SailPoint has announced its intent to acquire Tel Aviv-based Entro, in a deal the identity security vendor says will expand its capabilities for securing non-human identities (NHI) and credentials used by automation and AI-driven workflows.
The transaction is subject to customary closing conditions and is expected to close in the third quarter of SailPoint’s fiscal year 2027.
SailPoint said the acquisition would extend its recently launched “Agentic Fabric”, positioning the combined offering to address risks associated with autonomous AI agents, cloud services and programmatic access to enterprise data—where security decisions increasingly depend on which identities, human or machine, are requesting access and under what conditions.
Mark McClain, CEO and founder of SailPoint, said the company’s goal is to improve visibility into non-human identities and the credentials they use to access corporate data.
Entro co-founder and CEO Itzik Alvas said the company was established to discover and protect credentials and machine identities in cloud environments, and that the acquisition would integrate Entro’s discovery and lineage mapping capabilities into SailPoint’s identity security framework.
SailPoint said Entro would add technology it plans to integrate into Agentic Fabric, including agentless discovery of tools, APIs and credentials used by AI agents and machine identities; mapping of relationships and ownership to link non-human identities to human accountability; and continuous monitoring for behavioural anomalies through what it describes as Non-Human Identity Detection and Response (NHIDR).
The company said Entro’s coverage includes more than 1,000 non-human identity and agent types and discovery of more than 1,200 credential types across more than 70 enterprise sources, spanning cloud environments, developer tools, CI/CD pipelines and SaaS platforms.
The announcement reflects a broader shift in identity and access management, as organisations seek to govern credentials, secrets and machine-to-machine access that can outnumber human identities and introduce new paths to privilege escalation and data exposure if left unmanaged.
