SailPoint turns AI security fears into fresh growth fuel
[SINGAPORE] The surge of agentic artificial intelligence (AI) is giving US-based cybersecurity platform SailPoint a new growth runway, as it bets on rising demand for identity-security tools to help companies unlock AI’s promise without opening the door to new risks.
SailPoint’s solutions are around identity security, helping organisations ensure the right users are getting access to data that is appropriate for their jobs. The company has clients across a few industries, including financial services, the public sector and telcos.
“Agentic AI is really taking mind-share now in these (enterprises); they’re all trying to figure out how to leverage this new technology,” Mark McClain, CEO and founder of SailPoint, told The Business Times. “They are all also realising there’s an associated security risk they don’t have a good handle on.”
Despite the rate of adoption of AI going from linear to exponential across industries, there has been a drop-off in actual deployment, partly due to security concerns.
About four in five respondents in research commissioned by Sailpoint said that AI agents had accessed or shared data inappropriately.
There is pressure to adopt AI across all companies, but there is also a growing push from cybersecurity teams within companies to tap the brakes to address these security risks.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
With identity emerging as an attack vector to breach a network, companies are feeling the pressure to regulate users. The issue with user management is that most of a company’s users might not even be their employees but contractors or suppliers.
Coupled with AI agents that are unable to flag if they have been compromised, the urgency to find a way to protect this vector is ratcheting up.
“We see the opportunity to potentially accelerate as companies begin to understand this opportunity better,” said McClain.
Tapping this opportunity could bring an uplift to the top line, as existing customers are cross-sold new services and features to deal with this new security concern.
The latest financials from SailPoint showed revenue for the first quarter of 2025 grew 23 per cent year on year, to US$230.5 million from US$187.7 million.
While losses were higher – at US$185 million for Q1 2025 compared to US$68.2 million for Q1 2024 – the bulk of this was driven by a share-based compensation expense of US$160.5 million.
As it shifts to a software-as-a-service business model, annual recurring revenue (ARR) from subscriptions is a key metric that SailPoint is tracking.
ARR for Q1 2025 was US$925 million, an increase of 30 per cent year on year, with subscription ARR at US$574 million, up 39 per cent from Q1 2024.
The bulk of SailPoint’s customers are in the US, making up about two-thirds of the business. Of the remainder, Europe is the next biggest revenue contributor by geography, followed by the Asia-Pacific region.
The company is seeing growth in the Asia-Pacific outpace other geographies, due to the smaller base.
“We are making pretty significant investments in the non-American landscapes because we are less covered in these markets, we see the opportunity, we see lots of business out here,” said McClain.
SailPoint counts among its customers companies such as Globe Telecom in the Philippines and the top 20 banks in the US.
The conversations the company has with customers in the region are turning more advanced, beyond regulating users to now protecting themselves from potential threats.
Now, regulatory compliance to data protection or residency acts is driving customers in emerging countries to leapfrog and think more like their mature peers.
“I think we might find that there’s so much demand here, these companies may not go through the same journey over 15 years that companies who started with us did,” said McClain. “Some of these companies will go straight to security protection because that’s the pressure they are feeling to adopt these new technologies.”
The focus ahead will be on leveraging the need for security, even as AI agents start to proliferate within companies. SailPoint will engage customers, data centres and AI developers to get a handle on what needs to be done to secure their networks.
With cyberattacks growing more sophisticated amid an explosion in AI adoption, SailPoint is looking to fill the need for better defences.
“I think it’s a bit of an arms race where people are rushing to use the technology, the bad actors to do bad things, the good guys to try to protect, and I think we’re going to be in a very interesting junction of that where we sit,” said McClain.
