Saviynt launches AI agent identity security platform
Saviynt has launched an identity security product for AI agents designed to manage them alongside human and non-human identities.
The release comes as companies deploy more autonomous software tools into business operations. Saviynt argues that identity models built around human users are no longer sufficient for systems that act continuously and make decisions in real time.
Called Saviynt Identity Security for AI, the product is intended to give organisations visibility over AI agents, govern their lifecycle and control what they can access while running. The platform can discover, register and monitor agents across environments including Amazon Bedrock, Microsoft Copilot Studio, Google Vertex AI, ServiceNow AI and Salesforce Agentforce.
Saviynt is positioning the launch around a gap in enterprise security controls as AI agents move from pilots into day-to-day work. These agents are increasingly used to write code, carry out financial tasks, respond to customers and manage internal workflows, creating a new category of digital identity that does not fit neatly into traditional access management systems.
The product centres on three functions. The first, identity security posture management for AI, is designed to discover authorised and unauthorised autonomous agents and highlight risks such as excessive access. The second, lifecycle management, assigns ownership to each agent from registration through decommissioning. The third is an access gateway that evaluates every agent interaction in real time and blocks unauthorised activity, whether between agents or between an agent and an enterprise application.
"AI agents don't behave like users," said Vibhuti Sinha, Chief Product Officer at Saviynt.
"They act autonomously, access systems continuously, and make decisions in real-time. Traditional identity security was never built for that. We've spent the last two years working alongside enterprises already running agents in production, and what they needed wasn't a policy update; it was a new control plane. That's what we built."
Customer input
Saviynt said it developed the system with input from companies already using agents in production, including Hertz, The Auto Club Group and UKG. That involvement reflects a wider effort by security vendors to adapt identity and access products to AI systems that can initiate actions without direct human input.
Gnana Thanikachalam, Global Head of IAM at Hertz, described the challenge as one of scale and speed as AI agents become more deeply embedded in business processes.
"As AI agents move from experimental use cases into core business operations, the traditional identity models we've relied on for decades are no longer enough," Thanikachalam said.
"At Hertz, technology drives our fleet and our customer experience, and we need governance that scales at that same velocity. Partnering with Saviynt has allowed us to move beyond static access toward a dynamic, agentic control plane. By treating AI agents with the same rigor as human identities - from continuous discovery to automated onboarding - we're not just closing security gaps; we're enabling our teams to innovate with confidence."
Jeyanth Jambunathan, Head of IAM at The Auto Club Group, also pointed to the need for visibility and control as more autonomous systems are introduced.
"Scaling autonomous agents requires governance that keeps pace with AI innovation," Jambunathan said.
"With Saviynt's identity control plane, we gain real-time visibility and control over AI identities, empowering secure innovation at enterprise scale."
Broader shift
The launch highlights a broader shift in cyber security and identity management. For years, identity systems have focused on employees, contractors and service accounts, with governance frameworks designed around known users and relatively predictable processes. AI agents complicate that model because they may operate continuously, call multiple systems, exchange data with other software and make decisions on the fly.
That raises practical questions around ownership, accountability and authorisation. Security teams need to know which agents exist, who approved them, what data they can access and how to stop them if they behave in unexpected ways. It also introduces the risk of so-called shadow AI, where autonomous tools are deployed outside formal governance controls.
The product also incorporates external risk signals from CrowdStrike, Zscaler, Wiz and Cyera. The aim is to give security teams a broader view of AI-related risk across the enterprise rather than treat identity controls in isolation.
It is built to support pro-code developers, low-code builders and no-code business users, reflecting the fact that AI agents are no longer confined to specialist engineering teams. As more business units create or configure their own AI tools, identity providers face the challenge of applying consistent controls across a much wider range of users and systems.
Sachin Nayyar, Chief Executive Officer at Saviynt, described the release as a major expansion of the company's product set into runtime controls for AI identities.
"This is our most significant release," Nayyar said.
"We have now introduced real-time access enforcement and access gateway to our world-class posture management, identity management, privilege access management, and fine-grained entitlement management, all working together at runtime and at AI speed. This makes Saviynt the only Identity Security company to provide an end-to-end stack of AI Identity capabilities working together as a single service."