Overview
AI agents are proliferating faster than security teams can track them. They connect to production systems, use credentials that were never provisioned for them, and operate autonomously - often without any record in IT systems, and often owned by employees who have since left.
SailPoint Entro gives you complete visibility into every AI agent in your environment: what it is, what it's connected to, what identity it uses, and what risk it carries. It does this by ingesting signals from the sources where AI agents actually leave traces - cloud provider logs, endpoint telemetry, SaaS audit logs, code repositories, and AI builder platforms - and correlating everything through the non-human identity layer that all agents depend on for access.
The result is a unified AI Agents Inventory: a single place to see every sanctioned and shadow AI agent, investigate risks, enforce policies, and drive remediation - without sitting inline, proxying traffic, or requiring agents to cooperate.
Shadow AI - Included by Default
SailPoint Entro doesn't rely on agents being registered or approved to discover them. Any AI agent operating in your environment leaves a trace - through identity activity, SaaS connections, or endpoint telemetry - and SailPoint Entro will surface it in the inventory alongside your sanctioned agents, with the same ownership attribution and risk signals attached.
What's in This Section
| Page | What it covers |
|---|---|
| How SailPoint Entro Discovers AI Agents | The detection methods: cloud logs, endpoint telemetry, SaaS audit logs, code scanning, AI builder platforms |
| AI Agents Inventory | What the inventory shows per agent and how to read it |
| Agentic Plugin & Policies | Active monitoring and enforcement for Claude Code, Cursor, and VS Code |
| Key Risks & Use Cases | Common AI risks SailPoint Entro surfaces and which teams they matter to |