New report shows how AI adoption and advanced identity practices separate leaders from laggards

Headline findings:

• Identity maturity gap widens – 63% remain stuck at basic levels as advanced programs surge ahead.

• AI adoption multiplies success – Organisations with AI-enabled identity security are 4x more likely to deploy advanced capabilities unlocking greater cost savings, productivity and risk reduction

• Deployment best practices overcome barriers –  Organisations that prioritise data cleanup before migrationand adopt stage-appropriate practices like automated app onboarding are significantly more likely to advance.

• Identity + data + security trifecta – Enterprises that unify identity as the control point, strengthen data practices, and advance security controls achieve higher ROI and greater AI readiness.

SailPoint, Inc. (Nasdaq: SAIL), a leader in identity security, today released its Horizons of Identity Security 2025-2026 report, which reveals how identity security has become mission-critical for the modern enterprise. Once a back-office control, identity has now transformed into a strategic platform that fuels agility, efficiency, and AI enablement – all grounded in security – helping enterprises unlock new avenues for growth.

“As organisations navigate a rapidly changing landscape, the report indicates that identity has become the top ROI generator in the security stack—helping enterprises cut costs, reduce risk, and accelerate growth,” said Matt Mills, President, SailPoint. “Today, identity is the central control point where policies are enforced, critical decisions are made, and security operations converge. Its future is tightly connected to security and AI-driven data governance, enabling enterprises to manage every identity—human, machine or AI agent—across the enterprise. With advances in AI, data management, and threat detection, modern identity security now delivers the unified visibility, expanded governance, and automated resilience organisations need.”

Mills added, “Those advancing further across the Horizons are recognising identity’s strategic role and reaping outsized benefits—positioning identity security as a key enabler of business performance.”

Charting the Horizons of Identity: Four years of insights

Across four years of Horizons research, several themes stand out. The bar for maturity keeps rising—progressing from manual IAM to automation, then to machine identity management, and now to AI agent lifecycle governance and adaptive trust. Identity types have expanded as well, from primarily human users and contractors in 2022, to machine identities in 2024, and today’s surge of AI agents. ROI leadership is also clear: according to our data, IAM consistently delivers twice the return of other security domains, and organisations treating identity as a strategic priority are 40% more likely to maximise that return.

Yet the execution challenges persist, with deployment complexity and poor data slowing some organisations. Even so, the overall trajectory is unmistakable: Identity has evolved from a back-office control to a catalyst for growth. Organisations that advance their maturity are better equipped to stay secure and realise greater success.

From foundational control to strategic enabler

This year’s report shows most organisations are still early in their identity journey. Nearly two-thirds (63%) remain stuck in Horizons 1-2, relying heavily on manual processes. Only a small group have advanced into higher maturity stages, with just 10% reaching Horizons 4-5, where identity transforms into a growth platform.

For the first time, we also saw some companies move backwards. The bar for maturity has risen: Today it requires capabilities like AI agent security, stronger use of identity data models, and just-in-time access controls. As the landscape grows more complex organisations must advance simply to hold their ground.

What sets these leaders apart is the way they are embracing advanced capabilities. According to the report, mature organisations are adopting AI-enabled identity controls at four times the rate of peers, using tools such as identity threat detection and response (ITDR), adaptive authentication, and governance for AI agents and bots. They are also 4-8 times more likely to deploy automated identity data synchronisation, unifying fragmented identity data, and lifecycle workflows, enabling measurable productivity gains across the enterprise.

For companies making the leap, the path forward is clear—and customer stories bring it to life. Wipro is evolving beyond enterprise-wide adoption to advanced automation and AI-driven capabilities, using identity as a foundation to transform. Specsavers has automated large volumes of manual tasks, strengthening its security posture while improving operational efficiency and enforcing least-privilege access. Other organisations show that by tackling deployment best practices first, they scale faster and unlock measurable productivity gains across the enterprise.

Reaching advanced identity security (i.e., moving from Horizon 3 to 4) requires more than basic automation. The organisations that succeed focus on data cleanup before migration, making them 1.6 times more likely to scale effectively. They also standardise app onboarding, apply automated lifecycle workflows, strengthen identity data synchronisation and unify fragmented identity data. These deployment best practices clear the path for advanced capabilities like ITDR, adaptive authentication and AI-agent governance.

The payoff for those that advance to more mature Horizons is undeniable—and perhaps the starkest divide is strategic focus. According to the report, identity delivers the highest ROI of any security investment, consistently outpacing endpoint, network, and compliance tools. Enterprises that treat identity as a strategic enabler report typical ROI multiples of up to 10x–reducing risk, driving revenue, and enabling AI safely.

“We are firmly focused on taking Wipro beyond enterprise-wide adoption of effective identity capabilities to advanced capabilities using automation and AI,” said Satvinder Madhok, Vice President, Business Integrated Technology Solutions, Wipro.

To explore the full findings and see where your organisation stands, download the Horizons of Identity Security 2025–2026 report: www.sailpoint.com/horizons

About the report and methodology

The Horizons of Identity Security 2025-2026 report is based on a June 2025 survey of 375 IAM decision-makers across Americas, Europe, and Asia. Respondents included senior leaders in IT, cybersecurity, and risk.  More than half are employed at organisations of 10,000+ employees, and the majority are from the finance, technology and healthcare sectors.  Using their responses, SailPoint grouped organisations into five horizons of identity maturity based on strategy, technology, operating model, and talent. Horizons 4 and 5 were updated this year with new capability thresholds – including AI agent lifecycle governance and multi-cloud entitlement management – reflecting the fast-rising bar for maturity in today’s landscape.

Unless otherwise indicated, all data points in this press release relate to the findings of this survey.

About SailPoint
At SailPoint, we believe enterprise security must start with identity at the foundation. Today’s enterprise runs on a diverse workforce of not just human but also digital identities—and securing them all is critical. Through the lens of identity, SailPoint empowers organisations to seamlessly manage and secure access to applications and data at speed and scale. Our unified, intelligent, and extensible platform delivers identity-first security, helping enterprises defend against dynamic threats while driving productivity and transformation. Trusted by many of the world’s most complex organisations, SailPoint secures the modern enterprise.