro Security to Strengthen Identity Security

SailPoint has announced its intent to acquire Entro Security, a company specializing in secrets security and the protection of non-human identities. The move is aimed at expanding SailPoint’s capabilities in securing the growing number of machine and application identities used across modern enterprises.

Entro Security focuses on discovering, managing, and securing secrets and credentials used by applications, services, and automated systems. As organizations adopt more cloud services, DevOps practices, and AI agents, the number of non-human identities has increased significantly. These identities often hold powerful access rights but are frequently poorly managed, creating security risks.

By acquiring Entro, SailPoint is looking to combine its existing identity governance platform with stronger secrets security and non-human identity management capabilities. This would allow organizations to gain better visibility and control over both human and machine identities from a single vendor.

"The recent launch of our Agentic Fabric established a new paradigm for securing autonomous AI agents and non-human identities at scale, including native discovery, governance and protection. By bringing Entro’s powerful and complimentary technology into our SailPoint platform, we will be giving our customers an even bigger advantage: frictionless, complete visibility into every non-human identity and—crucially—the context and credentials they use to access critical corporate data."

Mark McClain

CEO and Founder of SailPoint

The announcement reflects a broader trend in the identity security market. Companies are realizing that traditional identity governance, which was originally built around human users, is no longer enough. Modern environments require security controls that can also handle the large volume of automated identities created by applications, scripts, and AI systems. This acquisition is expected to help SailPoint offer a more complete identity security solution, particularly for organizations running complex, hybrid, and cloud-native environments.

"We built Entro with a clear mission: to secure the modern cloud by discovering and protecting the sheer volume of credentials and non-human identities powering it. As enterprises embrace more automation and agentic workloads, this massive identity layer is only becoming more critical to protect. We are excited to integrate our deep, seamless discovery and lineage mapping engine into SailPoint's comprehensive identity security framework and Agentic Fabric. I believe that together, our combined non-human and AI capabilities will supercharge SailPoint's proven ability to secure every identity, human and non-human, across the global enterprise landscape."

Itzik Alvas

Co-Founder and CEO of Entro

Conditions Driving the Change

Several factors are pushing companies like SailPoint to expand into secrets and non-human identity security:

• The number of non-human identities in enterprises has grown rapidly due to cloud adoption, automation, and AI agents.

• Many organizations struggle to discover and manage secrets, leading to over-privileged machine accounts and increased risk of breaches.

• Traditional identity governance platforms were primarily designed for human users and often lack strong capabilities for securing application and service identities.

• Security incidents involving compromised secrets and credentials have become more common, highlighting gaps in current identity security strategies.

• Regulatory and compliance requirements are increasingly demanding better controls over all forms of access, including machine-to-machine interactions.

• DevOps and CI/CD pipelines create large volumes of temporary secrets and credentials that are difficult to manage manually.

• AI agents and autonomous systems require secure, governed access to data and systems, increasing the need for identity controls beyond human users.

• Many companies are using multiple disconnected tools to manage identities and secrets, creating complexity and blind spots.

• The rise of agentic AI is accelerating the creation of new machine identities that need governance and security from the start.

• Vendors are under pressure to offer integrated platforms rather than forcing customers to piece together solutions from multiple providers.

These conditions have made secrets security and non-human identity management a strategic priority for identity vendors.

What AI Security Looked Like Before

Before acquisitions like this one, identity security was largely divided between two areas. On one side were traditional identity governance platforms that focused on managing human user access, roles, and compliance. On the other side were secrets management tools that handled credentials, API keys, and passwords used by applications and services.

These two areas often operated separately. Identity governance teams focused on employees and contractors, while secrets and non-human identities were usually managed by security or DevOps teams using different tools. This separation created gaps in visibility and control.

Many organizations had limited insight into what machine identities existed in their environment or what access they held. Secrets were frequently hardcoded, stored in plain text, or rotated infrequently. As a result, non-human identities became a significant attack vector that was difficult to monitor and secure.

Governance processes were also weaker for machine identities. While human access often went through formal approval workflows, machine identities were frequently created and granted permissions with little oversight. This made it harder to enforce least privilege or detect risky configurations. Overall, AI and machine identity security was fragmented and received less attention than human identity governance in most enterprises.

What AI Security Looks Like Now

Identity security is shifting toward a more unified and integrated approach that covers both human and non-human identities within a single framework. Organizations are no longer treating machine identities and secrets as a separate problem handled only by DevOps or security engineering teams. Instead, many companies are now looking for platforms that can provide visibility, governance, and security controls across all types of identities in one place.

This change is pushing identity vendors to expand their capabilities, often through acquisitions that bring in specialized technology for secrets management and non-human identity protection. As a result, organizations can now gain better insight into what machine identities exist in their environment, what access they hold, and whether they are being used securely.

Automation is also playing a bigger role. Rather than relying on manual processes to manage credentials and secrets, companies are adopting solutions that can automatically discover, rotate, and enforce policies on machine identities at scale. This is especially important in fast-moving environments with high volumes of automation, cloud services, and AI agents.

At the same time, governance expectations for machine identities are increasing. Security and compliance teams are beginning to apply similar standards of oversight, accountability, and auditing to non-human identities that were previously reserved for human users. This includes defining ownership, reviewing access rights, and ensuring that machine identities follow the principle of least privilege.

Overall, AI security in the identity space is becoming more comprehensive. Organizations are moving away from fragmented tools and processes toward solutions that can manage the full range of identities — human and machine — while reducing risk and operational complexity.