Live intel Wed · 08 Jul 2026 · 06:00 ET

ThePerimeter

FOR CIOs & CISOs
VOL. 1 · ISSUE 07 Sponsored by — your logo here — Subscribers: 18,412
// Good morning, defenders.

Somewhere in a boardroom this week, a CFO asked a CISO why the identity budget doubled — and for once, the answer wasn't ransomware. It was the agents. The machines your developers spun up over the weekend now outnumber your humans by roughly forty to one, none of them read the acceptable-use policy, and every single one holds a credential that never expires.

That's the whole story of 2026 in one sentence: identity stopped being a support function and became the control plane for everything — human, machine, and increasingly, autonomous. This week we watched the market price that in, and we put Saviynt under the microscope — strong product, a Customers' Choice badge, a trade-secrets fight with Delinea, and a brush with the Klue incident, all in the same quarter. Does the "converged platform for the AI era" hold up when practitioners, not marketers, do the talking? Let's get into it.

01

Market Movers

what shifted this week & why it lands on your desk

M&A · Rumored$1B+

Cyera reportedly circling Oasis Security for $1B+

Fresh off a $600M round at a $12B valuation, data-security unicorn Cyera is in advanced talks to buy Oasis Security — the "agentic access management" startup built for a world where machine identities swamp human ones. Reported ~30% cash, rest in stock; no formal announcement yet. It'd be Cyera's boldest move yet to plant a flag in non-human identity.

Why it matters: the data-security and identity camps are colliding. If a DSPM leader buys its way into NHI governance, the "identity vs. data" tool boundaries in your stack are about to blur — and so are the RFP categories.
Funding$1B+

Keyfactor lands a $1B+ growth investment for the machine-identity era

Summit Partners led a $1B+ strategic investment in Keyfactor (July 6), with Insight and Sixth Street retaining stakes. The thesis is squarely on the moment: AI-driven identity sprawl, shrinking certificate lifespans, and the post-quantum migration pushed by the White House's June PQC executive orders. Capital earmarked for product, global expansion, and acquisitions.

Why it matters: PKI and certificate hygiene just moved from compliance plumbing into the AI-infrastructure budget. If your agent fleet is minting machine identities faster than you can inventory them, this is the category funding a solution to your problem.
M&A · ClosedIdP

Rubrik buys Strata.io — resilience meets identity

Rubrik closed its acquisition of identity-orchestration player Strata.io (terms undisclosed), powering a new "Identity Continuity" capability: automatic failover to a backup IdP when your primary — Entra ID, Okta — goes down mid-incident. Rubrik's identity line is now its fastest-growing at $50M+ ARR, and Strata brings SAML co-author Eric Olden in-house.

Why it matters: "what happens when our IdP is the thing that's compromised?" is now a vendor category, not a tabletop hypothetical. Identity resilience belongs on your BCP/DR checklist this year.
Threat1,300%

Deepfake fraud went vertical

Pindrop's analysis of 1.2B customer calls clocked a 1,300% YoY jump in deepfake-led fraud. Voice-vishing and synthetic identity are now top-three concerns for C-suite security leaders — and the traditional "verify the human" playbook is visibly cracking.

Why it matters: your help-desk password-reset flow is the soft target. Adaptive, multi-channel verification is moving from nice-to-have to audit finding.
RegsEU

CRA joins NIS2 and DORA — sovereignty is a design constraint now

The Cyber Resilience Act is the third EU regime you're now adapting to simultaneously, and it's accelerating a real "geopatriation" trend: workloads and identity data moving to on-prem or local providers to escape US Cloud Act exposure.

Why it matters: if you operate in the EU, "where does our identity data physically live" is now a board question, not an architecture footnote.
AINHI

Non-human identities are the fault line of the year

Every serious 2026 identity report says the same thing in different words: agents and MCP connections now carry real authority — retrieving data, triggering workflows, acting inside critical systems with no human in the loop. Governance built for humans doesn't stretch to cover them.

Why it matters: this is the exact wedge every IGA vendor (Saviynt included — see below) is using to expand your contract. Know the problem before you buy the pitch.
02

Vendor Spotlight

the pitch vs. the reality, synthesized from the people who run it

Saviynt
Identity Cloud · IGA + PAM + App Access + ISPM · Converged platform play
VERDICT: STRONG PRODUCT, WATCH THE DELIVERY
Product / Capability
8.6/10
Implementation Ease
5.8/10
Vendor Stability
6.7/10
Community Sentiment
6.6/10

Recent News — last 90 days

3rd-party incident Jun 23, 2026
Saviynt among customers caught in the Klue / Salesforce incident

An unauthorized party accessed multiple organizations' Salesforce instances via a third-party incident in Klue's environment. Saviynt confirmed it was an impacted customer, with potential exposure limited to certain sales data in its own Salesforce instance. Per Saviynt: no impact to its products or services, and no impact to customer data held within Saviynt products. The company says it continues to monitor as part of ongoing cyber-defense activity.

Read: a supply-chain hit on Saviynt's own SaaS stack, not its platform. Low direct risk to customers — and the transparent, scoped disclosure is a point in their favor. A fair thing to ask their team to walk you through.
Saviynt Trust Center · Security Bulletin ↗
Recognition Mar 31, 2026
Named a Gartner Peer Insights Customers' Choice for IGA

Saviynt was recognized as a 2026 Customers' Choice in the Voice of the Customer for IGA, tied for the highest overall rating in the report — reinforcing the "identity at scale + flexibility" theme that runs through its enterprise reviews.

Read: real validation on the governance-at-scale claim. Weigh it against the implementation-effort caveats below — both are true at once.
SOURCING: Litigation from federal court docket (PacerMonitor / Law.com). Incident details per Saviynt's public Trust Center bulletin, Jun 2026. Recognition per Gartner Voice of the Customer, IGA, Mar 2026. The Perimeter reports the record; allegations in pending litigation are not findings of fact.

The Pitch vs. The Reality

What Saviynt says
  • One converged platform: IGA, PAM, app access & ISPM, no point-tool sprawl
  • AI-first — governs human, non-human & AI identities in one system of trust
  • Low-code/no-code covers ~80% of IGA use cases without custom development
  • Gartner Peer Insights Customers' Choice for IGA, 2026
What practitioners report
  • Platform breadth is real and genuinely strong at scale — the consolidation story holds
  • Custom connectors lean on REST APIs; OOTB coverage has gaps teams work around
  • SOD evaluation jobs flagged as failing "very frequently" by more than one reviewer
  • "Speed over quality" ships features that can feel like early iterations, not GA

Community Pulse — synthesized signal

G2 · Verified Reviews 4.4/5 · capability-led
"We achieve roughly 80% of IGA use cases without writing a single line of code."
— Identity architect · praised UAR & certification campaigns, ServiceNow integration
76% positive
Gartner Peer Insights Customers' Choice · IGA 2026
"Identity at scale, flexibility across complex environments, a unified approach."
— recurring theme across enterprise reviewers; tied for highest overall rating in category
83% positive
Glassdoor · Employee Signal 4.0/5 · 426 reviews
"The culture prioritizes speed over quality… product releases sometimes feel more like early-stage iterations than mature enterprise solutions."
— current employee, 3+ yrs · echoed by multiple reviews citing high turnover & rework
78% would recommend
Practitioner Forums · r/IdentityManagement qualitative · leans critical
"A bunch of code trying to run over SaaS that keeps failing. I've been a victim once and will never recommend Saviynt to anyone."
— representative of recent r/IdentityManagement threads; recurring themes: back-end stability (failed jobs, batch processes that break at load), scalability under real enterprise volume, and an aging technical foundation that shows under stress
mixed-negative
METHOD: Sentiment synthesized across G2, Gartner Peer Insights, Glassdoor (426 reviews) and public practitioner forums (notably r/IdentityManagement) as of Jul 2026. Employee-signal is a leading indicator — "speed over quality" and turnover on engineering teams often surface in product polish 2–3 quarters later. Scores are The Perimeter's composite, not vendor-supplied. Quotes are representative of recurring themes, not cherry-picked outliers.

The Signal Read

Trajectory: ascending, with execution risk. Saviynt is winning the argument it wants to have — that identity is now one converged control plane, and point tools are a liability. The product genuinely backs that up at enterprise scale, and the 2026 NHI/AI-identity narrative plays directly to its platform breadth. This is a credible finalist for any consolidation-driven RFP.

The caution — sharpest in Glassdoor engineering reviews and r/IdentityManagement threads — is aimed less at capability than at back-end stability and scale. Practitioners describe failed jobs, batch and SaaS processes that break under real enterprise volume, and an aging technical core ("Groovy-on-Grails relics," "code trying to run over SaaS that keeps failing") that shows under stress — alongside a recurring "smoke and mirrors" gap between the sales narrative and daily operation. The platform is genuinely capable; the recurring question is whether it holds up at your scale the way it does in the demo. Underwrite the implementation like it's hard — for many teams, it is.

Buy the story if…
  • You're consolidating 3+ identity point tools and want one throat to choke
  • NHI / AI-agent governance is on your 12-month roadmap
  • You have (or will fund) a capable SI partner and realistic timeline
Push back if…
  • You need fast time-to-value with a lean internal team
  • You're at high identity volume — ask for reference calls on stability at your scale
  • You were sold a "quick deployment" — get that in writing with milestones
03

The Stack

a category, tool, or idea worth knowing this week

Emerging category

Non-Human Identity (NHI) Security

The fastest-growing line in the identity stack. Service accounts, API keys, agents, and MCP connections now vastly outnumber human identities and carry standing privilege with no lifecycle. Watch for this to be its own Gartner category by year-end — and for every IGA vendor to claim they invented it.

Control to revisit

Help-desk verification hardening

With deepfake fraud up 1,300% YoY, the password-reset call is the new front door. Multi-channel, out-of-band verification for privileged resets is the single highest-ROI control most teams haven't tightened yet.

Data hygiene

Identity data cleanup — before the AI, not after

Every "AI-powered governance" pitch has a dirty secret: garbage identity data in means confident garbage out, at scale. The unglamorous work of entitlement cleanup and lifecycle completeness is the actual prerequisite. Do it first.

04

Boardroom

one line to sound three moves ahead in your next exec meeting

Say this

Reframe identity spend as AI enablement, not security cost

When finance questions the identity line item, don't defend it as a breach-prevention expense. Reframe it as the governance layer that lets the business deploy AI agents safely — which is the thing the CEO actually wants to do faster.

"We can't scale autonomous AI in production faster than we can govern the identities running it. This budget is what unblocks the AI roadmap — it's not a tax on it."
05

Overheard

a spicy anonymized take from the community this week

"Everyone's selling me AI to govern my agents. I don't have a governance problem — I have a "nobody knows how many agents we have" problem. Sell me the flashlight before you sell me the leash."
— CISO, mid-market fintech · overheard in a peer Slack, lightly paraphrased