AS 2026 unfolds, enterprise cybersecurity continues to lag behind the rapid rise of artificial intelligence. Identity security is therefore expected to evolve to account for the adoption of agentic AI while maintaining the human dimension.
In an exclusive one-on-one interview with The Manila Times, Eric Kong, managing director of SailPoint Asean, discussed the increasing role of AI agents in enterprise workflows and in managing digital identities as AI becomes mainstream across industries.
THE MANILA TIMES (TMT): Please introduce SailPoint to our readers.
ERIC KONG (Kong): SailPoint is an identity security company headquartered in Austin, Texas. It was founded in 2005 by Mark McClain, who remains our CEO. We focus on governing and securing digital identities across enterprises. In the Philippines, we have served telcos, banks and other enterprises for the past 10 years.
TMT: Between AI and autonomous agents, how do they differ? What are the benefits and potential risks of AI agents in enterprise workflows?
Kong: AI agents are software programs that leverage artificial intelligence to perform specific tasks. They may be chatbots or automated helpers deployed across a range of functions, from simple to complex roles.
These agents often work hand in hand with humans and operate with significant guidance and oversight. They function within a defined scope, intent and context. They are task-driven and designed to perform specific functions.
Agentic or autonomous agents are more advanced. They are called agentic because they have agency — meaning they can analyze and operate with minimal human intervention. They are goal-driven and capable of making decisions.
Agentic AI or autonomous agents are given broad autonomy to achieve specific goals. They can proactively gather data, analyze it, plan, reason and execute tasks with little human intervention.
More importantly, autonomous agents can adapt. They learn and adjust. To achieve their goals, they access data, leverage tools and may execute actions across other systems. As a result, they can become more powerful and effective if used correctly.
TMT: Given these developments, how are Philippine enterprises responding to rapid AI adoption while balancing security?
Kong: In Asia-Pacific and Japan, including the Philippines, security postures must keep pace with AI’s evolution. Enterprises are moving from static security models to more dynamic, identity-centric approaches that provide visibility into system activity.
Human users are relatively easier to manage. They are employees whose access and usage can be reviewed and certified.
AI agents, however, operate around the clock, often in the background. With these agents, governance of identities must expand significantly.
TMT: What do you mean by identity security? How does the difference between AI and autonomous agents affect enterprise responses to identity cybersecurity challenges?
Kong: Digital identities have existed for some time, particularly for employees. Most enterprises are now well attuned to securing and governing human identities.
As technology evolves, new identity types are emerging. These include nonhuman identities, such as machine accounts. Enterprises must address this expanding set of identity classes as identity counts increase across organizations.
TMT: Can you define the Adaptive Identity Era and its features? How has cybersecurity evolved into this new era?
Kong: Adaptive identity reflects a new reality in which enterprises are becoming increasingly AI-powered. As they deploy more AI technologies — whether AI agents or autonomous AI — their identity security posture must evolve to what we call adaptive identity.
Adaptive identity has three defining characteristics. First, it must be dynamic, moving beyond legacy static control models. Second, it must be intelligent and leverage AI technologies. In many cases, AI is needed to secure AI, given the pace at which systems operate. Third, it must be real-time and continuous to address AI-driven environments.
We are also seeing the unification of identity, data and security. This involves leveraging a dynamic, intelligent and real-time platform that delivers control and scalability, particularly where legacy one-size-fits-all access controls are inadequate for AI-powered enterprises.
TMT: SailPoint has worked with large enterprises such as Aboitiz and Globe. Are you engaged in supporting adaptive identity initiatives in the Philippines?
Kong: Large enterprises — banks, telcos, government agencies and health care institutions — tend to adopt advanced technologies first.
However, identity security, particularly adaptive identity, is necessary for organizations of all sizes. We are seeing smaller enterprises leverage AI-powered tools to address cyber threats, especially those with limited IT resources.
Our AI platforms help them perform required security tasks with fewer resources. Midmarket companies can also leverage SailPoint tools to strengthen their cybersecurity posture.
We support SMEs as well as enterprises operating hybrid environments — combinations of legacy, on-premises and custom-built systems, including some mainframes. As organizations modernize their technology stacks, we work alongside them throughout the process.