Saviynt has announced updates to its Agent Access Gateway, introducing what it calls Intent-Aware Runtime Authorization (IARA) to assess and control AI agent actions as they occur.
The company said the changes are aimed at a growing security gap as organisations shift AI agents from pilot programs into production environments. Unlike traditional access controls built for human users and relatively static applications, Saviynt argues that AI agents can execute large numbers of actions across business systems quickly, making it harder to determine whether each action is appropriate at the time it happens.
According to the company, IARA evaluates agent actions in real time based on identity, context, policy and intent. Saviynt said that if an action falls outside approved boundaries, the gateway can block it and generate an audit event at runtime.
“AI agents are becoming a new class of enterprise identity — autonomous, powerful, and capable of taking action across critical business systems,” said Vibhuti Sinha, Chief Product Officer, Saviynt. “Agent Access Gateway gives enterprises a way to control AI agent behaviour at runtime, when decisions actually happen. With IARA, organisations can move beyond static permissions and make access decisions based on what an agent is trying to do, why it is doing it, and whether that action should be allowed.”
Saviynt said additional updates to the gateway allow organisations to control an agent’s access to tools at runtime using static and dynamic policies, and to determine who an AI agent is acting for—whether independently, on behalf of a human user, or via another AI agent.
The company gave an example in sales operations where an agent may be authorised to access CRM data to summarise an opportunity, but then attempt to export customer records, modify pricing terms, or trigger outbound communications. In that scenario, Saviynt said the issue is whether those actions align with the user’s original intent, rather than whether the agent has technical permission.
Saviynt also announced new inbound and outbound access controls for AI agents, positioning them as identity governance measures that define who is authorised to interact with agents and what data, applications and resources agents can access.
The release also includes new identity verification capabilities that Saviynt said are intended to reduce impersonation risk. The company listed biometric scanning, selfie photos, liveness detection, and support for more than 4,000 government-issued document formats across more than 177 countries for human identity certification within its platform.
Saviynt said the latest updates expand its native integrations to include Microsoft Foundry, N8N and Snowflake Cortex.
