Every AI Agent Is a New Attack Surface—AWS Has a Plan

On March 16, 2026, SailPoint and Amazon Web Services announced a multi-year strategic collaboration agreement that makes a specific bet: as enterprises deploy AI agents at scale, identity governance — the discipline of controlling who (and what) can access what — becomes the load-bearing security layer. The deal establishes SailPoint as AWS's preferred identity governance platform for agentic AI builds, with SailPoint's software integrated directly into Amazon Bedrock AgentCore.

The technical core is concrete. SailPoint's platform will discover AI agents as they are deployed within AgentCore and register them as identities within SailPoint's governance environment. That means a single administrative view covers both human operators and the agents acting on their behalf — lifecycle management, access reviews, permission right-sizing, and policy enforcement all handled together. AWS VP of Identity and Access Management Keshav Narsipur described the partnership as giving customers "a trusted framework for security and governance" as they scale agents across the AWS portfolio.

Why this matters now

The problem is real and getting larger. As SailPoint CEO Mark McClain put it in the announcement: "The proliferation of AI agents is creating a new class of non-human identities, and each one represents a new attack surface." In traditional enterprise IAM, every human employee has a defined identity with scoped permissions, periodic access reviews, and an offboarding process. AI agents break that model. A single agent can span multiple systems, invoke tools dynamically, and act on behalf of users without the explicit, audited consent that humans require.

AWS has been building AgentCore Identity — the underlying identity layer within Bedrock AgentCore — since late 2025. It handles token vaults, OAuth 2.0 flows, and credential management for agents, acting as an agent-native identity provider. The SailPoint integration layers on top: where AgentCore Identity handles the mechanics of authentication and credential rotation, SailPoint provides the governance overlay — the "who should be allowed to do what, for how long, and when should access be revoked" layer that compliance teams and security auditors require.

The deliverables outlined in the agreement are specific: continuous least-privilege access enforcement using AWS CloudTrail usage data to right-size permissions in real time; a unified identity graph tying workloads, federated identities, services, and data together; automated policy guardrails that trigger access revocation based on behavioral anomalies or role changes; and full lifecycle governance from provisioning to decommissioning for all identity types.

Market signal

Investors noticed. SailPoint shares (NASDAQ: SAIL) jumped 4.7% on March 16 following the announcement, per Investing.com data — a meaningful move for a company with an $8.5 billion market cap. The partnership gives SailPoint a direct on-ramp to every enterprise deploying agents via AgentCore, a potentially significant competitive differentiator as identity vendors fight for the agentic security market.

PACCAR, the truck manufacturer, is cited as an existing joint customer using SailPoint's Identity Security Cloud on AWS — illustrating that this isn't purely prospective. Some enterprise is already running this stack in production.

The bigger picture

This is the governance layer arriving before the crisis. Enterprises are still early in agent deployment; most agent pilots operate in limited scopes with human oversight. But the trajectory is clear: agents will proliferate across ERP systems, code repositories, financial platforms, and customer service tooling. The identity plane that manages permissions for that world needs to exist before — not after — an agent with over-scoped permissions exfiltrates data or a compromised agent assumes privileges it shouldn't have.

AWS and SailPoint are positioning for that world now. The question for the market is whether governance-by-default becomes the norm, or whether enterprises repeat the pattern of shipping first and securing later. The infrastructure choices being made in 2026 about how agents get identities, who reviews their access, and how permissions are scoped will shape the security posture of enterprise AI for years.

SailPoint's solutions including Machine Identity Security and Agent Identity Security are now available for purchase in AWS Marketplace.

---

Sources: SailPoint press release (March 16, 2026); AWS Security Blog — AgentCore Identity; Investing.com — SAIL stock reaction