Description

Introducing Harbor Pilot: Identity Security Cloud’s fleet of AI agents, designed to maximize efficiency for your Identity Governance & Security team.

Today we are releasing SailPoint’s Harbor Pilot, our expanded identity workforce solution. According to ISACA 59% of cybersecurity leaders say that their teams are understaffed. At the same time, identity and access management remains the most sought-after skill set for IT teams. These identity teams need a way to quickly access information, and guidance on how to complete tasks efficiently and use AI insights to make better decisions - and they need to do this using simple natural language/conversational prompts.

Harbor Pilot introduces a suite of intelligent digital agents, leveraging advanced AI to revolutionize identity governance. These agents, akin to highly skilled digital assistants, go beyond traditional AI models by actively observing and interacting with their environment. Unlike static calculators, they utilize Large Language Models (LLMs) and other AI models to interpret data, learn from experience, and autonomously execute tasks. This provides identity teams with comprehensive insights and contextual support, dramatically improving decision-making, information discovery, and task completion. By automating routine processes and enhancing expertise, Harbor Pilot’s agents drive increased productivity and resilience, ultimately strengthening overall security.

At SailPoint, we prioritize innovation while ensuring safety and security, and Harbor Pilot exemplifies this commitment. For our initial launch, we have focused on building a strong foundational offering. Starting today, specific Harbor Pilot agents will be available to all customers of the Identity Security Cloud. This launch allows us to learn from our users and the broader ecosystem, enabling us to refine and improve our offerings continuously. Our plan is to expand Harbor Pilot’s fleet of agents and make them available to our customer base in various ways.

How Harbor Pilot Works

Harbor Pilot is powered by Atlas and harnesses the power of cutting-edge AI tech. It acts as an orchestration layer that commands a fleet of AI agents that can perform various tasks for you in Identity Security Cloud. Harbor Pilot calls the various agents to execute an action based off user inputs.

Here are the first use cases we are releasing in the initial version of Harbor Pilot.

Documentation Tool: Ask about SailPoint’s product documentation, and it will return an answer with sources.​

Workflows Generator: Create a draft Workflow based off a user’s natural language ask.

Admin Search Tool: Allows users to query the Identity Security Cloud Search data using natural language.

For more in-depth information on Harbor Pilot check out our documentation.

Ecosystem & Users

Harbor Pilot is designed to simplify and transform the way you implement and maintain your Identity Security Cloud environment. We are working closely with, you, our customers to ensure that Harbor Pilot effectively addresses real-world Identity Security challenges in innovative and secure ways. Customer feedback is crucial for us to enhance SailPoint’s Harbor Pilot moving forward.

“It gives us the information we need to know… Rather than having to open a case with SailPoint support and wait potentially two weeks for a routine ticket to be picked up and processed, I can get that answer literally in seconds. That’s amazing.”
—ISC Customer

By launching Harbor Pilot, we aim to learn quickly and refine its features based on real-world input, striking a balance between innovation, trust, and safety. This collaborative approach ensures that Harbor Pilot provides meaningful value to all organizations that utilize SailPoint’s Identity Security Cloud to effectively manage and secure their human, machine, and agent identities.

Safety & Privacy

Ensuring that Harbor Pilot is safe and secure is our top priority. At SailPoint, everything we do is guided by our four core values: Innovation, Integrity, Impact, and Individuals. Harbor Pilot embodies these values and includes multiple safeguards to prevent abuse while ensuring that users maintain control.

First, Harbor Pilot uses a user’s authentication token to securely access information.

Next, it utilizes SailPoint Atlas to execute requests and gather data, incorporating features such as timeouts and data privacy measures.

Finally, we have implemented guardrails around Harbor Pilot to ensure that its scope remains focused on Identity Security and Governance.

To find out more about how SailPoint thinks and implements the use of AI tools check out our trust center.

What’s next

In addition to quickly improving what we are delivering in this V1 launch we will continue to improve and add new agents and features to Harbor Pilot. These decisions will be made from your ideas and feedback on Harbor Pilot, but to give you a flavor of what is to come here are some examples:

Analytics Agent - Identity Insights: discover insights about your identity data and gain context from your entire identity ecosystem.

Harbor Pilot - Session History: save your session history within Harbor Pilot.

Harbor Pilot - Adaptive Insights: receive personalized insights and user experiences based on your interactions with Identity Security Cloud.

Hi @evan_anandappa,

I read the SailPoint’s AI Terms on this and it looks very concerning to me.

Besides the terms itself, It also seems that every ORG ADMIN can now suddenly agree on these terms.

In the same way that org admins can not sign contracts with SailPoint for additional modules, From a legal or business friendly perspective, I think that SailPoint should not allow the opt in to be performed from ORG ADMIN side. Instead I think it should go through a CSM and a dedicated person from the customer to agree or disagree on agreeing with these terms.

Is there a way how we can prevent the org admins to agree to the terms of this functionality?

I truly liked this document — it’s exceptionally well-prepared and clearly reflects a lot of thought and effort. I genuinely appreciate the person who created it. Please convey my appreciation to them.

Thank you!! It is an exciting product, and I wanted to make sure that I gave it the intention it deserves.

Hi Angelo,

I want to clarify that Harbor Pilot is part of the ISC Suite you already have, and signed a contract for.

You can think of it as enabling a module within your tenant, which any Org_Admin can do today. Hope this helps!

Hi @evan_anandappa, thank you for your response.

Unfortunately it does not help yet. Can you please look at the following below?

Please see the screenshot below which we are seeing right now.

image376×368 10.9 KB

So right now it looks like org admins, when enabling this feature, are specifically agreeing with these terms. And if they don’t hit the enable button, they are not specifically agreeing with these terms.

What I need to know is if these terms are already part of the contract of the ISC Suite.
If these terms are indeed already signed as part of the contract for the ISC Suite, then why are you putting this bit (“by selecting enable… you are … agreeing to SailPoint’s AI Tersm”) here? This would just confuse org admins as it seems they are agreeing with something that was already part of the contract to begin with.
If these terms are not already signed as part of the ISC Suite, then my concern stays the same that org admins should not be authorized to ‘sign’ agreements like these. I think many organizations have signed a contract with ISC Suite prior to Harbor Pilot being released, so I don’t think that these terms were already agreed upon as part of the initial contract. Also notice that I can enable this functionality on my personal demo tenant as well, and I can’t recall having signed a contract at all for this.

In addition I would like to say that I noticed on my test tenant, that it is too easy to accidentally agree with these terms. Where a lot of functionality requires making changes and then hitting the safe button, here by just hitting one button of an intrusive pop up, it will automatically enable the feature (and therefore agree with terms we didn’t necessarily meant to agree with). So it is easy to accidentally hit one button and it immediately triggers enablement. Note that every time you log in, it will show the pop up, and even if you hit cancel, next time it will pop up again.

Another thing I would like to mention is that someone in our team thought they enabled this feature accidentally, but was not sure, and then reached out to me, after which I tried to see in the audit logs (search events) if this occurred. Although searching for actor:"<email_address>" and actor:"<uid>" and actor:"<displayName>" was showing results with actions performed by this person, it did not show this particular action. At the end, the results were visible by searching for actor:"<id>" we were able to see the event log. The fact that the actor field is populated with different types and formats makes it really difficult to properly work with it. In addition it is not documented which event types use the actor field in which way. This makes it difficult to get all events caused by one particular identity.

Kind regards,
Angelo

100% Agree. A lot of us are trying to be prudent wading through these AI waters that are now seemingly hitting us from all directions in our SaaS apps. We need clarity more than ever so we can chart these waters with a higher degree of confidence.

Hi Angelo, the opt-in page was developed in collaboration with SailPoint’s legal team and the AI Terms you’re referring to are required as part of opting in to use this feature. We understand that different organizations will have different policies in place regarding online terms, and we recommend consulting with your internal legal team if you have any questions.

Not sure if it counts as opt-in if one accidental click is enough to enable it, also not sure if it counts as an opt-in if those who are not authorized to sign legal contracts sign this agreement by clicking that button.

I understand some customers might choose to use Harbor Pilot anyway. I just want the proper process to be followed to have the usage agreements signed and in such a way that the customers who choose not to use it do not have to be on their toes to ensure nobody (accidentally) enables it and agrees to those legal terms.

I have created the following idea to improve this. Please vote for it if you agree with this idea.

https://ideas.sailpoint.com/ideas/GOV-I-4360