A day in the life with AI-powered identity security: Agentic assistance for identity

With all the headlines and noise about AI running rampant in the news and on our feeds, we want to anchor the AI discussion around the real and practical ways that AI can help your organization through its identity security challenges. The rapid proliferation of AI is creating historic levels of innovation, but it can also contribute towards growing security risks, especially in the realm of identity.

In this interview series with identity security and AI experts, we discuss identity security issues that many organizations experience on regular basis. We will also walk through the ways SailPoint’s offerings and the AI capabilities that power them can bring value and practical solutions to these common issues that many organizations of diverse sizes and industries experience today.

Today we're exploring how AI can serve as intelligent assistance to make anyone’s life easier while completing identity security tasks. The daily life of an identity admin is filled with tasks that can be tedious, complex, repetitive, or time-consuming, and the sheer volume of work can be overwhelming. We'll cover how assistance from SailPoint Harbor Pilot, a suite of AI agents within Identity Security Cloud designed specifically for identity security, can automate, provide proactive insights, and ultimately make identity teams more effective.

I spoke with Alec Gruss, Senior Product Manager of Harbor Pilot, about how agentic assistance is changing the game for identity teams to save them time, effort, and headaches on a regular basis.

HP: Let’s start with the people on the front lines. What are the most common day-to-day challenges and frustrations that identity teams face?

AG: First and foremost, what we hear from our customers all the time, admins specifically, is that they are just overloaded. They're overloaded with work, they're overloaded with information. There is a bottleneck in getting identity security expertise to help run the program. Identity Security Cloud is a very powerful tool, especially if you know how to use it. Many of our customers are coming from IT and they're not identity governance experts, so knowing exactly what to do when they’re getting started can be source of frustration. Finally, there's an element of work that is manual and repetitive, that admins are having to spend time doing instead of thinking about how to improve their identity security. At the end of the day, it takes time to get new identity admins up to speed, it takes time for those admins to complete maintenance tasks, and there’s often so much to do that they get overloaded by the sheer volume of things to do just to keep the lights on.

HP: You’ve used the term "agentic assistance." How does this practically solve these daily frustrations?

AG: An agentic system intelligently takes action on the user's behalf to accomplish tasks or a series of tasks. The agent can deal with ambiguity, and it can bring in context as well as encoded expertise to actually deliver that outcome. It's empowering both to the human because you can state what you want to happen, but it also empowers the agent and the system to actually solve for the best way to achieve that outcome. In SailPoint’s case, we can encode the agents that we build with our expertise, with the best identity practices that we've developed over the past decades. For SailPoint, what that means is that we're embedding these specialized, AI-powered assistants into our platform so that we can deliver not just another chatbot, but really deliver real value around outcomes.

HP: That sounds powerful. Can you give me a 'day in the life' example? How does an AI assistant practically help an identity admin do their job better and faster?

AG: Let’s look at an admin named Mark. Previously, Mark may have had to manually review access when job titles changed. Now, Mark can automate by simply going into Harbor Pilot and asking Harbor Pilot to 'build a workflow to recertify a manager's direct reports’ access when the job title changes.' Using the search that's built into Harbor Pilot, Mark may ask, 'who has more than 150 entitlements at this organization?' He’ll get that list back and from there can either create a workflow that monitors this or create certifications. It really becomes something where Mark can both look at the manual tasks that they're having to do today as well as start to explore their data and from there decide if they want to take more one-off actions or if what they're seeing in the data warrants building a workflow. If Mark was a new identity admin, he could ask Harbor Pilot detailed questions about the Identity Security Cloud platform and Harbor Pilot will immediately return answers pulled straight from our documentation. For someone getting up to speed, that could be a ton of time saved from having to manually parse through documentation themselves to learn ISC.

HP: That's a very clear picture. Let's break that down. What are some of the specific, specialized tasks these built-in "agents" can perform?

AG: Each agent is designed to solve a specific, painful problem. The first pain point is about guidance — solving the ‘How do I do this?’ problem. An agent can act as an on-demand expert, so if you have a question like, ‘How do I create a role?’ or ‘Where do I find this in the UI?’, the agent can instantly give you clear guidance, which eliminates time spent hunting through documentation.

Next, it solves the ‘I need a report now!’ pain. Instead of having to go and build your own report, you can simply ask a question in natural language and get a clean answer. This allows authorized admins to query their identity data and get immediate answers without complex, manual report-building.

The workflow agent solves the ‘I don’t have time to code this’ pain. It turns hours of technical work into minutes by drafting entire lifecycle and access control workflows from a simple description. This allows a non-technical person to create automations or a technical person to offload repetitive coding tasks.

Finally, for regular employees, the access request agent solves the ‘What do I request?’ pain. For most end users, their primary objective is to find the access they need, request it, and go about their day. The agent can take a broad question like, ‘I need access to our CRM,’ understand that your organization uses a particular CRM, give you a list of items you can request, and allow you to submit that request in just two clicks. This is a killer use case that reduces helpdesk tickets and user frustration.

HP: You mentioned it can be used by regular employees. Who is the ultimate target user for this kind of assistance?

AG: The simple answer is that it's for everyone because it is adaptable and flexible to both user personas: administrators and employees. For employees, it's really about quickly requesting the access that they need and going about their day. It reduces all kinds of support tickets, help desk time, and improves their productivity. For identity administrators, they're probably going to experience the biggest benefit because for them it is a force multiplier. It's the assistant that they have by their side to automate their time-consuming tasks and help them make more informed decisions throughout the entire day.

HP: Let's talk about the technology. What is the core architecture that enables this kind of secure, context-aware assistance?

AG: It is a multi-layered architecture. There's the large language model (LLM) that is powering the interaction, but it has a harness around it, and it's hosted securely on AWS Bedrock, so each tenant's context and data is isolated to that tenant. We follow an agent orchestration model so user requests can be routed to the best agent suited for the task. It will understand the user's intent, interpret that, and ensure that the permissions a user has are respected. An end user will never be able to see administrative-level information or gain those privileges via Harbor Pilot. We set things up in this way so that the different agents within Harbor Pilot can work together to deliver a seamless experience for the administrator or end user interacting with Harbor Pilot through chat. So, for instance, when a user asks to request access to something, under the hood we are calling on the Access Request Agent to complete that task. If an admin asks for help on creating a workflow to automate a task, the Workflow Agent will be the one working on that request. Regardless of what type of query the user presents, they will ask it the same Harbor Pilot interface.

HP: When you automate complex tasks like workflow creation, how do you ensure safety and maintain human oversight?

AG: A core principle of ours is that the human is in the loop. Even if things are automated, the user chooses what to automate. At any point, they can revoke, audit, review, and direct it. So, a core philosophy here is that we think in terms of augmentation, rather than replacement. The strongest systems are those where the strengths of the machine and the human are brought together in that human-machine interface.

HP: What is the real-world business impact of deploying this kind of assistance?

AG: The first one is time to value. There's often a skills gap where admins are new to the tool and don't know where to start. This agentic assistance directly addresses those issues and accelerates time to value while providing additional productivity right from the start. Along those lines, it makes all users much more efficient because they can just ask what they don't know and have SailPoint's best practices and documentation at their fingertips. The ultimate result of this increased efficiency and shorter learning curve is an improved security posture. We are helping our customers reduce their risk posture by building automation, identifying risks, and mitigating those risks faster, which is even more important today as non-human identities are proliferating.

HP: Is this the end state, or just the beginning? What is the long-term vision for agentic assistance in identity security?

AG: This is very much the beginning. The underlying technology is still very young, and what we're seeing with AI agents is even younger. The long-term vision is a fundamental paradigm shift in the user experience. We are moving toward a flexible, adaptive solution that is embedded directly into the platform which will be with our customers when they need it, providing answers and outcomes in the form they need. The goal is for the AI to become a more proactive assistant that helps guide organizations on the journey toward autonomous identity security, ultimately saving them even more time while maintaining a strong security posture.

HP: What's the most important thing for a leader to understand about the potential of AI-powered assistance for their security program?

AG: The most important thing to understand is that this is about scaling your security program without needing to scale your headcount at the same rate. It’s about empowering your identity practitioners by equipping them with tools that assist them through the entire lifecycle, from the onboarding process to the ongoing maintenance of their program and the mitigation of risk. This is a journey, and it relies on good data to work effectively. By building out that context, the agents can make better suggestions and recommendations. Ultimately, we see this agentic assistance as the key to making the entire organization more secure and more agile.

Empowering identity teams with AI assistance

Harbor Pilot is emerging as a powerful agentic assistant to the daily frustrations of modern identity security teams, who are often overloaded with manual work. By using specialized AI agents within Identity Security Cloud, organizations can automate repetitive tasks and get instant answers to complex questions. This AI assistance acts as a force multiplier for administrators, freeing them to focus on strategic initiatives while also simplifying access processes for all employees. With a human-in-the-loop design ensuring safety, this approach bridges the skills gap for new identity admins and improves an organization’s overall security posture. It transforms identity teams from being reactive and overwhelmed to being proactive and in control. Ultimately, AI-powered assistance allows businesses to scale their security programs effectively, turning them into enablers of innovation.

Ready to experience the support of agentic AI within your own identity program? Learn more about how SailPoint Harbor Pilot can help you to build a stronger and more efficient identity program.