Saviynt: Identity Security paramount for AI

“You cannot scale and implement AI without getting the foundational element of identity correct,” explains Dan Mountstephen, Senior Vice President, APJ at Saviynt.

Identity security is becoming a key component in cybersecurity for organizations, especially with increased use of AI agents. While machine identity is a lot more complex, the need for identity management is foundational for organizations deploying AI at scale.

In 2025, cybersecurity vendors have realized the importance of identity security, with many developing solutions in the area or even acquiring smaller identity security vendors to boost their offerings and capabilities.

For identity security vendor Saviynt, there is still a strong need for organizations to perfect their identity security management. A leader in identity security, Saviynt’s AI-powered platform manages, secures, and governs access for human, non-human, and AI agent identities across an organization's applications, data, and infrastructure.

Recognized as a Challenger in the 2025 Gartner Magic Quadrant for Privileged Access Management (PAM), Saviynt recently announced a US$700 million Series B Growth Equity Financing at a valuation of approximately US$3 billion. The funds managed by KKR, a leading global investment firm, led the round with participation from Sixth Street Growth and TenEleven, as well as new funding from existing Series A investor Carrick Capital Partners.

“We will use it to accelerate investments in R&D, particularly building out additional AI-based capabilities. Ever since the company's inception, we have grown in line with what our customers are asking us to do. We have a very clear strategy, which is we build, not buy. Historically, that's always been our approach. You will see significant investments from an R&D point of view, driving deeper integration with the hyperscalers and the SaaS platforms,” Dan Mountstephen, Senior Vice President, APJ at Saviynt shared in an interview with CRN Asia.

“Looking at the US$700 million investment, that's clearly telling you that the industry understands that Saviynt is uniquely positioned to take advantage of this consolidation that's happening and this exploding kind of market space,” he said.

Saviynt in APAC

Following the opening of its new regional headquarters in Dubai and a strategic partnership with StarLink, one of the Middle East and Africa’s largest specialist cybersecurity distributors in December 2025, Saviynt also has a strong focus on the Asia Pacific region. In October 2025, Saviynt opened a 62,000 sq. ft. office in Bengaluru, India which will be its largest global innovation hub.

Taking a deeper look at its growth plans for the region, Mountstephen pointed out that the APJ region is currently Saviynt’s top performing region of the year. With the APJ headquarters in Singapore, he added that Saviynt has four discrete sub-regions which are Japan, India, Australia, New Zealand, and Singapore.

“Australia is our oldest business while India is our largest business from a headcount point of view. We also do a huge amount of product development and have lots of supporting functions there as well as go-to-market regions. Singapore is quite an established market for us. We have a good base of customers across all verticals. We tend to do really well as a company in heavily regulated industries. If you look at our pedigree, we have most of the oil and gas customers across the region. We have a critical mass of education and higher education, financial services, and retail customers as well. So, we tend to grow around specific verticals, but with the largest customers across the region, helping them solve the most difficult identity challenges,” Mountstephen explained.

Mountstephen also pointed out that the Japanese market is also growing at breakneck speed. He said Saviynt has an automotive customer in Japan, which is set to become the company's first eight-figure ACV per year customer, which is something they are really proud of.

Demand for identity security

The success in these markets is a clear indication of the demand for identity security. Mountstephen pointed out that while the identity security market has been highly fragmented, it is nothing new.

“Identity governance products, privilege access management products, tools for single sign-on, whether they are for customers or for supply chain, specialist tools for cloud environments, our customers are telling us that they have a fatigue of a grab bag of different identity security products and an unnecessary overhead from an engineering and support point of view in integrating all of these tools,” Mountstephten said.

He pointed out that with APJ, the rapid digital transformation that moves to the cloud for all of the obvious efficiencies, brings a natural opportunity for people to consolidate tools, platforms, and look at modern applications that are better suited to that environment.

“We're saving our capabilities from governance through privilege access management, managing every identity type, as well as helping customers with visibility of new identity types. And if you look at some recent research, people have got machine identities, 82 to 1, versus human identity. You've got 100,000 people in your customer base. Well, that means you've got approximately a million identities to manage, right?” Mountstephen said.

For Saviynt, Mountstephen said they launched an identity security posture management tool to help customers continually be assessed and have that live visibility of their environment.

“It's really that megatrend of digital transformation, plus lots of high-profile breaches in the identity space that has allowed us to grow so quickly,” Mountstephen added.

Specifically, when it starts with a disability in an organization. As organizations are not able to manage what they can’t see, Mountstephen highlighted a recent survey by Saviynt, whereby a high proportion of CISOs were either unable to report if they'd had a breach in AI security, or they had had.

“So, most of these breaches tend to be through these new identity types. And so for me, the simplification comes first with disability, then being able to quickly extend the similar sort of governance that we have in place for humans, right? Employees and other workforce types are due to this new identity type, whether they're inside the organization or outside the organization,” he explained.

Apart from visibility, there is also the need to extend the governance framework over. The ultimate goal is still the same, which is to put zero trust architectures in place and remove standing privilege.

“Although we're seeing breach activity at scale across the industry, the kill chain hasn't changed. It's compromising identity, lateral move until we can find something that has lots of privilege, elevate privilege, and then exfiltrate data or do something nefarious like lock it up,” he said.

For Mountstephen, the reality is that the blast radius has grown significantly with the proliferation of these human identities. And this itself, he believes is driving the need for more identity security among organizations.

Identity Security in 2026

From a prediction point of view, Mountstephen foresee continued growth of new identity types in 2026. With that, he also foresees clearly identity safety systems in place and the control plane for those new identity types.

“You cannot scale and implement AI without getting the foundational element of identity correct. I think we will also continue to see this rapid consolidation of tools and platforms. It's just not sensible, practical for companies to manage 54 different tool sets and hire 54 different people with skills to deploy it,” he added.

Mounstephen also shared that if organizations are not sure of what to do, they need to at least understand the identities they currently have within their environment.

“I would recommend that organizations try and get some consistent visibility of what that potential blast radius looks like, where those identities are, which ones are really privileged, and start to remediate and remove access, with an end eventually moving towards this sort of nirvana of zero trust, no standing privilege, just-in-time access for people that need to do things that have to be kept secure,” he said.

For Mounstephen, identity should be almost invisible.

“It's literally a fabric that is implemented within the organization and just keeps us safe and secure, but allows us to scale,” he concluded.