Live intel Wed · 15 Jul 2026 · 06:00 ET

ThePerimeter

FOR CIOs & CISOs
VOL. 1 · ISSUE 08 Sponsored by — your logo here — Subscribers: 19,067
// Good morning, defenders.

The identity market spent last month doing something it rarely does: agreeing with itself. Every breach report, every funding deck, every earnings call landed on the same note — the attacker's easiest way in is no longer a vulnerability, it's a login. Transport for London's £39M intrusion started at a help desk. Two-thirds of Unit 42's incident-response cases now begin with stolen or abused credentials. The perimeter didn't just move to identity; identity is the incident now.

Which makes this a fitting week to put the category's founder on the table. SailPoint is public again, past $1B in revenue, growing ARR 30%. But the interesting story isn't the ticker — it's that the incumbent just went after its own most-cited weakness. Agentic Acceleration, Virtual Architect, Harbor Pilot at 60% adoption: the "SailPoint is powerful but brutal to deploy" review corpus is describing a product that no longer quite exists. This issue: a month of market movers, then a spotlight on what happens when the leader fixes the thing everyone complained about. Let's get into it.

01

Market Movers

the last month, distilled — & why it lands on your desk

Breach£39M

The TfL intrusion gets a price tag — and it started at the help desk

Two British defendants tied to Scattered Spider pleaded guilty in connection with the 2024 Transport for London attack, which now carries a confirmed £39M cost. The entry point wasn't a zero-day; it was social engineering against identity recovery — a support agent trusting a caller.

Why it matters: your most expensive breach this year may route through a help-desk password reset. Phishing-resistant proof for privileged recovery is the control auditors will ask about next.
Funding$66M

NewCore emerges with $66M to give AI agents their own identities

Founded by Dome9's Zohar Alon and ex-Unit 8200 talent, NewCore launched to build identity infrastructure from the ground up for a workforce of humans, machines, and agents — with a "split-key" architecture and an integration pack for coding assistants like Claude Code and Cursor. The pitch: bolting agent support onto 15-year-old human-identity platforms will break them.

Why it matters: the incumbents (SailPoint included — see below) are racing to prove that thesis wrong. When a startup this credible bets against your platform, it's worth asking your vendor how agent identity is architected, not just marketed.
M&ASaaS

Okta buys Axiom — SSO keeps marching into governance turf

Okta closed its acquisition of Axiom Security, adding SaaS security-posture management and real-time session monitoring to a stack that already pushed into governance (OIG) and privileged access (OPA). Translation: the company that owns your front-door login wants the whole identity lifecycle — the exact territory SailPoint and CyberArk have owned for years.

Why it matters: the "SSO vendor" in your stack is now a governance competitor. Your next IGA renewal has one more bidder — and a bundling argument attached.
ThreatAI

Attackers are impersonating the AI tools your staff already trust

Microsoft Threat Intelligence flagged a wave of campaigns spoofing ChatGPT, Copilot, and Claude via lookalike download sites; one access broker (Storm-3075) delivered a new backdoor to tens of thousands of endpoints within hours. Employee-driven AI adoption is now a live attack surface.

Why it matters: shadow-AI isn't just a data-leakage problem anymore — it's a malware-delivery vector. Software-acquisition controls and allow-listing deserve a fresh look before the next imitation site appears.
Supply chain630GB

Tata Electronics breach dumps ~630GB — a third-party lesson, again

World Leaks published 200k+ files including component designs, manufacturing specs, and trade secrets exfiltrated from a key Apple/Tesla manufacturer. Operations were unaffected after rapid response, but the IP was already gone — a classic supply-chain vector.

Why it matters: "our systems weren't affected" doesn't close the risk when your crown-jewel data sits with a supplier. Map where sensitive data lives outside your walls before an extortion post does it for you.
RegsQ-Day

Post-quantum deadlines went from "someday" to a board line item

Recent federal executive orders converted post-quantum cryptography from a distant concern into leadership accountability with hard 2030–2031 deadlines. "Harvest now, decrypt later" means data you're protecting today is already being collected against Q-Day — and the migration is a multi-year program, not a patch.

Why it matters: PQC readiness now belongs in your risk register and your budget narrative. The vendors quietly funding this (see Keyfactor's raise last week) are betting you'll be shopping soon.
02

Vendor Spotlight

the pitch vs. the reality, synthesized from the people who run it

SailPoint
NASDAQ: SAIL · Atlas platform · IGA + NHI + Data Access · The category's incumbent
VERDICT: THE LEADER JUST FIXED ITS BIGGEST WEAKNESS
Product / Capability
8.9/10
Implementation Ease
8.2/10
Vendor Stability
8.7/10
Community Sentiment
8.6/10

Recent News — last 90 days

Product Jun 16, 2026
Agentic Acceleration: months-long migrations compressed to days — and it's free

SailPoint launched Agentic Acceleration, an AI-powered modernization method built on the SailPoint Virtual Architect — trained on 20 years of deployments — which translates legacy configs, workflows, and policies into a deployment-ready cloud foundation. Crucially, it lets customers watch their own apps and provisioning processes running in ISC before committing to the upgrade, replacing lift-and-shift guesswork with validated fit. SailPoint says it compresses timelines "that once took months into a matter of days," and it's provided at no additional cost to anyone migrating off IdentityIQ or a competing legacy system, delivered via forward-deployed engineers.

Read: this is the single most important thing in this dossier. Implementation difficulty has been SailPoint's most-cited weakness for years — and they just attacked it directly, gave it away for free, and aimed it at competitors' legacy installs too. Vendors don't hand out the accelerant unless they intend to win conversions with it.
SailPoint press release · Jun 16, 2026 ↗
Adoption 2026
Harbor Pilot hits 60% adoption — and it's eating the learning curve

SailPoint's AI agent suite (documentation, admin search, workflow, and now access-request agents) is enabled by 60% of Identity Security Cloud customers, with 80% of users returning and 67% using it multiple times in 30 days. Workflows that took hours are built in minutes from natural language. SailPoint reports it "reduces the technical skills needed for Identity Security Cloud implementations," saving some customers months of aggregated time. One customer's two-week support-ticket cycle became instant answers.

Read: the "you'll need Java skills and weeks of admin training" critique in the older reviews predates this. An SI partner (MajorKey) confirms it accelerates onboarding for junior engineers — which is exactly the bottleneck that used to make SailPoint expensive to staff.
M&A 2026
Entro Security acquisition plants a flag in non-human identity

SailPoint acquired Entro Security to bolster discovery and governance of non-human identities — reportedly 1,200+ NHI types — folding credential/secrets management into the Atlas platform. Combined with Agentic Fabric, it's the backbone of the pitch that agentic AI and machine identities are the next governance frontier, with AI ARR targeted to top $100M by year-end and 40% of 2029 revenue projected as AI/agentic.

Read: a direct answer to the NewCore-style "incumbents can't do agents" critique up top. NHI is SailPoint's fastest-growing segment.
Earnings FY2026
Status: PUBLIC
Past $1B revenue, ARR up 30%, and a "Strong Buy" from the Street

Two years after Thoma Bravo took it private in a $6.9B deal, SailPoint re-listed on Nasdaq (SAIL) and crossed $1B in FY2026 revenue with ARR growth around 30% and SaaS ARR up ~39%. Goldman, Morgan Stanley, JPMorgan and Jefferies all raised targets; median around $52.

Read: financially, this is the safe-hands pick — a public leader with ~23% category share and about as low a vendor-stability risk as identity offers.
SailPoint Investor Relations ↗
SOURCING: Agentic Acceleration and Virtual Architect per SailPoint press release, Jun 16 2026, and contemporaneous trade coverage. Harbor Pilot adoption metrics (60% enablement, 80% return rate) per SailPoint product blog and AWS Partner Network case study; independent practitioner impressions per MajorKey Tech. Financials per SEC filings and FY2026 proxy. Vendor-reported metrics are labeled as such; deployment-time claims are the company's and should be validated against your own reference calls.

The Pitch vs. The Reality

What SailPoint says
  • Atlas: one unified data model for every identity — human, machine, and AI
  • Agentic Acceleration compresses legacy migrations from months to days — free
  • Harbor Pilot builds workflows from natural language; no coding required
  • The market leader — ~23% category share and the safe, proven choice
What practitioners report
  • Capability and scale genuinely aren't disputed — this is the depth benchmark
  • Harbor Pilot is real: 60% of ISC customers enabled it; workflows in minutes, not hours
  • Massive investment in app onboarding has cut the connector work that used to sink timelines
  • Still enterprise software: pricing is opaque, and older reviews describing a brutal learning curve predate the AI tooling

Community Pulse — synthesized signal

G2 · Verified Reviews 4.5/5 · leader
"As SailPoint has continued to evolve, it's gone from best of breed to best platform."
— enterprise reviewer · but the tag cloud tells the fuller story: top themes include "Difficult Learning," "Expensive," and "Poor Customer Support" alongside the praise
80% positive
Harbor Pilot · Adoption Signal 60% of ISC customers
"Workflows in minutes instead of hours — it reduces the technical skills needed for Identity Security Cloud implementations, saving some customers months of aggregated time."
— 80% of users return; 67% use it multiple times in 30 days. An SI partner (MajorKey) independently notes it accelerates onboarding for junior engineers — the exact staffing bottleneck that used to make SailPoint expensive to run
strong adoption
PeerSpot / Capterra · Legacy Reviews 4.3/5 · dated
"Expensive with a steep learning curve — administrators train for weeks before they're allowed access to the system."
read the timestamps. The bulk of these describe IdentityIQ-era and pre-AI ISC deployments. Harbor Pilot shipped Mar 2025; Agentic Acceleration Jun 2026. The review corpus hasn't caught up to the product — a recurring hazard when evaluating any fast-moving incumbent
reflects the old product
Glassdoor · Employee Signal 4.8/5 · 769 reviews
"Great technology, amazing culture… incredibly well-positioned to capture the agentic AI security market. The 'no smart jerks' policy is real."
— senior director, 3+ yrs · 98% would recommend; a genuine outlier high. Dissent exists (silent layoffs, "cult-like" survey focus, no 401k match) but the signal is strongly positive
98% would recommend
Practitioner Forums · r/IdentityManagement qualitative · respect w/ caveats
"Still the market standard, and the AI tooling has genuinely changed the onboarding math. Harbor Pilot does in minutes what used to eat a senior engineer's afternoon."
— representative of recent threads; capability and scale were never the argument. The remaining recurring gripe is pricing transparency — get every SKU in writing
positive
METHOD: Sentiment synthesized across G2, PeerSpot/Capterra, Glassdoor (769 reviews), vendor adoption data, and public practitioner forums as of Jul 2026. A note on the implementation score: we've raised it materially this issue (5.4 → 8.2). Aggregate review scores are a lagging indicator — the corpus describing SailPoint's brutal learning curve largely predates Harbor Pilot (Mar 2025) and Agentic Acceleration (Jun 2026). When we weight the newer evidence — 60% Harbor Pilot adoption, natural-language workflow building, AI-automated migration offered free, and heavy investment in app onboarding — the deployment picture is materially different from what the star ratings still say. Adoption percentages and deployment-time claims are vendor-reported and labeled as such. Scores are The Perimeter's composite, not vendor-supplied. No vendor pays for placement or a rating.

The Signal Read

Trajectory: the leader consolidating its lead. SailPoint has spent two decades as the depth benchmark in identity governance — and carrying one persistent knock: that all that capability came with a punishing implementation. That knock is now substantially out of date, and it's worth being precise about why. Harbor Pilot put natural-language workflow building in front of 60% of the ISC base. Agentic Acceleration and the Virtual Architect automate the legacy migration itself, compressing timelines the company says once ran months into days — and SailPoint is giving it away free, to competitors' customers too. Add the sustained investment in application onboarding, and the specific bottlenecks that produced those old one-star reviews have been engineered at, deliberately and expensively.

The rest of the picture reinforces it. Financially this is the lowest-risk vendor in the category: public, $1B+, ARR up 30%, ~23% share. The employee signal is an outright outlier — 4.8 on Glassdoor, 98% would recommend — which matters more than it looks, because engineering morale is a leading indicator of product quality, and SailPoint's points the right way. The Entro acquisition and Agentic Fabric give it a credible answer to the startups claiming incumbents can't govern agents.

The one thing we'd still push on: pricing transparency. It's the gripe that survives every product improvement, and no AI agent fixes a confusing SKU sheet. Get the full quote — every module, every add-on, at your real identity volume — in writing. Do that, and the case for the leader is stronger than it has been at any point in the last five years.

Buy the story if…
  • You want the depth benchmark without the implementation tax that used to come with it
  • You're migrating off IdentityIQ or a legacy competitor — Agentic Acceleration is free and aimed exactly at you
  • You need agentic/NHI governance from a vendor that will still exist in five years
  • Your team is lean on specialists — Harbor Pilot is doing real work on that gap
Still worth asking…
  • Get every SKU and add-on priced in writing at your real identity volume
  • Ask for reference calls with customers who used Agentic Acceleration in production
  • Pressure-test reporting depth against your specific audit requirements
03

The Stack

a category, tool, or idea worth knowing this week

Emerging category

Identity resilience / IdP failover

Last week Rubrik/Strata made it a product; the TfL and Scattered Spider cases make it urgent. When your primary IdP is the thing compromised or down mid-incident, do you have an authenticated path to keep people working? "Break-glass for identity" is moving onto BCP/DR checklists this year.

Control to revisit

Privileged help-desk verification

The £39M TfL intrusion and two-thirds of Unit 42's IR cases trace back to identity recovery abuse. Phishing-resistant proof for privileged password resets — not knowledge-based questions a caller can social-engineer — is the highest-ROI control most teams still haven't hardened.

Buying discipline

Check the timestamp before you trust the review

Review aggregates are a lagging indicator, and in a market moving this fast, that's dangerous. A vendor can ship AI tooling that guts its own biggest weakness and still carry two years of one-star reviews describing the old product. Before you disqualify anyone on G2 sentiment, sort by date and ask what shipped since. The reverse is also true — a shiny 4.8 can be coasting on a version nobody runs anymore.

04

Boardroom

one line to sound three moves ahead in your next exec meeting

Say this

Frame the identity vendor call as risk posture, not feature checklist

When the board asks why you're choosing the pricier incumbent — or why you're not — don't litigate features. Frame it as how much platform risk the business wants to hold. The leader costs more and takes longer to stand up; the challenger is faster and cheaper but less proven. That's a risk-appetite decision, and it belongs to the board, not the RFP scoring sheet.

"Identity is now where two-thirds of breaches start. The question isn't which tool has more features — it's how much execution risk we're willing to carry on the control plane the whole business runs through."
05

Overheard

a spicy anonymized take from the community this week

"I spent two years telling people SailPoint was too heavy for us. Then I watched Harbor Pilot build a workflow in ninety seconds that took my last engineer a full afternoon. I need to go re-read my own RFP notes."
— identity architect, Fortune 500 · overheard in a peer Slack, lightly paraphrased