Skip to content

How SailPoint Entro Discovers AI Agents

SailPoint Entro discovers AI agents across four signal sources. No single source covers everything - together they give you complete visibility across your SaaS estate, endpoints, cloud, and AI builder platforms.

NHI Consumers

Every AI agent needs an identity to act - an API key, OAuth token, service account, or PAT. These are non-human identities, and SailPoint Entro already tracks them across your entire environment.

When SailPoint Entro detects that an NHI is being consumed by an AI client, it surfaces that agent automatically in the AI Agents Inventory - with the full identity context already attached: who owns the NHI, what it has access to, its permission level, and its actual activity - including the operations the agent is performing, such as read or write access to specific services.

This is what makes SailPoint Entro's approach fundamentally different. Other tools try to discover AI agents by finding the agents themselves. SailPoint Entro discovers them through the identities they depend on - which means complete coverage by design, including agents that were never registered, documented, or approved.

SaaS Applications

When an AI tool is granted access to a SaaS service - for example, a user connecting ChatGPT to Microsoft 365, or an AI app authorized against a Salesforce org - the SaaS platform creates a dedicated connection for that integration. SailPoint Entro reads these directly from the platforms it's connected to, surfacing every AI application that has been granted access, what it can reach, and who authorized it.

Covered Platforms Include:

  • Microsoft 365 (Teams, SharePoint, OneDrive, Outlook) and M365 Copilot

  • OpenAI / ChatGPT Enterprise

  • Salesforce

  • GitHub, GitLab

  • AWS, Azure, GCP

  • Slack

Endpoint Telemetry via EDR

SailPoint Entro integrates with your existing endpoint security tools to discover AI agents running on developer workstations and servers - with no additional agent or binary installed on endpoints.

Supported Integrations:

  • CrowdStrike Falcon

  • Microsoft Defender

What This Surfaces:

  • AI client applications installed on developer machines

  • MCP configuration files listing the services an agent is connected to

  • Secrets embedded in local AI tool configurations

Note

Browser-based AI usage is not detected via endpoint telemetry. Only installed desktop applications and their configuration files are visible through this method.

AI Builder Platform Integrations

SailPoint Entro integrates directly with platforms where teams build and deploy AI-powered workflows, surfacing agents that may never appear in cloud activity or endpoint telemetry.

Platform What SailPoint Entro discovers
n8n Workflows containing LLM nodes, surfaced as agents in the inventory
Microsoft Copilot Studio Power Platform agents, their connections, and associated identities
AWS Bedrock Agents and their associated IAM identities