Back to News
News80% of Enterprises Are Losing Control of Their AI Agents. SailPoint and AWS Just Responded.
Enterprise AI

80% of Enterprises Are Losing Control of Their AI Agents. SailPoint and AWS Just Responded.

March 20, 2026
12 min read
Anastasia Rychkova
80% of Enterprises Are Losing Control of Their AI Agents. SailPoint and AWS Just Responded.
March 20, 202612 min read
Article featured image
Share:
EN RU ES

This article is based on publicly available announcements from SailPoint, AWS, Gartner, and RSAC 2026. All cited statistics link to original sources.

80%

of enterprises report AI missteps from unauthorized AI tool usage

NEW

Gartner category: Guardian Agents

3

Identity types: Human, Machine, Agent

2026

RSAC Innovation Sandbox: AI agent security

The Problem: A New Class of Non-Human Identities

Every AI agent deployed inside an enterprise is a non-human identity. It accesses data, makes decisions, and executes transactions - often without the same access controls applied to human employees.

According to SailPoint's March 2026 survey, 80% of enterprises have already experienced AI missteps related to unauthorized or uncontrolled AI tool usage. The proliferation of AI agents is outpacing the governance infrastructure designed to manage them.

Current Identity and Access Management (IAM) frameworks were built for two categories of identity: humans (employees, contractors) and machines (servers, APIs, service accounts). AI agents represent a third category that these frameworks never anticipated - autonomous entities that reason, adapt, and act independently.

Identity Classification - Enterprise AI Era

HUMAN

Employees, Contractors

Governed by HR + IAM

MACHINE

APIs, Service Accounts

Governed by DevOps + IAM

AI AGENT

Autonomous, Reasoning

GOVERNANCE GAP

SailPoint + AWS: The First Infrastructure-Level Response

On March 16-17, 2026, SailPoint and AWS announced a multi-year strategic collaboration specifically designed to govern AI agent identities inside enterprise environments. This is the first major infrastructure-level response to the non-human identity problem created by AI agents.

The framework unifies three critical functions into a single administrative view:

  • Lifecycle Management - creating, modifying, and decommissioning agent identities across their operational lifespan
  • Least-Privilege Access - ensuring each agent has only the minimum permissions needed for its specific function
  • Policy Enforcement - applying organization-wide security policies consistently across human, machine, and agent identities

SailPoint CEO Mark McClain stated: "The proliferation of AI agents is creating a new class of non-human identities, and each one represents a new attack surface."

Industry Validation: This Is Now Mainstream

Two independent signals confirm that AI agent identity governance has moved from experimental to mainstream:

Gartner has formalized a new category called "Guardian Agents" in its Market Guide, with Orchid Security recognized as a Representative Vendor. When Gartner creates a named category, it signals that enterprise procurement teams are actively seeking solutions.

RSAC 2026 Innovation Sandbox (April, San Francisco) selected Geordie AI - a startup focused entirely on AI agent security governance. The Innovation Sandbox is widely regarded as the most competitive startup showcase in cybersecurity.

The Accountability Question for Regulated Industries

For banks, insurers, and healthcare organizations, the governance gap creates an immediate compliance exposure:

Who is accountable when an AI agent:

  • Approves a loan without human review?
  • Accesses patient records outside its designated scope?
  • Triggers a financial transaction based on autonomous reasoning?
  • Modifies a compliance report and submits it to regulators?

Current regulatory frameworks (HIPAA, SOX, GLBA, PCI DSS) assign liability to individuals and organizations - not to autonomous software agents. The governance layer being built by SailPoint, AWS, and emerging startups will determine how this accountability gap is resolved.

What Organizations Should Do Now

  1. Inventory your AI agents. Most enterprises do not have a complete count of AI agents operating inside their networks. Start by cataloging every agent, its access scope, and its decision authority.
  2. Classify agent risk levels. An AI agent summarizing meeting notes has a different risk profile than one approving financial transactions. Apply tiered governance accordingly.
  3. Extend your IAM framework. Evaluate whether your current identity provider can manage non-human agent identities. If not, assess solutions like SailPoint's new framework.
  4. Establish agent audit trails. Every action taken by an AI agent should be logged, attributable, and reviewable - the same standard applied to human employees in regulated roles.
  5. Assign human accountability. Until regulatory frameworks catch up, designate a human owner for every deployed AI agent who bears responsibility for its actions.

Verified Sources

  • SailPoint + AWS collaboration announcement - SecurityBrief Asia, March 16, 2026
  • SailPoint CEO Mark McClain statement - official press release, March 2026
  • Orchid Security - Gartner Market Guide for Guardian Agents recognition - Security Boulevard, March 17, 2026
  • Geordie AI - RSAC 2026 Innovation Sandbox selection - Security Boulevard, March 18, 2026
  • 80% enterprise AI misstep statistic - SailPoint survey, cited March 17, 2026

PATech Labs Intelligence Store - Coming April 2026

AI Agent Governance Blueprint: Full compliance framework for deploying autonomous agents in regulated industries.

28 specialized AI agents. 200-page intelligence reports. Every number links to the original source.

Interested in implementing similar AI solutions? Discover how PATech Labs can help your business leverage cutting-edge artificial intelligence.

Learn About Our Services

Follow @patechlabs for early access.

Disclaimer: This article is for informational purposes only and does not constitute legal advice. All statistics cited are from publicly available company announcements, industry analyst reports, and cybersecurity conference records. PATech Labs does not provide legal services. Consult a licensed attorney for legal guidance.

About the Author

Anastasia Rychkova

Anastasia Rychkova is Vice President and Head of Business & Compliance Strategy at PATech Labs. She drives the company mission to democratize advanced AI while ensuring regulatory compliance across finance, healthcare, and regulated agriculture industries. Anastasia bridges the gap between powerful technology and real-world business needs, overseeing go-to-market strategy, client success, and strategic partnerships.

Content created with AI assistance and verified by human researchers.Learn more

Ready to Build Your Autonomous Growth Engine?

Stop relying on expensive ads and uncertain results. PATech Labs' patent-pending AI Ecosystem isn't just another chatbot or content tool. It's a fully-integrated, self-improving system that creates sustainable organic visibility and converts it into qualified leads. Transform your business with our proven ecosystem used by leaders in cannabis, finance, healthcare, and enterprise sectors.

AI Agent Governance: SailPoint and AWS Join Forces | PATech Labs