Core Conclusions
Once AI agents go mainstream, identity security is no longer only about "employee login" and "customer authentication." It is elevated into an "identity control plane" that unifies humans, workloads, service accounts, API keys, OAuth apps, certificates, short-lived tokens, CI/CD pipelines, bot accounts, and AI agents. Microsoft, AWS, Google Cloud, GitHub, and the MCP spec itself already treat workload identity, federation, OAuth scopes, and resource audience validation as infrastructure rather than as add-on features.
Non-Human Identity now extends far beyond traditional "machine certificates" or "service accounts." In practice it covers service principals, Kubernetes service accounts, cloud roles, CI/CD OIDC tokens, API keys, SSH keys, certificates, secrets, OAuth apps, SaaS-to-SaaS connectors, RPA accounts, automations, MCP servers, AI agents, and agent-to-agent delegation chains. Microsoft, Google, AWS, Veza, Okta, and CyberArk have all explicitly modeled or productized these objects.
AI agents substantially amplify identity risk—not merely because there are "more accounts," but because they can autonomously call tools, read data across systems, run continuously at machine speed, propagate privileges along delegation chains, and stack prompt injection, tool poisoning, OAuth consent, token theft, overprivilege, and audit gaps onto a single execution chain. The MCP spec already requires the resource parameter and token audience validation and explicitly prohibits token passthrough, which shows that the protocol design layer has acknowledged this risk.
The first identity-security budget to land will not be a "pure agent-identity platform" itself, but four more easily procured and already-mature budget pools: PAM, machine identity management, secrets management, and extension modules for IGA/ITDR/CIEM. The reason is that these budgets already exist, the buyers are clearly defined, the compliance drivers are strong, and they map most directly to incident accountability and audit requirements. CyberArk, SailPoint, Okta, HashiCorp/IBM, and JFrog have already produced quantifiable commercial signals in these adjacent areas.
The real direct beneficiaries are not every company telling an "AI security story," but the companies that have already turned identity, entitlements, secrets, certificates, authorization, and audit into platform SKUs, expanded ARR, or driven RPO/cRPO. The group with the strongest current evidence is CyberArk, SailPoint, Okta, Microsoft Entra, IBM/HashiCorp Vault, and JFrog; CrowdStrike, Cloudflare, Cisco, Zscaler, and Palo Alto Networks are more at the stage of "platform enhancement with financial contribution not yet broken out."
Identity security will most likely become the security control plane of the AI agent era, but the premise is not "SSO matters more"—it is that "identity graph + authorization graph + secrets/cert lifecycle + runtime policy + audit trail" become unified. Single-point SSO/MFA vendors that cannot extend into NHI, runtime authorization, data entitlements, and human-in-the-loop governance will see their platform standing decline.
Pure NHI/agent-identity startups are a genuine threat, not a marketing gimmick. Aembit, Oasis, Entro, Astrix, Veza, SGNL, Reco, Valence, and Grip are all rebuilding the budget entry point around "discover—attribute—entitle—continuously authorize—audit." Cisco's planned acquisition of Astrix and CrowdStrike's acquisition of SGNL show precisely that the large platforms recognize this direction as a next-generation control-plane entry point rather than a minor feature.
The segments with the greatest revenue elasticity, in priority order, are: PAM extending into NHI/agents, machine identity management, secrets management and developer token security, IGA extending into NHI ownership/attestation, and data access governance/RAG permission control. MCP tool authorization and agent runtime authorization carry high technical importance, but their commercialization remains relatively early.
The segments with the best margins are usually not "security consulting" or "single-point detection," but the software layers embedded in workflows and seated on the control plane: PAM, IGA, identity graph, policy engine, secrets vault, and certificate lifecycle automation. By contrast, MCP observability, point OAuth monitoring, and point secrets scanning are easily absorbed by platforms, unless they occupy a unique system-level data entry point.
The most bubble-prone valuations are not the traditional IAM leaders, but the high-growth platform stocks and startups with "a strong agent-security narrative but revenue not yet broken out." Cloudflare, CrowdStrike, Palo Alto Networks, and Zscaler already have a clear AI-security premium embedded in their share prices, while expectations for AI identity security at SailPoint, IBM/HashiCorp, and some more infrastructure-oriented software companies are, conversely, not fully priced in.
Public cases that already show clear "revenue-landing signals" include: SailPoint FY26 ARR of $1.125 billion with SaaS ARR up 38% year over year; CrowdStrike ending FY26 with ARR of $5.25 billion and folding SGNL revenue into a larger identity-and-continuous-authorization narrative; JFrog FY25 Security Core already at 7% of revenue, 10% of ARR, and 16% of RPO; Okta FY26 Q4 RPO up 15% and cRPO up 12% year over year. All of these matter more than "shipping an agent-security feature."
One must be careful not to mistake "enhanced identity-security defense" for "a new growth curve." Palo Alto Networks, Zscaler, Cisco, Trend Micro, Check Point, and many Chinese integrated-security vendors currently look more like they are using identity and AI-security capabilities to harden existing platforms, rather than having already formed an independently verifiable new revenue pool. In public materials, related product launches clearly outnumber standalone revenue disclosures.
Cloud providers' squeeze on foundational capabilities is a real risk. AWS, Azure, GCP, Oracle, Alibaba Cloud, and Tencent Cloud have all made IAM, workload identity federation, temporary credentials, secrets manager, and policy analysis into built-in capabilities, so single-cloud secrets, single-cloud CIEM, and basic certificate/key tooling will keep commoditizing. What can still hold a profit pool is cross-cloud, cross-SaaS, cross-directory, cross-data-plane ownership, least privilege, runtime enforcement, and unified audit.
The four biggest catalysts over the next 12–24 months are: GA of Microsoft Entra Agent ID, GA of Okta for AI Agents, progress on CyberArk Secure AI Agents and the Venafi integration, and platformization acceleration after deals like Cisco/Astrix and CrowdStrike/SGNL. The biggest risk is that enterprise agent adoption lags expectations, pushing back "pure agent identity" budgets while real-world procurement keeps prioritizing secrets, PAM, and data governance.
The Value-Chain Landscape and Budget Migration
From Human Identity to Non-Human Identity
What enterprises face today is not the single identity problem of "a person logging into a system through a browser," but software entities calling one another at massive scale. AWS explicitly defines an IAM identity as something that can represent either a human user or a programmatic workload; IAM Roles Anywhere further turns X.509 certificates into an entry point for temporary cloud credentials. Google Cloud's Workload Identity Federation lets external workloads obtain IAM permissions directly, without relying on long-lived service account keys; GitHub Actions encourages using OIDC tokens in place of long-lived secrets. Microsoft goes further by defining workload identities as software entities such as apps, services, scripts, and containers, and stresses that such identities usually cannot perform MFA, often lack a formal lifecycle process, and must store their credentials somewhere. In other words, NHI is not a new problem—rather, identities "hidden inside DevOps, cloud, SaaS, and automation" are beginning to surface en masse in the AI agent era.
AI agents turn this problem from a "hidden cost" into "the main security battlefield." An agent is not a pure API caller; it needs to read enterprise knowledge bases, access mailboxes and ticketing systems, trigger SaaS workflows, drive a browser or RPA, request tokens, use MCP tools, chain to other agents, and in some scenarios run with delegated authority "on behalf of a user." Ping Identity publicly defines Identity for AI as treating AI agents as first-class non-human identities and requiring delegated authority, least privilege, comprehensive audit, and human-in-the-loop approvals; Microsoft Entra Agent ID places sponsor, access packages, agent lifecycle, OAuth 2.0, MCP, and A2A within a single framework.
MCP raises identity and authorization complexity by another notch. The MCP Authorization spec requires the client to carry the
resourceparameter in authorization and token requests, requires the server to verify that the token was issued specifically for that resource, and explicitly prohibits token passthrough; Anthropic's Claude Code documentation further requires pinning the allowed scopes to the subset approved by the security team viaoauth.scopes. In other words, an MCP tool call is not "one more plugin"—it chains OAuth, resource server, scope governance, tool permission, session storage, and agent approval onto a single execution path.The Full Map of AI Identity Security Demand and Monetization
Value-Chain Position Segment Core Products AI Identity Security Driver Revenue Model Main Customers Moat Margin Profile Representative Companies Listing Status Beneficiary Strength Investment Elasticity Key Public Evidence Entry control Workforce Identity SSO, MFA, Passwordless, Device trust Employee-agent collaboration, cross-SaaS access, zero-trust entry seat/MAU/subscription Large and mid-size enterprises Directory and integration depth High software margin Microsoft, Okta, Ping Listed/private 4 3 Entra explicitly covers workforce, workload, and agentic identities; Okta has folded AI agents into a unified identity architecture. External identity Customer Identity CIAM, Auth0, OAuth/OIDC AI assistants invoking actions on behalf of customers, third-party app authorization MAU/auth volume/API calls Internet, finance, retail Developer ecosystem and SDKs High margin Okta/Auth0, Ping Listed/private 3 3 Auth0 already treats Auth for GenAI / AI Agents as a developer entry point. Governance layer IGA lifecycle, access reviews, entitlement mgmt AI agents need owners, approvals, lifecycle, and SoD checks subscription/connector/governance module Fortune 500, regulated industries Identity graph and process embedding High margin but heavy implementation SailPoint, Saviynt, Oracle Listed/private 5 4 SailPoint explicitly makes unifying human, machine, and AI agents a platform growth direction, with FY26 ARR of $1.125 billion. Privilege layer PAM vault, session mgmt, JIT, ZSP Agents are high-privilege executors by default and need least privilege and temporary authorization subscription/node/admin count Enterprise IT, cloud ops, security ops Deep workflow and high switching cost High margin CyberArk, Delinea, BeyondTrust Listed/private 5 5 CyberArk treats AI agents as privileged identities and uses a gateway for MCP/tool enforcement. Detection layer ITDR identity risk, token theft, session hijack Anomalous behavior of agents and NHI is harder for traditional EDR to catch platform add-on module Security teams Telemetry and detection graph High margin, often platform-bundled Microsoft, CrowdStrike, Zscaler Listed 4 3 Microsoft and CrowdStrike both treat identity threats as a platform capability and keep extending it. Cloud entitlement layer CIEM cloud entitlement analysis, role right-sizing Overprivileged cloud roles are amplified by agents subscription/cloud account/resource volume Multi-cloud enterprises Cloud API depth, entitlement-analysis capability Medium-high Microsoft, Oracle, Veza, Wiz/Saviynt Listed/private 4 4 Oracle already does Policy Analysis and Access Governance AI automation; Saviynt and Wiz have teamed up to govern NHI and AI agents. Secrets layer Secrets Management vault, rotation, ephemeral credentials AI coding, CI/CD, and agent tools increase secret sprawl per secret / client / subscription Dev, platform engineering, SecOps Deep integration with CI/CD / runtime High margin, but single-cloud commoditizes fast IBM/HashiCorp Vault, AWS, GCP, Alibaba Cloud, 1Password Listed/private 5 4 Vault has been folded into IBM's hybrid-cloud platform; AWS/GCP/Alibaba all publicly offer secrets lifecycle and pricing. Certificate layer Certificate Lifecycle discovery, renewal, internal CA, code signing Machine identities and short-lived certificates expand per certificate/subscription/platform Large enterprises, platform teams PKI/CA and discovery capability High margin CyberArk/Venafi Listed 5 4 CyberArk has integrated Venafi as the backbone of machine identity security. Machine identity layer Machine Identity Management certs, SSH, SPIFFE, workload identity Cloud-native, Kubernetes, edge, agent runtime subscription/workload volume Cloud-native enterprises inventory + rotation + policy High margin CyberArk, Aembit, Entro Listed/private 5 5 Aembit positions directly as NHI IAM; Entro enters via discovery, protection, and lifecycle management. Governance extension layer NHI Governance ownership, classify, attest, review Machine identities far outnumber humans and must be bound to owners and entitlement explanations platform subscription Large, complex enterprises entitlement graph and owner model High margin SailPoint, Veza, Saviynt, Oasis Listed/private 5 5 Veza and Oasis both treat service accounts, API keys, bots, and AI identities as core objects. New control plane Agent Identity registration, sponsor, delegation, approval Agents need an independent identity rather than a shared human account platform module/seat/usage Piloting first at large enterprises identity model, delegation, audit chain Early-stage, high potential Microsoft, Okta, Ping, CyberArk Listed/private 5 5 Entra Agent ID GA, Okta for AI Agents GA, Ping Identity for AI GA, and CyberArk Secure AI Agents have all shipped. Tool authorization layer MCP Tool Authorization MCP gateway, scope control, tool approval Prompt injection leads straight to tool abuse, requiring pre-execution authorization platform add-on module AI platforms, security platforms protocol control point + logging Early-stage Cloudflare, CyberArk, SGNL, Astrix Listed/private 4 5 Cloudflare MCP Server Portals, CyberArk AI Agent Gateway, SGNL's MCP governance, and Astrix MCP research are all public. API entitlement layer API Access Governance API authz, connector governance, rate limits Agents move laterally and amplify blast radius through APIs API calls/subscription SaaS-heavy enterprises interface coverage and audit Medium-high Cloudflare, Google Workspace, Microsoft Entra Listed 4 4 Cloudflare emphasizes agent authn/authz; Google and Microsoft provide API/OAuth scopes management. SaaS-to-SaaS layer OAuth App Security consent governance, scope review, revocation OAuth apps are the most typical "invisible NHI" subscription/app count SaaS-heavy enterprises app graph and scope intelligence Early-to-growth stage Astrix, Valence, Reco, Grip Private 4 5 Microsoft officially keeps stressing consent phishing; Astrix/Valence/Reco/Grip all use OAuth/SaaS identities as an entry point. Cloud-native layer Kubernetes / Cloud Workload Identity federation, service account, pod identity K8s and multi-cloud push NHI counts to a tipping point per cluster/workload/platform Platform engineering teams cloud-native integration depth Medium-high AWS, GCP, Azure, Teleport Listed/private 5 4 AWS IAM Roles Anywhere, GCP WIF, Azure Workload ID, and Teleport all treat workloads/agents as core objects. Developer layer Developer Token Security secret scanning, token inventory, ephemeral auth AI coding and automation make token leaks more frequent seat/repo/secret count Development organizations repo data and remediation process High margin GitGuardian, GitLab, 1Password, JFrog Listed/private 5 4 GitGuardian's 2026 report shows 28.65 million new hardcoded secrets on public GitHub in 2025, up 34% year over year. Data entitlement layer Data Access Governance entitlement mapping, activity monitoring RAG/agents accessing a KB must see "who can read what" subscription/data source/capacity Data-intensive industries data graph + permissions map High margin Varonis, Cyera, BigID Listed/private 4 4 Cyera ties unused permissions to agent risk; BigID explicitly integrates DAG with AI SPM. RAG control layer RAG Permission Control document-level ACL, retrieval authz "Able to search it" does not equal "able to see it" add-on module/platform subscription Enterprises with private knowledge bases difficulty of syncing document permissions Early but critical Varonis, Cyera, BigID Listed/private 4 4 BigID and Cyera both pitch AI data exposure and agentic AI governance. Continuous authorization layer Zero Standing Privilege / JIT just-in-time, continuous access AI and NHI elevate standing privilege into a core risk platform module High-security industries runtime enforcement High margin CyberArk, SGNL, StrongDM, Teleport, Delinea Listed/private 5 5 SGNL/Teleport/Delinea all treat ZSP or no standing privilege as core value. Enterprise platform layer Zero Trust ZTNA, private access, device/context checks Humans + machines + agents all need unified policy seat/traffic/subscription Broad enterprise network + identity unified data High margin Zscaler, Cloudflare, Microsoft, Tailscale Listed/private 4 3 Cloudflare, Microsoft, and Tailscale have all folded AI/agents into zero-trust access. The investment implication behind this table is clear: what buyers should focus on most are not companies that "have an agent-security page," but those that already hold strong paying control points such as IGA, PAM, secrets, machine identity, runtime authorization, or data entitlements. The closer to "pre-execution authorization" and "auditable delegation chains," the greater the revenue elasticity tends to be; the closer to single-cloud foundational capabilities, the more easily it is swallowed by cloud providers' built-in offerings.
How AI Agents Change Identity-Security Budgets
The logic of budget migration can be summed up in one sentence: agents turn the hidden identity costs once scattered across IAM, PAM, DevOps, CloudSec, DataSec, and SaaS management into a procurable, auditable, and accountable control-plane budget. This migration will not happen overnight, but the direction already appears in official products and customer documentation: in its Q1 2026 earnings, Cloudflare stated outright that agents have become a core part of its workforce; Okta makes "agentic AI readiness is identity readiness" a 2026 enterprise signal; Microsoft, Ping, and CyberArk all launched agent identity as a formal product line in 2025–2026.
AI coding and software automation will lead by driving budgets for secrets, developer tokens, and CI/CD identities. GitGuardian counted 28.65 million new hardcoded secrets in public GitHub commits in 2025, up 34% year over year, with AI-service leaks up 81%, and AI-assisted commits roughly twice as likely to leak secrets as non-AI commits; GitHub, Google, and Azure now all encourage migrating workflows from long-lived secrets to OIDC and federation. This means the first wave of budget is not a "mysterious agent-security platform," but the more concrete secret scanning, vaults, ephemeral credentials, developer token policy, and pipeline identity hardening.
RAG and enterprise knowledge bases will push data entitlement governance further to the front. According to research published by Cyera, 96% of enterprise permissions are in practice long unused, and AI agents will not, like humans, be "too lazy to open some resource"; once granted permissions, they may bulk-read, correlate, and export within milliseconds. BigID likewise merges DSPM, Data Access Governance, and AI SPM into a single integrated narrative, stressing that the core question is "what sensitive data exists, who can access it, and whether the access is excessive." So while data access governance is not a traditional core IAM budget, in the second phase after agents go live it may well become a large incremental pool for identity security.
Three Scenario Forecasts
Dimension Conservative Base Aggressive Key assumption Agents stay concentrated in pilots doing only low-risk tasks; cloud providers' built-in features are already sufficient Enterprises use agents for IT, customer service, knowledge retrieval, and code assistance; audit needs rise Agents enter production execution, multi-agent collaboration, and broad adoption of MCP/tool calls Enterprise agent adoption Low to medium Medium High NHI count growth Moderate growth Rapid growth Explosive growth Agent identity governance paid rate Low Medium High Identity-security budget change Mainly reallocation of existing budget New budget + replacement budget coexist Significant new budget; the identity control plane becomes an independent major category Main beneficiary segments secrets, PAM, basic workload identity PAM extending into NHI, IGA, NHI governance, developer token security, data entitlements Agent identity, runtime authorization, tool governance, RAG permissions, continuous authorization Main beneficiary companies IBM/HashiCorp, CyberArk, AWS/Azure/GCP built-in, 1Password CyberArk, SailPoint, Okta, Microsoft, JFrog, Cloudflare, Veza Microsoft, CyberArk, Okta, Ping, SGNL/CrowdStrike, Cloudflare, Aembit, Oasis, Astrix Companies under pressure point MCP, point OAuth, pure-concept agent-security startups single-cloud secrets, single-point CIEM, static credential tools traditional IAM that only does login and not runtime authorization; static secrets/certs single-point tools Main risk Agent budgets deferred; procurement skews more toward built-in Complex integration, long deployment cycles Immature standards, overly fast platform consolidation, valuation bubble The base scenario is the most reasonable assumption at present. The reason is not that every enterprise will quickly deploy fully autonomous agents, but that the moment enterprises use agents in places that "can operate real systems and real data," least privilege, delegation, human approval, tool authorization, secret rotation, and audit trail shift from "security recommendations" to "go-live prerequisites." That is why budgets will flow first to mature control points and then spread to the pure agent-identity layer.
Architecture Layers and Segment Value Breakdown
Typical Architecture of an Enterprise-Grade AI Agent Identity Security System
A deployable enterprise-grade AI agent identity security system typically comprises fifteen layers: agent discovery, NHI inventory, lifecycle, authentication, authorization/policy, least privilege, JIT/ZSP, secrets & certificates, API/MCP access control, RAG/data entitlements, ITDR, session/audit, human approval, compliance reporting, and SOC/SIEM integration. What is truly worth researching now is which of these layers are most likely to form a moat, and which will be swallowed by built-in offerings.
Architecture Layer Core Value Most Likely to Form a Moat Most Easily Replaced by Cloud Built-ins Best Suited for Independent Companies Willingness to Pay Margin Growth Current Conclusion Agent discovery layer Find shadow agents / known agents Medium Medium Yes Medium Medium High Easily becomes an entry point, but hard to charge for long-term on its own NHI inventory layer Unified inventory of service accounts, tokens, OAuth apps, bots High, especially cross-cloud and cross-SaaS Low Yes High High High The starting point of an NHI platform moat Lifecycle management layer Registration, owner, approval, decommission High Low Yes High High Medium-high The core of an IGA/NHI platform Authentication layer Letting agents/workloads be identified Medium High No, increasingly absorbed by IdPs/cloud Medium High Medium Foundational but easily commoditized Authorization and policy layer Who can do what Very high Medium Yes Very high High Very high The most critical long-term profit pool Least privilege layer Reduce overprivilege High Medium Yes Very high High Very high Maps directly to incidents and audits JIT / ZSP layer Zero standing privilege Very high Low Yes Very high High High A high-value extension of PAM/continuous identity Secrets and certificate layer Credential issuance, rotation, revocation High Medium-high Yes Very high High High The easiest to land in the near term API / MCP tool authorization layer tool scopes, connector governance Very high Low Yes High High Very high A new market whose prospects exceed current revenue RAG / data entitlement layer Document-, table-, column-, object-level authorization Very high Low Yes Very high High High The second control plane of the agent era ITDR layer token theft, abuse, behavioral anomalies Medium-high Medium Yes High High High High probability of platform bundling Session / behavioral audit layer Replayable, attributable High Medium Yes Very high High Medium-high A hard requirement for compliance and accountability Human approval and governance layer HITL, break-glass Medium-high Low Yes High High Medium Not a flashy layer, but one customers genuinely pay for Compliance reporting layer audit, insurance, regulatory evidence Medium Medium Yes High High Medium More of a platform value-add Security operations integration layer SIEM/SOAR/IR linkage Medium Medium Platforms are stronger Medium Medium-high Medium Very important, but more like platform stickiness than a pure new market The strongest long-term moat is the entire bundle of NHI/agent inventory + authorization graph + least-privilege/JIT + secrets/cert lifecycle + audit trail, not any single feature point. Product roadmaps such as Microsoft Entra Agent ID, CyberArk AI Agent Gateway, Ping Identity for AI, SGNL, and Cloudflare MCP Portals are all converging in this direction: first give the agent an identity, then an owner, then a scope, then a revocable and auditable execution surface.
Deep Breakdown of Segments
The table below compresses the thirty segments you listed into the judgments that matter most from an investment perspective. Scores are 1–5, with 5 highest.
Segment Segment Logic Commercialization Stage Pricing Model Moat Main Risk Investment Appeal Workforce Identity Large installed base and strong renewals, but limited new AI elasticity Mature seat/MAU Directory and integration Growth ceiling, price competition 3 Customer Identity AI customer assistants add value, but subject to application cycles Mature MAU/API Developer ecosystem Macro volatility, price pressure 3 IGA AI makes non-human owner/attestation more of a hard requirement Mature upgrade platform subscription/connector Identity graph and process embedding Long implementation cycles 5 PAM Agents/NHI push privileged access to the center Mature upgrade subscription/admin/node Strong stickiness and high switching cost Friction with cloud-native processes 5 ITDR Identity-abuse detection is necessary, but often platform-bundled Growth module/SKU telemetry linkage Single-point products easily absorbed 4 Non-Human Identity Security One of the clearest new-budget growth points Growth stage platform subscription inventory + owner + policy Market definition still evolving 5 Machine Identity Management Certificates, workloads, SSH, and SPIFFE are the most certain breakout Growth stage per workload/platform subscription lifecycle and automation Squeeze from cloud-provider basics 5 Secrets Management Closest to incidents, easiest to greenlight Mature upgrade per secret/client/subscription DevOps integration Commoditization and cloud built-in substitution 5 Certificate Lifecycle Management Machine identity and post-quantum migration bring re-acceleration Mature upgrade per certificate/platform PKI, discovery, and auto-renewal If it only does certificates, it gets consolidated 4 OAuth App Security A key blind spot of SaaS-to-SaaS/NHI Early-to-growth stage per app/subscription scope intelligence Easily merged into SSPM/IGA 4 API Access Governance Agents naturally act through APIs Growth stage API/platform subscription connector coverage and audit Overlapping boundaries with API gateways and IAM 4 Agent Identity Security Very high importance, revenue validation just beginning Early platform module identity model and delegation chain Uncertain pace of enterprise adoption 4 MCP Tool Access Governance Extremely high security significance, revenue at a very early stage Early platform add-on module protocol control point Standards still changing fast 4 Agent Runtime Authorization One of the largest future control points Early-to-growth stage policy engine/usage pre-execution decisions and real-time context Technically complex, high sales-education cost 5 Agent Audit Trail Compliance, legal, and insurance will all need it Early-to-growth stage module/platform accountability Hard to charge standalone, often bundled 4 CIEM Multi-cloud overprivilege governance still has demand Growth stage cloud account/resource volume entitlement analysis Single-cloud CIEM faces built-in substitution 3 Kubernetes / Workload Identity The most direct technical source of the NHI explosion Growth cluster/workload cloud-native deep integration Substitution by OSS and cloud built-ins 4 Zero Standing Privilege Best embodies "agents must not hold standing high privilege" Growth stage platform module runtime enforcement Rollout requires business change 5 JIT Access Direct procurement rationale, easy to explain ROI Mature upgrade module/platform integration with approval workflows Rollout complexity 5 Data Access Governance An important incremental control layer of the RAG/AI era Growth stage data source/capacity/platform data graph and permission mapping Needs deep coupling with data platforms 5 RAG Permission Control The junction of the retrieval layer and the authorization layer Early-to-growth stage module ACL sync and context control High customer-education cost 4 Developer Token Security AI coding directly drives demand Growth stage repo/seat/secret embedding into developer workflows Absorbed by DevSecOps platforms 5 CI/CD Identity Security Upgrading from "protect the pipeline" to "protect the automated executor" Growth stage pipeline/runner/platform deep CI integration May be consolidated by Git platforms 4 Software Supply Chain Identity Combining artifact signing, build provenance, and token policy Growth stage platform/enterprise edition supply-chain data and signing chain Customer budgets often fragmented 4 Passwordless / Passkeys Human identity keeps upgrading, but moderate AI elasticity Mature seat/MAU user experience and standardization Crowded competition 3 Zero Trust Identity Identity as the access center is still a major trend Mature upgrade platform bundle network + identity + device Intense platform competition 4 Identity Analytics Explain permissions, find anomalies, make governance recommendations Growth stage module graph and behavioral data Easily absorbed by platforms 4 Identity Security Posture Management Appealing for complex environments Early-to-growth stage platform module cross-domain visibility "A good product that is hard to sell standalone at a high price" 3 Managed Identity Security Services Deployment complexity drives service demand Mature service fee/project fee local delivery and compliance understanding Lower margins 2 AI-native identity-security startups A potential M&A hotspot and a source of high elasticity Early subscription/platform model and execution-chain innovation Insufficient revenue validation, high integration risk 4 The single point most worth stressing is this: MCP Tool Access Governance and Agent Runtime Authorization are extremely important, but they are not yet the most certain revenue pools; instead, PAM, secrets, machine identity, and IGA extensions look more like the "real-world receiving layer" that catches this wave of budget. From an investment-timing standpoint, this means one should not fixate only on "the most cutting-edge new buzzwords," but should first find companies that can embed cutting-edge demand into mature budget line items.
Company Map and Investment Tiering
Master Table of Direct Beneficiaries, Platform Beneficiaries, Challengers, and Pseudo-Beneficiaries
Company Status Segment AI/NHI/Agent Beneficiary Path Financial/Adoption Evidence Category Preliminary Judgment Key Sources CyberArk Listed PAM, Machine Identity, AI Agent Security Rooted in PAM, extending into machine identity, AI agent gateway, MCP tool control 2025 ARR $1.215 billion, up 65% year over year; Venafi consolidated; Secure AI Agents shipped Platform-type direct beneficiary One of the clearest beneficiary paths SailPoint Listed IGA, NHI Governance Places human, machine, and AI agent on the same governance plane FY26 ARR $1.125 billion, up 28% year over year; SaaS ARR up 38%; revenue up 24% Platform-type direct beneficiary Most evidence for IGA extending into NHI/agents Okta Listed Workforce/CIAM, Agent Identity Universal Directory + AI agents discover/onboard/govern FY26 Q4 RPO +15%, cRPO +12%; AI Agents already GA Direct beneficiary Strong products, still little standalone revenue Microsoft Listed Workforce, Workload, Agent Identity, CIEM Entra places workforce/workload/agentic identities in one product family Entra Agent ID already GA; Workload ID/Conditional Access/Permissions fully assembled; Microsoft FY25 revenue $281.7 billion, operating profit $128.5 billion Platform-type beneficiary Strongest control-plane candidate, but identity revenue not broken out IBM / HashiCorp Listed Secrets, Vault, Hybrid identity Vault directly handles secrets, PKI, and workload auth; IBM gains stronger platform distribution after the deal IBM completed the HashiCorp acquisition in 2025; Vault already has public pricing Direct beneficiary More infrastructure-oriented; the expectations gap could be large JFrog Listed DevSecOps, developer tokens, software supply chain identity Security core covers artifacts, models, MCP, and developer workflows FY25 revenue $531.8 million, up 24% year over year; Security Core already 7% of revenue, 10% of ARR, 16% of RPO Direct beneficiary Real developer-side identity and supply-chain exposure CrowdStrike Listed ITDR, continuous identity, runtime auth Falcon Identity + SGNL + FalconID, plugging identity into a larger security platform FY26 ARR $5.25 billion, up 24% year over year; acquired SGNL; shipped FalconID Indirect beneficiary, platform-leaning Right direction, but identity is not a standalone revenue pool Cloudflare Listed Zero Trust, MCP, AI agent networking MCP Server Portals, Managed OAuth, and Mesh fold tool calls and agent lifecycle into the network/access layer Q1 2026 revenue $639.8 million, up 34% year over year; cRPO up 34%; shipped Mesh and MCP products Indirect beneficiary, platform-leaning Strong narrative, unclear standalone revenue Zscaler Listed Zero Trust, Identity context More an identity-centric ZTNA and policy platform than a pure identity vendor Q1 FY26 revenue $788.1 million, up 26% year over year Indirect beneficiary Real benefit, but identity is not the main line Palo Alto Networks Listed CNAPP, IR, identity-adjacent controls Identity serves more as platform security context than as a standalone control-plane revenue Unit 42 report says 65% of initial access is driven by identity-based techniques, but identity revenue is not broken out Defensive beneficiary Narrative stronger than standalone financial validation Cisco Listed Duo, Splunk, agentic workforce security Enters AI/NHI identity control via Duo/Splunk/network platform and the planned Astrix acquisition Announced planned acquisition of Astrix in 2026; overall company FY26 is huge but identity revenue is not broken out Indirect beneficiary More like an M&A integrator Oracle Listed OCI IAM, Access Governance Uses cloud IAM, policy analysis, and AI automation to govern enterprise entitlement problems OCI already provides IAM, Generative AI IAM policies, and AI automation for Access Governance Defensive beneficiary Complete products but weak financial exposure Alibaba Cloud Listed business line Secrets, IAM KMS Secrets Manager, RAM policy Officially provides secrets storage, rotation, and AccessKey/SSH management Defensive beneficiary More a cloud built-in than a standalone profit pool Tencent Cloud Listed business line IAM CAM, fine-grained resource authorization Officially provides CAM and fine-grained resource access control Defensive beneficiary Likewise cloud-built-in-leaning Trend Micro Listed Identity-first AI defense Identity as the core of the AI-security framework, but public revenue not broken out In 2026 emphasized identity-first AI protection and expanded its partnership with NVIDIA Defensive beneficiary Platform-defense-leaning, not high-certainty new growth QAX / Qi An Xin Listed Integrated security, AI security operations Has an AI-security and security-operations narrative, but identity/NHI revenue is not seen broken out Officially emphasizes AI-security models and a large customer base Higher pseudo-beneficiary risk Needs separate validation that identity revenue is landing Saviynt Private IGA, ISPM, NHI/AI identity Enters NHI and AI agent ownership from a governance angle Partners with Wiz to govern NHI and AI agents; site already puts AI/NHI in the main narrative Platform-type challenger Worth tracking closely for IPO potential Ping Identity Private Workforce/CIAM, Agent Identity Identity for AI treats agents as first-class NHI Identity for AI already GA Direct beneficiary If it restarts an IPO, worth a close look Delinea Private PAM, Machine/NHI PAM extending into NHI and runtime auth Listed as an NHI leader by KuppingerCole and combined with StrongDM for JIT/runtime auth Platform-type beneficiary Has both M&A and IPO potential BeyondTrust Private PAM, Machine Identity, AI agents Platformizing privilege-centric identity In 2026 announced a unified privileged-identity solution covering AI agent coworkers and workloads Platform-type beneficiary Close to a "full-stack privilege plane" 1Password Private XAM, developer/AI credentials Upgrading from password management to Extended Access Management and agentic AI security Covers 150,000 enterprises and explicitly folds AI agents into XAM Indirect beneficiary Good product, but revenue contribution not broken out Veza Private NHI Governance, Authorization graph Governs SaaS, on-prem, NHI, and custom apps with a unified authorization graph 2025 Series D of $108 million at an $808 million valuation AI-native challenger Likely to become a platform M&A hotspot Aembit Private NHI IAM Directly does workload/non-human access 2024 Series A of $25 million AI-native challenger High segment purity, financials undisclosed Oasis Security Private Non-Human Identity Management discovery, lifecycle, AI identities Officially positioned as an NHI Management Platform covering AI identities AI-native challenger Worth tracking closely Entro Security Private NHI + secrets lifecycle Solves machine secrets and lifecycle 2024 Series A of $18 million AI-native challenger Execution-layer-leaning, easily becomes an acquisition target Astrix Security Private/in acquisition OAuth/NHI/MCP server security Extends from SaaS-to-SaaS/OAuth apps into AI agent & MCP server security Total funding $85 million; Cisco has announced a planned acquisition AI-native challenger Already in the M&A-realization phase SGNL Private/acquired Continuous Identity, ZSP Does runtime enforcement between IdPs and SaaS/hyperscalers CrowdStrike has acquired SGNL AI-native challenger Extremely high direction-validation Reco Private SaaS/AI identities Discovers AI agents, owners, permissions, and risks 5x growth in 2025, another $30 million raised in 2026 AI-native challenger SaaS/Shadow AI entry-point-leaning Valence Private SaaS + AI governance Governs SaaS and AI sprawl, NHI, and agents Explicitly covers NHI/AI agents, funding public AI-native challenger Governance- and remediation-leaning Grip Private SaaS identity risk Discovers and governs AI + SaaS, including risky OAuth and unmanaged accounts Site discloses a high share of customers avoiding multiple SaaS breaches AI-native challenger More of a SaaS identity entry point Teleport Private Infrastructure identity, JIT/ZSP A unified infrastructure identity layer for humans, machines, and agents Treats no shared secrets / no standing privilege as core value AI-native challenger Worth tracking closely Which Companies Have a Strong Narrative but Insufficient Financial Validation
There are currently three typical combinations of "strong narrative, insufficiently broken-out financials." The first is the large platform-security vendors: Cloudflare, Palo Alto Networks, Cisco, Trend Micro, and others have shipped MCP, agent lifecycle, AI security, identity-first, and similar features, but their public financials are still disclosed mainly at the larger platform level, making it hard to prove that AI/NHI identity subproducts have formed standalone ARR. The second is the high-buzz startups: Aembit, Oasis, Entro, Valence, Grip, Noma, and Lasso are in the right direction, but their public revenue/ARR disclosures are very limited. The third is regional integrated-security companies, especially Chinese vendors and some Japanese/Korean/Indian integrated-security firms or service providers; they may benefit at the margin from projects and defense demand, but public materials rarely break out NHI, agent identity, or MCP governance as verifiable revenue items.
The Private-Market Watchlist Most Worth Tracking
Company Region Segment Core Products Funding/Valuation Public Info Relationship to Listed Companies Focus Points Main Risk Sources Veza US NHI Governance / Authorization Unified authorization platform governing SaaS, on-prem, NHI, custom apps 2025 Series D of $108 million at an $808 million valuation Tight with the Snowflake/Atlassian/Workday ecosystem Could become a platform-grade IGA/NHI company Head-to-head competition with SailPoint/Saviynt Saviynt US IGA / AI identity Secures every identity—human, non-human, AI Latest revenue undisclosed Partners with Wiz If it IPOs, could be SailPoint's most direct comparable Insufficient financial transparency Ping Identity US Agent Identity / CIAM Identity for AI GA, financials not broken out Competes with Okta/Microsoft Clear product definition on delegated authority Reduced transparency after going private Delinea US PAM / NHI centralized authorization, runtime access Undisclosed Linked with StrongDM Well suited for M&A or re-listing watch Opaque financials BeyondTrust US PAM / AI agents / machine identity Pathfinder + AI agent coworkers Undisclosed Competes with CyberArk/Delinea Clear privilege-centric path Opaque financials 1Password Canada XAM / AI credentials Extended Access Management Covers 150,000 enterprises Ecosystem links with CrowdStrike, Okta Moving from passwords toward identity governance No standalone AI revenue seen Aembit US NHI IAM workload access management Series A of $25 million Backed by Okta Ventures, CrowdStrike Falcon Fund High segment purity High market-education cost Oasis Security Israel/US NHIM AI identities + NHI lifecycle $40 million raised in 2024; platform aimed at AI identities Can both compete with and partner with platform vendors Could become an acquisition target for the majors Revenue undisclosed Entro Security Israel NHI + secrets discovery, rotation, lifecycle 2024 Series A of $18 million May partner with PAM/secrets majors Clear positioning May be consolidated Astrix Security Israel OAuth/NHI/MCP non-human identity security, MCP server security Total funding $85 million Cisco has announced a planned acquisition M&A has already validated that demand exists Independent investment window narrowing SGNL US Continuous Identity / ZSP runtime access enforcement Undisclosed Already acquired by CrowdStrike Direction already validated by the majors Declining value as standalone public research Reco Israel/US SaaS + AI identities Secure every agent, owner, permissions An additional $25 million raised in 2025 and another $30 million in 2026; publicly cited 2025 growth of 5x and ARR +400% May pressure SSPM and OAuth security Tight coupling of SaaS identities and AI agents Still early-stage-leaning Valence Israel/US SaaS/AI governance shadow SaaS + AI + NHI Series A of $25 million Related to the Microsoft ecosystem More of a governance and remediation entry point Intense competition with Reco/Grip Grip Israel/US SaaS identity risk discover, assess, govern AI + SaaS Series B of $41 million (per media citations) May integrate with IdP/SSPM/ITSM Unmanaged SaaS + AI is a real pain point Differentiation needs continued validation Teleport US Infrastructure identity unified identity layer for humans, machines, agents 2022 Series C at a $1.1B valuation Both competes with and partners across the cloud and PAM ecosystem High exposure to AI infra identity Revenue undisclosed Noma Security Israel/US AI/Agent security unified platform for AI and agent security 2025 Series B of $100 million Challenges traditional AI-security vendors Fast growth Boundary with identity revenue still needs validation Key Listed-Company Research and Scoring
Listed Companies Most Worth Further Research
The table below compresses the listed companies most worth deeper digging into the few dimensions buyers care about most: segment position, revenue exposure, margin impact, valuation observation, and research conclusion.
Company Segment Affiliation Core Identity-Security Products AI/NHI/Agent Commercialization Stage Direct Exposure to Revenue Growth Recent Financials and Key Metrics Current Valuation Observation Research Conclusion Core Sources CyberArk PAM + machine identity + AI agents Identity Security Platform, Machine Identity Security, Secure AI Agents Already productized, closest to direct monetization High 2025 ARR $1.215 billion, up 65% year over year; Venafi integration expands TAM Real-time valuation needs further validation this cycle, but the market usually awards a high-growth security premium Strong beneficiary / platform-type winner / worth digging deep SailPoint IGA + NHI governance Identity Security Cloud Human-machine unified governance has entered the revenue-realization phase High FY26 ARR $1.125 billion, up 28% year over year; SaaS ARR $746 million, up 38% year over year; revenue $1.071 billion, up 24% year over year As of 2026-05-19, market cap of about $8.13 billion; on a static basis the implied multiple to ARR is not excessive Strong beneficiary / sizable expectations gap / worth digging deep Microsoft Unified identity control plane Entra, Workload ID, Agent ID, Conditional Access Already GA, control plane complete Medium-high FY25 revenue $281.7 billion, operating profit $128.5 billion; Agent ID GA in April 2026 As of 2026-05-19, P/E about 25.2x, P/S roughly 11x High certainty / platform-type winner / identity revenue not broken out Okta Workforce + CIAM + Agent Identity Okta Platform, Auth0, Okta for AI Agents AI Agents already GA Medium-high FY26 Q4 revenue up 11% year over year; RPO +15%; cRPO +12%; free cash flow $252 million As of 2026-05-19, P/E about 78x, reflecting some AI-identity expectations Strong beneficiary / needs validation of standalone AI-product revenue CrowdStrike ITDR + continuous identity Falcon Identity, FalconID, SGNL Monetized in a platform fashion Medium FY26 revenue $4.81 billion, up 22% year over year; ending ARR $5.25 billion, up 24% year over year; acquired SGNL As of 2026-05-19, market cap of about $155.5 billion, a very high multiple to FY26 revenue Moderate beneficiary / high elasticity / valuation running hot IBM Vault / secrets / hybrid auth HashiCorp Vault, Terraform ecosystem integration Already substantively folded into the IBM platform Medium-high Completed the HashiCorp acquisition in 2025, Vault pricing already public; IBM P/E about 19.7x as of 2026-05-19 More moderate valuation relative to high-growth security stocks Moderate beneficiary / possible expectations gap JFrog Developer and software supply chain identity Artifactory, Security Core, AI/MCP governance Has formed quantifiable security revenue High FY25 revenue $531.8 million, up 24% year over year; Security Core 7% of revenue, 10% of ARR, 16% of RPO As of 2026-05-19, market cap of about $8.16 billion; implied multiple to FY25 revenue is fairly high but still below some red-hot AI-security stocks Strong beneficiary / high quality / worth digging deep Cloudflare Zero Trust + MCP + agent networking MCP Server Portals, Managed OAuth, Mesh Product-leading, revenue not broken out Medium Q1 2026 revenue $639.8 million, up 34% year over year; cRPO +34% As of 2026-05-19, market cap $71.1 billion, negative P/E, significantly embedding AI-networking/agent expectations Moderate beneficiary / high elasticity / elevated valuation Zscaler Zero Trust identity context ZPA/ZIA + identity context Mainly platform enhancement Medium-low Q1 FY26 revenue $788.1 million, up 26% year over year; non-GAAP operating margin about 22% As of 2026-05-19, market cap of about $27.9 billion, negative P/E Clear beneficiary / but more defensive enhancement Palo Alto Networks CNAPP / identity-adjacent Prisma/Cortex/Unit 42 identity context Strong narrative, revenue not broken out Low to medium Unit 42 says 65% of initial access is driven by identity-based techniques, but the company does not break out AI identity revenue As of 2026-05-19, P/E about 136x Good company but expectations already high / identity logic more indirect Cisco Platform + M&A integration Duo, Splunk security, planned Astrix acquisition M&A-entry phase Low to medium Planned Astrix acquisition in 2026; strong overall scale and distribution As of 2026-05-19, P/E about 42.8x Indirect beneficiary / more like an integrator Oracle Cloud IAM / access governance OCI IAM, Policy Analysis, Access Governance Already productized, but financials not broken out Low to medium OCI provides IAM, Generative AI IAM policies, and access governance AI automation As of 2026-05-19, P/E about 33.5x Defensive beneficiary / needs continued validation GitLab CI/CD identity / software supply chain DevSecOps, OIDC, pipeline identity Fairly real commercialization, but more often shown as a suite Medium Q2 FY26 revenue up 29% year over year, margins improving; AI/DevSecOps platform expansion continues As of 2026-05-19, market cap of about $4.2 billion, negative P/E Moderate beneficiary / developer-side identity worth tracking Trend Micro Identity-first AI defense Identity-first protection, AI runtime governance Platform enhancement Low In 2026 frequently stressed the identity-first AI era, but lacks standalone revenue disclosure Valuation needs separate validation Defensive beneficiary / weaker financial elasticity Alibaba Group / Cloud Cloud IAM + secrets RAM, KMS Secrets Manager Built-in capability already mature Low to medium Officially provides secrets storage, rotation, dynamic secrets Group valuation is not driven by this item Defensive beneficiary / cloud built-in squeezes others Five Tiers and Investment Priority
Tier A: core direct beneficiaries of AI/NHI/agent identity security CyberArk, SailPoint, Microsoft, Okta, IBM/HashiCorp, JFrog. Their common trait is that the identity control plane is not an ad slogan but is already bound to chargeable, expandable, and auditable product layers such as PAM, IGA, Vault, developer security, directory, or cloud access.
Tier B: clear beneficiaries, but coexisting with valuation, competition, or platform-squeeze risk CrowdStrike, Cloudflare, Zscaler. All can benefit from the agent era, but they rely more on the "large security platform" absorbing value than on identity subproducts monetizing standalone; at the same time, their current market pricing is already fairly optimistic.
Tier C: more defensive tools, with weak near-term financial elasticity Palo Alto Networks, Cisco, Oracle, Trend Micro, Alibaba Cloud, Tencent Cloud. All need to round out their identity capabilities, or the platform will lose ground; but near term they look more like "defending platform competitiveness" than an independent, high-elasticity new profit pool.
Tier D: strong AI-identity-security narrative, but still insufficient evidence of actual benefit Most pure agent-security or broad AI-security startups, plus some regional integrated-security vendors. The issue is not the product direction, but that public revenue, ARR, retention, and customer penetration are not yet enough to support a secondary-market-style high-certainty judgment.
Tier E: single-point tool companies or segments with high platform-consolidation risk Single-cloud secrets, single-point certificate tools, point CIEM, point OAuth monitoring, secrets tools that only do static scanning, and traditional identity products that only do SSO/MFA. Both cloud providers and platform vendors are pushing down into these features.
Scoring Model and Results
This report uses the following total-score model to assign subjective scores on a 100-point scale to the key companies:
Direct revenue exposure to AI/NHI/agent identity security: 25%
Platform position and customer base: 20%
Identity data and technical moat: 15%
Product breadth and integration capability: 15%
Financial quality and margins: 10%
Growth elasticity: 10%
Valuation reasonableness: 5%
A reverse risk model is also used to assess "risk of being consolidated by an identity platform":
Risk of the core business being consolidated by a platform: 30%
Single-point-tool nature: 20%
Lack of data/platform/ecosystem moat: 20%
Risk of budget being squeezed by cloud providers or large platforms: 15%
Risk of overvaluation: 15%
Rank Company Total Score Ranking Logic Reverse Consolidation Risk Top group CyberArk 88 Sits directly at the intersection of PAM, machine identity, and AI agent gateway, with existing ARR evidence 25 Top group Microsoft 85 Unmatched breadth of identity control plane, Entra Agent ID already GA, but revenue not broken out 18 Top group SailPoint 83 The most natural extension of IGA into NHI/agents, with ARR already above $1.1 billion 22 High group Okta 80 Solid directory and CIAM foundation, AI Agents already GA, but monetization still to be seen 28 High group IBM/HashiCorp 77 Vault is one of the core foundations for secrets/workload identity, with a relatively moderate valuation 23 High group JFrog 76 Direct beneficiary in DevSecOps identity and software supply chain, Security Core already realizing revenue 30 High group CrowdStrike 75 SGNL validates the direction, but identity is part of a large platform, and the valuation is high 20 Middle group Cloudflare 73 Leading in MCP/agent networking, but more product narrative ahead of revenue breakdown 24 Middle group Zscaler 70 Strong identity and zero-trust stickiness, but more platform enhancement 27 Middle group Palo Alto Networks 68 Strong platform, high valuation, weak standalone identity contribution 31 Middle group Cisco 66 Clear M&A and channel advantages, but more like an integrator 26 Middle group Oracle 64 Complete cloud built-in capabilities, but contribution to group revenue is hard to verify 35 Watch group Trend Micro 58 Has an identity-first AI direction, but weak investment elasticity 34 Watch group Alibaba Cloud / Tencent Cloud 56 Real built-in capabilities, but capital markets will not re-rate them on this item alone 38 Watch group Regional integrated-security vendors below 45 Insufficient public disclosure, place in the watch pool for now 40+ The core of this scoring is not "who has the flashiest technology," but who is most likely to turn the NHI, tool authorization, runtime privilege, ownership, and data entitlements brought by AI agents into recurring ARR. By this standard, CyberArk, SailPoint, Microsoft, and Okta clearly rank ahead of most integrated-security platforms that "tell a good AI-security story but do not break out revenue."
Valuation, Risks, and Final Conclusions
Which Expectations Are Already Priced In, and Where Gaps Remain
Looking at market data as of May 19, 2026, the valuations of CrowdStrike, Cloudflare, Palo Alto Networks, and Zscaler already clearly include an AI-security and platformization premium. CrowdStrike's market cap is about $155.5 billion, a very high implied multiple to FY26 revenue of $4.81 billion; Cloudflare's market cap is about $71.1 billion, while its Q1 2026 single-quarter revenue is only $639.8 million; Palo Alto Networks trades at a P/E of about 136x, while Cloudflare, Zscaler, GitLab, and JFrog still sit in a negative-GAAP-P/E framework. In other words, these companies can indeed benefit, but their "benefit logic" and "valuation appeal" have already clearly diverged.
The relative expectations gaps lie with companies that have already formed a real identity-security revenue pillar but that the market has not yet fully re-rated as an "AI identity control plane." SailPoint is the most typical case: it has already written unified governance of AI agents, machines, and identities into its official narrative, with FY26 ARR reaching $1.125 billion; yet as of 2026-05-19 its market cap is only about $8.13 billion. IBM/HashiCorp is similar—Vault's infrastructure nature in secrets, PKI, and workload identity is very strong, but capital markets view it more through the lens of IBM as a whole, rather than pricing Vault separately as a control-plane asset under the agent explosion.
Representatives of "good company but valuation too expensive" are CrowdStrike, Cloudflare, Palo Alto Networks, and parts of Zscaler; representatives of "real revenue growth, valuation still researchable" are SailPoint, JFrog, and IBM/HashiCorp; representatives of "strong narrative but insufficient financial validation" include most AI-native agent/NHI startups and some newly launched AI-identity modules from large platforms.
Systemic Risks
The biggest fundamental risk is not that "identity security does not matter," but that enterprise agent adoption proceeds slower than the market imagines. If agents stay at the stage of Q&A, summarization, and code suggestions and do not truly plug into production systems, knowledge bases, ticketing flows, and automated approval chains, then the first to benefit will still be data security, foundation models, and cloud compute—not agent-identity-specific budgets. For pure agent-identity startups, this is especially critical.
The second risk is cloud providers pushing down. Microsoft, AWS, GCP, Oracle, Alibaba Cloud, and Tencent Cloud have already demonstrated enough built-in capability to compress the room for single-cloud secrets, basic workload identity, basic CIEM, and some certificate/credential management tools. Independent companies that lack cross-cloud, cross-SaaS, cross-data-layer unified ownership, policy, audit, and entitlement graph are easily marginalized.
The third risk is that standards are not yet stable. Although MCP security best practices and the authorization spec have taken shape, enterprises' governance approaches for MCP servers, tool-call authorization, cross-agent delegation, and approval semantics are still iterating fast. Betting too early on "one specific implementation" carries product-path risk.
The fourth risk is deployment complexity and business friction. The deeper identity security goes into runtime policy, ZSP, data entitlements, and human approval, the more it runs into business-process change, developer-productivity tradeoffs, audit workflows, and organizational responsibility boundaries. This lengthens sales cycles and raises customer-education costs.
Final Conclusions
Identity security and NHI's position in the AI value chain has already been upgraded from a "supporting security feature" to a prerequisite control layer for enterprise AI agents to truly land. Without independent identity, explainable permissions, short-lived credentials, tool authorization, and an auditable delegation chain, an agent can only stay at the demo stage; once an enterprise lets an agent truly touch production data and production systems, the identity control plane becomes a go-live prerequisite.
The five segments most worth watching are: PAM extending into NHI/agents, machine identity management, secrets/developer token security, IGA/NHI governance, and data access governance/RAG permissions. Together these five segments cover the six core questions of "who is executing, what can they do, where do the credentials come from, is there overprivilege, what data was accessed, and can it be held accountable."
The ten listed companies most worth deep research are: CyberArk, SailPoint, Microsoft, Okta, IBM, JFrog, CrowdStrike, Cloudflare, Zscaler, and Palo Alto Networks. Of these, the first six lean toward "control plane and revenue landing," while the last four lean toward "platform absorption and valuation elasticity."
The ten private companies most worth tracking are: Veza, Saviynt, Ping Identity, Delinea, BeyondTrust, Aembit, Oasis Security, Entro Security, Astrix Security, and Reco. Among them, the Veza/Astrix/SGNL path best embodies the M&A value of "unified authorization graph + runtime enforcement"; Aembit, Oasis, and Entro are more like the purest NHI-native objects to watch; Reco, Valence, and Grip represent another evolutionary path for SaaS/OAuth/Shadow AI identity risk.
The five points the market most easily misunderstands are: First, agent identity does not equal giving an agent an account; what truly matters is delegated authority, ownership, approval, and runtime authorization. Second, NHI is not a new species, but an identity surface that has always existed yet gone ungoverned. Third, MCP security is not a prompt problem, but an OAuth, resource server, scope, and tool authorization problem. Fourth, the first to make money will not be the "agent-security story," but PAM, secrets, machine identity, and IGA extensions. Fifth, identity security will become the control plane, but not with SSO dominating alone—rather as the union of identity graph, authorization graph, credential lifecycle, and data entitlements.
The metrics most worth tracking over the next 6–12 months are not a generic "AI revenue," but: CyberArk's machine-identity and AI-agent-related ARR and customer cases; SailPoint's SaaS ARR and NHI/AI governance penetration; Okta's AI Agents customer count and RPO/cRPO; the customer-adoption pace of Microsoft Entra Agent ID; CrowdStrike's integration of SGNL and FalconID penetration; the commercialization pace of Cloudflare's MCP/Zero Trust AI products; JFrog Security Core's share of revenue and RPO; and whether major identity-abuse incidents clearly involve agents, OAuth apps, tool abuse, or out-of-control delegation chains.
For narrower, deeper follow-on research directions, I suggest focusing on: NHI Security, Agent Runtime Authorization, PAM extending into agents/NHI, Secrets Management, Certificate Lifecycle, CIEM and Cloud Entitlements, RAG Permission Control, and MCP Tool Authorization. This is the intersection that currently comes closest to overlapping "real revenue landing" and "future control-plane moat."
This report is based on public information and does not constitute investment advice. Markets carry risk; invest with caution.
Full report
Sign in to read the full report
Sign up free to unlock the full text, the Baillie growth scorecard, and full-text search.
Log in / Sign up free