Somewhere in a boardroom this week, a CFO asked a CISO why the identity budget doubled — and for once, the answer wasn't ransomware. It was the agents. The machines your developers spun up over the weekend now outnumber your humans by roughly forty to one, none of them read the acceptable-use policy, and every single one holds a credential that never expires.
That's the whole story of 2026 in one sentence: identity stopped being a support function and became the control plane for everything — human, machine, and increasingly, autonomous. This week we watched the market price that in, and we put Saviynt under the microscope — strong product, a Customers' Choice badge, a trade-secrets fight with Delinea, and a brush with the Klue incident, all in the same quarter. Does the "converged platform for the AI era" hold up when practitioners, not marketers, do the talking? Let's get into it.
what shifted this week & why it lands on your desk
Fresh off a $600M round at a $12B valuation, data-security unicorn Cyera is in advanced talks to buy Oasis Security — the "agentic access management" startup built for a world where machine identities swamp human ones. Reported ~30% cash, rest in stock; no formal announcement yet. It'd be Cyera's boldest move yet to plant a flag in non-human identity.
Summit Partners led a $1B+ strategic investment in Keyfactor (July 6), with Insight and Sixth Street retaining stakes. The thesis is squarely on the moment: AI-driven identity sprawl, shrinking certificate lifespans, and the post-quantum migration pushed by the White House's June PQC executive orders. Capital earmarked for product, global expansion, and acquisitions.
Rubrik closed its acquisition of identity-orchestration player Strata.io (terms undisclosed), powering a new "Identity Continuity" capability: automatic failover to a backup IdP when your primary — Entra ID, Okta — goes down mid-incident. Rubrik's identity line is now its fastest-growing at $50M+ ARR, and Strata brings SAML co-author Eric Olden in-house.
Pindrop's analysis of 1.2B customer calls clocked a 1,300% YoY jump in deepfake-led fraud. Voice-vishing and synthetic identity are now top-three concerns for C-suite security leaders — and the traditional "verify the human" playbook is visibly cracking.
The Cyber Resilience Act is the third EU regime you're now adapting to simultaneously, and it's accelerating a real "geopatriation" trend: workloads and identity data moving to on-prem or local providers to escape US Cloud Act exposure.
Every serious 2026 identity report says the same thing in different words: agents and MCP connections now carry real authority — retrieving data, triggering workflows, acting inside critical systems with no human in the loop. Governance built for humans doesn't stretch to cover them.
the pitch vs. the reality, synthesized from the people who run it
Delinea (Thoma Bravo-backed) sued Saviynt and former Delinea product-management director Patrick Wadland in the Central District of California, alleging Wadland took confidential PAM product information after joining Saviynt and accessed Delinea's systems from Saviynt IP addresses. Claims include trade-secret misappropriation and tortious interference. Saviynt has moved to dismiss.
An unauthorized party accessed multiple organizations' Salesforce instances via a third-party incident in Klue's environment. Saviynt confirmed it was an impacted customer, with potential exposure limited to certain sales data in its own Salesforce instance. Per Saviynt: no impact to its products or services, and no impact to customer data held within Saviynt products. The company says it continues to monitor as part of ongoing cyber-defense activity.
Saviynt was recognized as a 2026 Customers' Choice in the Voice of the Customer for IGA, tied for the highest overall rating in the report — reinforcing the "identity at scale + flexibility" theme that runs through its enterprise reviews.
Trajectory: ascending, with execution risk. Saviynt is winning the argument it wants to have — that identity is now one converged control plane, and point tools are a liability. The product genuinely backs that up at enterprise scale, and the 2026 NHI/AI-identity narrative plays directly to its platform breadth. This is a credible finalist for any consolidation-driven RFP.
The caution — sharpest in Glassdoor engineering reviews and r/IdentityManagement threads — is aimed less at capability than at back-end stability and scale. Practitioners describe failed jobs, batch and SaaS processes that break under real enterprise volume, and an aging technical core ("Groovy-on-Grails relics," "code trying to run over SaaS that keeps failing") that shows under stress — alongside a recurring "smoke and mirrors" gap between the sales narrative and daily operation. The platform is genuinely capable; the recurring question is whether it holds up at your scale the way it does in the demo. Underwrite the implementation like it's hard — for many teams, it is.
a category, tool, or idea worth knowing this week
The fastest-growing line in the identity stack. Service accounts, API keys, agents, and MCP connections now vastly outnumber human identities and carry standing privilege with no lifecycle. Watch for this to be its own Gartner category by year-end — and for every IGA vendor to claim they invented it.
With deepfake fraud up 1,300% YoY, the password-reset call is the new front door. Multi-channel, out-of-band verification for privileged resets is the single highest-ROI control most teams haven't tightened yet.
Every "AI-powered governance" pitch has a dirty secret: garbage identity data in means confident garbage out, at scale. The unglamorous work of entitlement cleanup and lifecycle completeness is the actual prerequisite. Do it first.
one line to sound three moves ahead in your next exec meeting
When finance questions the identity line item, don't defend it as a breach-prevention expense. Reframe it as the governance layer that lets the business deploy AI agents safely — which is the thing the CEO actually wants to do faster.
a spicy anonymized take from the community this week