SailPoint: Automation is at the Heart of Identity Defence

Identity has become the new security frontline.

As AI agents, bots and machine identities start to outnumber human users across enterprise environments, controlling who has access to what is more complex – and more critical – than ever.

This shift is unfolding as Scattered Spider – a hacking crew largely made up of teens and young adults from the US and UK and linked to recent high-profile attacks – fades from mainstream headlines.
Yet the disruption it triggered is still being tallied across retail, financial services and other high-value sectors targeted by its social engineering–led operations.

Few people grasp the evolution of cybercrime, and the mechanics behind campaigns like these, better than Rex Booth, CISO at SailPoint.

With more than 20 years across the cybersecurity spectrum – including senior roles at CISA, The White House and Mandiant – Rex has watched security move from perimeter-centric thinking to an identity-first approach.

Today, he’s helping to shape SailPoint’s mission to automate access governance in a world where identities are no longer just human.

In this Q&A with Cyber Magazine, Rex shares his perspective on the rise of non-human identities, the shifting nature of cyber risk and why automation and AI have become foundational to modern identity security.

If Scattered Spider retires but cyber threats don’t, what really needs to change now?

Ultimately, whether one group of criminals retire or not doesn’t really matter to the victims. 

Cyber threats and digital crime are opportunity driven – if one gang steps aside, a new one will eagerly take their place. That’s why we need to change our focus and look at prevention more than personalities. 

You can have the best tech in the world, but without user vigilance it’s redundant. With all the buzz around nation-state threats, it can be easy to forget that sometimes our vulnerabilities are much closer to home. It’s imperative that businesses prioritise training initiatives and simulations for employees, who are the first line of defence against social engineering attacks. 

What would you say locks the digital doors tighter against rising crime?

You need both elements running alongside each other if you’re going to keep bad actors locked out. Prevention requires social intervention as much as it requires technological fortifications. 

Businesses should absolutely be using tech that automates processes like threat detection and remediation. However, a culture where employees feel empowered to pause and question unusual requests for credentials has to run alongside that. 

Organisations can use identity security tools to support cyber training programmes, so they become more targeted and personalised based on individual need. These tools can help to identify high-risk employees that would benefit most from cyber training by aggregating and analysing user data. For example, employees with multi-factor authentication (MFA) disabled, employees that frequently access sensitive data or users with frequent failed login attempts.

With cyber gangs sharing playbooks, how can CISOs stay one step ahead?

Recently, we saw Shiny Hunters borrow social engineering tactics from Scattered Spider and it’s not an isolated incident. Gangs trade knowledge, tactics, tools and even people. 

Plus, ransomware-as-a service has erased many technical barriers and made cybercrime accessible to anyone with time, a laptop and an internet connection.

Crime now moves faster, enabled by easy access to knowledge and capabilities.  

All this sharing means two things: attacks are going to get more frequent and the results will be less predictable. 

CISOs looking to stay one step ahead need to be great strategists, not just technologists. 

Keeping crime out means securing buy-in from the wider business – getting them to view security as an enablement function. 

Traditionally, security has been viewed as the department of ‘no’, but we’re not just here to block things.

 If we’re going to keep things safe, we need our stakeholders to understand we’re collaborators, not obstacles. 

How is AI-powered identity security rewriting the rules for stopping social engineering attacks?

There's a tremendous opportunity to leverage AI against social engineering. It’s especially great at observing patterns and spotting anomalies. 

For instance, an employee that’s attempting to login at an unusual time or location. AI-powered security tools can identify and assess risk and then remediate it instantaneously, by triggering extra verifications or blocking access altogether.

Next-gen security tools are powering the transition to ‘adaptive identity’ – where identities are managed in a dynamic, rather than a static way, based on real-time context and user behaviour.

Ultimately, securing all users, applications and data has become a task that’s transcended the ability for humans to accomplish alone. 

AI-powered identity security can spot subtle threats that humans might miss. 

As a former White House advisor, what prevention move would you make mandatory across critical sectors today?

Every organisation, not just those in critical sectors, have got to get their machine identities and AI agents under control. 

In order to reap the benefits of AI, organisations are either leveraging the speed of an agent or granting them broad permissions – often it’s both.

That combination of speed and permissions can lead to disaster when left uncontrolled.  

As things stand, AI agents are running riot – with 80% of organisations reporting that their AI agents have already performed unauthorised actions, including accessing and sharing sensitive information. 

This is more than a security concern; it’s a business risk. 

Regulators are paying attention not just to the organisations they directly oversee, but also to the broader supply chain. And rightfully so. 

We’ve seen third party risk manifest into multi-million-pound losses across various industries.

If organisations want to avoid risk and prevent an ‘identity explosion’, they need to introduce technology that governs AI agent access rights in the same way they would humans. 

That’s particularly important for critical sectors because they deal with huge volumes of sensitive and privileged data. 

Identities – be they human, machine or AI – must be managed effectively.