SailPoint, Inc. (SAIL) Earnings Call Transcript & Summary

All right. Welcome. Thank you all for coming. Really appreciate everyone's effort to get here today. Thank you for all those joining on the web. We have a great program for you today that we're really excited to tell you our story. But before that, a little bit of housekeeping. If we go to the next slide, it's our safe harbor statement. So this safe harbor will also be available in the presentation posted on the web. So now we're through that. Let me help frame what we're going to do today. So I think there's really 3 key themes that you're going to hear throughout today. And the first is innovation. You'll see this clearly in our advancements around AI and real-time governance, which are actively expanding our TAM. And I think you'll also notice it's not just what we're building, but it's the velocity at which we're bringing these things to market. The second theme throughout today is going to be differentiation. So this starts with our depth and breadth of identity coverage, which gives us the required context to link human and nonhuman identities to their human owner. And this really helps accelerate AI identity security for our enterprise customers. And then the third theme of the day is really our -- the multiple paths to our fiscal '29 targets. So whether it's acquiring new customers, expanding within our existing installed base or developing new routes to market, we have multiple catalysts that are designed to deliver durable top line growth as well as expanding operating and free cash flow margins. So I think you'll hear those themes prevalent throughout today. So I just wanted to kind of set the stage. The agenda for today, I'm not going to drain this slide just in the interest of time so we can get into the program, but we have a comprehensive lineup of product experts, go-to-market leaders as well as partners and customers for you today. So with that -- and we have plenty of time for Q&A as well. So save your questions. We'll do those at the end of the first section and at the end of the day. So with that, it's my great pleasure to get started to introduce SailPoint's CEO and Founder, Mark McClain. Mark?

Well, good morning, and welcome, everyone. It's so good to be with you today. If you look at the daily headlines, there's a lot coming at us, rapid AI advancements, shifting markets, macro disruptions. We're operating in a period of unprecedented change, which I would prefer to refer to as the new normal. And this new normal of constant change leads to a sense that to survive, you must adapt all day, every day. And for those of us who have navigated some pretty choppy waters before, things like COVID or the mortgage crisis or even 9/11, we know a fundamental truth: disruptions always precede significant market redefinitions where new winners emerge and others get left behind. In these times of deep uncertainty, the instinct for many companies is to just play it safe, to blend in, try to weather the storm. But at SailPoint, we fundamentally reject that approach. We're not in this game just to survive, we're in it to win. And to understand how we win, let's look at the evolution of our space. Let's talk about what's been changing in Identity Governance and Administration or IGA, and where it's going to go from here. Just as the overall technology market is undergoing a massive structural redefinition in the age of AI, IGA is also undergoing a massive structural redefinition. And we believe there are 5 dimensions of IGA in which critical shifts are happening. First, timing. We're moving from periodic policy time reviews to continuous real-time security posture. Second, structure. We're abandoning static rigid governance in favor of dynamic adaptive security. Third, coverage. The scope of identity has aggressively expanded from humans, to humans and agents, not or, and, and all of the supporting nonhuman identity elements. And fourth, privilege. We are moving away from permanent privileged access for a few toward rightsized democratized privilege for all. And fifth and surrounding all of it, defense. Security operations can no longer operate in various silos. Modern security operations must encompass everything from the cloud to the network to the device with identity at the absolute center. This isn't just an evolution of IGA I'm talking about. This is the evolution of enterprise security itself. If you approve of this evolution, let's just take a look at some math. Years ago, when we went public the first time in 2017, we define the market opportunity is about $10 billion. By our Analyst and Investor Day, the first one we did in 2021, we've expanded that to about a $20 billion TAM. When we reemerged as a public company in 2025, we believe that addressable market expanded to $55 billion. And today, we can credibly claim that the TAM has now expanded to $90 billion for this marketplace. And this isn't about a growing TAM, it's about the validation of identity as the core of security. This $90 billion TAM reflects the aggressive expansion of traditional IGA to address challenges like agentic AI, next-gen privilege, data access and threat response. And today, you see these issues represented in distinct individual markets like ITDR, Identity Threat Detection and Response; ISPM, Identity Security Posture Management; and IVIP, a newer one, Identity Visibility and Intelligent Platforms. But now we believe all of these will be converging into something we call Adaptive Identity. Identity has become the critical element of enterprise security. And today, we're going to tell you why SailPoint is positioned to be the biggest winner in that game. And when a market gets attractive, it draws a lot of attention. More companies jump into the game, the noise gets louder, and it's really loud in identity today. In fact, we'd say that the identity security market has entered a phase of message convergence as announcements and claims are arriving at an unprecedented pace, all with a pretty similar set of messages. And with all that noise, it's tough to stand out. It's tough to separate the signal from all that noise. As Seth Godin once argued in a great book, in a crowded market, playing it safe is the riskiest strategy of all. A white cow is visible, but you stop noticing them after the first few. But a purple cow, now that gets talked about, that gets remembered, that gets sought out. And right now, the identity security market feels like it's full of a lot of white cows, lots of vendors reacting to this shift by making the exact same announcements. But here is the reality for all of you behind all that noise. It is, as we say in Texas, all sizzle and no steak. Or as we also like to say in Texas, a lot of these competitors are big hat, no cattle. Anybody can put out a press release, talk about identity and AI. But when it comes down to it, these vendors cannot handle the deep messy complexity of the modern enterprise as it escalates into an agentic world. At SailPoint, we deliver the steak, not just the sizzle. We deliver the substance. So fair question, how do we deliver that substance? It really comes down to 3 interrelated advantages: our breadth, our depth and our unparalleled ability to accelerate into agentic AI. Let's start with depth. No one in this industry has our history or our granularity of control. We have 20 years of managing fine-grained human identity data by working with many of the world's largest, most complex enterprises. Today, we manage over 5 billion entitlements across those enterprises. In fact, we possess what we call the [ steel thread. ] It's the ability to trace a human identity as it utilizes various nonhuman identity accounts and services, agents, et cetera, all the way down to the deepest, most granular data levels of the enterprise. And you cannot build that overnight and you cannot fake it. Our heritage is not a liability. It actually gives us credibility as this new world emerges. But not just depth, now there's also breadth. We are the trusted control plane for over 3,200 organizations, many of them in the Fortune 5000. And we are actively governing over 145 million identities by automating more than 35 billion SaaS account changes every year. We don't manage just some subset of those human identities, we manage all of them. We are the #1 cross-platform identity provider in the world today, whether it's Azure, AWS Bedrock, Salesforce or even older legacy on-prem applications, and our customers, our platform connects, covers them all with breadth and depth. But as they say, since a picture is worth a thousand words or at least a few hundred in today's economy, this 2x2 matrix should help. So on the horizontal axis, you've got breadth. In other words, how much of the identity landscape do you cover. On the vertical axis, you've got depth. How granular is your visibility and control. When you map out the core identity competitors and where they're coming from, the limitations are pretty obvious, right? If you look at the SSO and access management vendors, they absolutely cover breadth, right? They touch every employee identity or every human identity. But truthfully, they have very little depth. They're a mile wide and an inch deep. They have the ability to let you in the front door, as we've used this analogy with some of you before, but once inside, they aren't aware of, they're blind where you're going in the building. On the other axis, if you look at the heritage of the PAM and privilege market, they have lots of depth but very little breadth. They govern a tiny fraction of all the identities in the enterprise and are virtually blind to the rest of the landscape. At SailPoint, 20 years of solving hard identity problems across the entire landscape means we have the pattern recognition that the others don't. And as always, in these 2x2 charts, the place you want to be is the upper right hand, isn't it, the top right quadrant. SailPoint sits here pretty much alone in this collection of vendors. We believe no other company can viably claim that combination of breadth and depth at scale, period. Having both breadth and depth is in fact a pretty massive structural note. But here is the critical part. AI is now becoming a significant multiplier to that advantage. If you feed AI shallow data from a tool that either lacks breadth or depth, you're going to get limited or maybe even questionable outcomes. But because we possess 20 years of the deepest, broadest identity data on Earth, our AI is intelligent, very intelligent, extremely intelligent about what happens in all those complex interrelated entitlements. And we're using it to massively accelerate and extend our lead, extending it to this newest paradigm, the wild explosion of the agentic workforce. And we're not just about defending our current market share. We're aggressively capturing this new explosive TAM. And that's by focusing on, again, the wild explosion of nonhuman identities or NHIs, as you've heard them referred to, and agentic AI. With that, we are establishing a powerful new growth engine, which we expect will drive over $100 million of AI-related ARR at the end of this fiscal year. Depth, breadth and unparalleled AI acceleration. We believe SailPoint is uniquely positioned with the platform, the data and the proven enterprise experience to get our customers where they want to go. As I said earlier, our vision to address this world is what we refer to as adaptive identity, and we believe it's the only way forward. Dynamically adjusting access for all identities, human or nonhuman, based on real-time risk, context and observed behavior. We're bringing this vision to life through 2 distinct accelerated paths. First, we're sitting at the cutting edge of securing this rapidly expanding agentic workforce, specifically in the context of the human workforce. It's not just about securing agents. It's about securing them in the context of humans, and that's why the and matters so much. You cannot secure agents in a vacuum as some of these start-ups would have you believe. To govern nonhuman identities, they must be tethered to a human owner or a human context. To conquer this new frontier, last month, we introduced the SailPoint Agentic Fabric right here at NASDAQ. It places agents into the context of that human workforce, bringing them fully under control. Ultimately, it ensures that the entire human and agentic environment remains secure in real time all the time. But we're also focused on massively accelerating how customers can get to this future Nirvana state. As you know, many enterprises today are bogged down by massive technical debt. They're paralyzed by trying to rip out rigid, broken legacy systems from other vendors, or some of them even have challenges to manage an upgrade from our own on-prem solution, IdentityIQ. Well, today, we are radically simplifying this process to get our customers to Nirvana by introducing SailPoint Agentic Acceleration, which is a methodology but it's powered by a brand-new technology we call the SailPoint Virtual Architect. The SailPoint Virtual Architect maps all that legacy structure, wherever it's coming from, leverages AI not just to do a lift and shift, but to design the most efficient solution in the new realm and then accelerates migration to that with unprecedented speed. But really simply, we're using AI to map the path to AI, defining the ultimate Nirvana solution and accelerating our customers' ability to get there, and we're going to do that faster and better than anyone. We're doing all of this through relentless ongoing innovation, both organic and inorganic. In just a few minutes, you'll hear from Chandra about the capabilities we've been busy building here at SailPoint, but we continue to strategically insert acquired technologies into our road map to accelerate our vision. Just yesterday, as you saw, we announced our intent to acquire Entro Security to deepen and widen, sound familiar, our controls for nonhuman identities. And we'll continue to scour the landscape for cutting-edge technologies that help us bring our road map to life even faster. So as I wrap it up, we've been a leader in IGA space for many, many years. By pairing our 2-decade human identity advantage with our new Agentic Fabric, we believe we have the most complete adaptive identity solution in the market [indiscernible]. And now with Agentic Acceleration, we can move customers to that desired destination faster than anyone else. To show you how exactly all of this is going to translate into undeniable financial execution, I'm going to steal just a little bit of Brian's thunder coming up. Today, we're going to clearly demonstrate why we expect ARR growth to accelerate as we deliver more than $2.1 billion of ARR in fiscal '29. And we expect about 40% of that revenue to be AI generated, agentic related. We're also getting there responsibly, as Brian likes to say. When we hit that $2.1 billion milestone, we expect to generate at least $400 million of free cash flow. As I noted, Brian is going to go into this in a lot more detail just in a few hours this morning. So let me say it again. We expect SailPoint's growth to accelerate. The demand for enterprise-grade multi-cloud identity governance is exploding as organizations rush to secure their AI investments and machine environments. With our specialized focus, commitment to innovation and the rapid scaling of these agentic solutions toward our $100 million target this year, SailPoint is distinctly positioned to continue to lead in the next era of identity security. So as I close, let me turn this over to Chandra. Let me tee him up a little bit by highlighting again the 4 big challenges we are focused on for our enterprise customers around the globe. First, they're looking to us to help them secure this wild explosion of agentic workforce in the context of their human workforce. Secondly, they need us to help them move their enterprises to real-time adaptive identity security. Third, they need us to help them democratize privilege by ensuring dynamic, rightsized access for every identity, human or nonhuman. And fourth, we're going to help them bring identity in the security operations center together for truly effective, truly comprehensive threat response. So with that, thanks again for joining us today. Let me now hand it over to my colleague, Chandra. [Presentation]

Good morning, and welcome again. Mark really set the stage. What I'm going to do is really get into innovation, talk about customer outcomes, and really talk about how we are using AI. So if nothing, I would like you to walk away with 3 things today. One is there are 2 big rock, big mega growth innovations that we are -- that we're going to be working on for the next 2 years. One is agentic. Second one is we're moving governance of human beings, which we have done for 20 years from static to real time. Number two, we fundamentally believe, just given the security world today, it's time to move all of our customers to a minimum of least privilege and 0 standing privilege and ultimately to our vision of autonomous identity, which is really, think of it as a way more of the identity world. It's a self-correcting self-healing platform. And third, we are quite excited about the way, the 3 different ways in which we are using AI, and we are incredibly proud of the product velocity. We have really -- our product velocity has gone up by 2.5x, 2.5x in the last 18 months, and it's continuing to accelerate. So before I dive into this, I want to set the stage for what we believe is a new normal in the world of threat and security. And the way to think about this is the time it takes to go from finding a vulnerability, when you actually find a vulnerability, to actually a bad actor being able to exploit it. About 3, 4 years ago, it used to about take a year, right? So when a large corporation found a vulnerability, they will actually issue a [ CBE, ] and it took the bad actors roughly about a year to get to it. As long as you patch it with them, that, you're good. Today, that 1 year has come down to 1 day, and it's trending more towards 1 hour. And just think of that change where from the moment you find a vulnerability to when it could be exploited, it's trending towards 1 hour. And it's largely driven by advanced models like Mythos and GPT-5.5. It's organized cyber crime activity, dev environments being overly permissive. It's a combination of it, but it's a stratospheric change in the world of security. And it's really against this backdrop that we are shifting from just securing and governing humans to securing and governing human plus AI. And when I say AI here, I mean broadly. Mark really referred to them as agents. It could be agents, nonhuman identity, credentials, right, bots, all of it, all of it includes. So we, at SailPoint, think of all of it collectively. And this whole -- and it's not just human plus AI. It's actually the ratio. The ratio matters. We are beginning to -- well, we are at roughly about 1:100 across all of our customer base, and it's trending more towards 1:1,000. So for every human, we are going to find about 1,000 AI identities or nonhuman identities. At that scale, architecturally, you have to really shift to more of a real-time architecture as well as what we call security in line, meaning when you have the ratio of 1:1,000, literally, a global 1,000 will have millions, if not tens of millions of these nonhuman identities, right, that can do things autonomously. So the only way you can actually manage and be secure is the ability to respond to a threat in real time with deep identity context. That's really what we are building here. Now this human plus AI has actually introduced 2 fundamentally new identity security problems today. So what I want to do is frame those problems conceptually before I go deep into it. So I'm going to just illustrate it with some very conceptual basic use cases, right? The first one is really about a human or an AI, developer writing code and putting that code in a GitHub repo or an agent or a human accessing an API. That itself is not new. The fact that those -- the GitHub repo and the API, they have credentials, which are really machine reading -- machine readable credentials, tokens and keys. That is also not new. What is new is the fact that these were -- these have been largely unmanaged and ungoverned, right? A lot of them, by the way, they would not be rotated for like years and years. You can no longer afford it. If you leave a key now that is not rotated frequently, the chances are it's going to get hacked into, and your code could be stolen. That is new. The second one is really the autonomous AI use case, which is you have a big agent calling smaller agents, right? And the smaller agents or the subagents accessing application and data. This flow is very, very new. And this whole chain needs to be governed, right? They need to be discovered. You have to make sure they are authorized to only access the data they are supposed to on behalf of the human they are acting. These 2 conceptual use cases is what we refer to as the agentic security and governance problem. Now on the human side, the question is, what's changed, because humans have always had access to application data. What has changed is the fact that the bad actor now can use these advanced models, advanced tech to really hack into these applications and data in no time. And this is why there's time from -- the time to exploit a vulnerability going down to an hour is really -- it really matters. In that world, you can no longer rely on these applications and data being fully secured, you have to fundamentally reimagine how humans access this application and data. That's why static governance, static privilege is dead, you can't afford it. It's grossly insufficient. You have to move -- you have to really risk evaluate every access a human or an agent has to the application and data. That's what we mean by shifting human governance from static to real time. These are the 2 problems we are fundamentally committed to solving. And our big growth innovations that I talked about, agentic, real-time human governance are about solving those 2 problems. And we launched our Agentic Fabric, which is our fabric to solve end-to-end agentic here at the NASDAQ last month, it lead GA in the next 2 months. In less than 2 months, real-time human governance. It's really -- all of you are familiar with our Identity Security Cloud, ISC. This is an upgrade to ISC. This is -- we are really delivering next-generation human governance or real-time human governance through next-generation ISC. And Atlas is the engine. It's a shared services layer. It's an engine that powers both of these innovations. Now here is what we're excited about, right, which is solving the agentic problem. There is a new role in every large corporation today. It could be described as Head of AI. In some places, it's actually committee and so on. But that's a new role. And the real-time human governance is no longer in the realm of just the identity department. It's the CSO and the entire CSOs office that's really responsible for it. So we are becoming strategically more relevant as well as the wallet size. The wallet size goes up when you go solve these 2 problems with those 2 executive [indiscernible]. This is why we are quite excited about where we are innovating. Now the solution to this, the SailPoint solution to this for both agentic as well as real-time human governance has 3 pillars: discover, govern and protect. Now for the last 20 years, right, we have talked a lot about discover and govern, right? That's really what a great IGA platform does. We are now innovating on that for this new identity type call agents and machines, right? But protect is new. This is new. This is why SailPoint is no longer your old legacy IGA. It's not even your grandmother's identity platform or your parents' identity platform. This is a new SailPoint, and we are really innovating on protect. I'll talk about what I mean by that. But this is -- and when Mark talked about how our TAM has really expanded even since we went IPO from $55 billion to $90 billion, a good chunk of it is driven by the fact that we are governing a net new identity type call agents. It's also because both for agents and for humans, we are now not just in the discover and govern -- sorry, in the governance game, we are also in the protect game. With that, let me just dive in, right, and talk about what we are doing in both agentic as well as real-time human governance. And I'm going to really focus on what's new and what makes us very, very unique in solving these problems. So starting with discovery. Look, we are super thrilled about the acquisition of Entro, which I think is very, very complementary to what we do. So with that, we have the most robust, I can confidently say, we have the most robust discovery mechanism of any agent nonhuman identity type. Entro covers more than 1,200 nonhuman identity types. And so we have the most robust mechanisms to discover agents and machines and credentials from any platform in the world. But what makes us really special is the fact that we will be the registry, right, which means you are -- the moment an agent or a nonhuman is discovered, it gets -- so think of us as the [indiscernible] or the warehouse where all of it is stored, we automatically correlate it to the deep human context that Mark talked about, right? And so if it's -- so let's take this persona, Bob. Bob has a coding agent, right? So it's not just correlating the fact that the coding agent, [indiscernible] coding agent belongs to Bob, it's also all of the fine grain context that is associated with Bob, right? So we do that automatically in our registry. The second one, we are getting into posture, okay? This, we are going to be introducing the SailPoint risk score, which is a mechanism to really evaluate risk at an individual identity level, both for humans and agents. And it's a configurable mechanism because what risk means changes from one company to another. So we're going to live -- we will give our customers the ability to configure how they calculate the risk score. But because in a world where you have millions, tens of millions of agents inside a corporation, you've got to have real-time visibility into what the risk is, right? And so that's really what the SailPoint risk score will provide. That's really on discover. On govern, what's net new here? Or what special is really? We will be the first to market with our agent audit product in less than 2 months. So look, human access has been audited and has been regulated for a long time. The same thing is coming for agents. It's going to be a lot more complicated, a lot more complicated. Already, there are about a dozen frameworks. Every country seems to have its own framework for auditing agents. Lots of industries like health care and others, banking have their own frameworks for. But we are an audit company. We know this. This is in our wheelhouse. So what we have done is consolidate all that into 10 controls. We are going to be launching that very soon, right? And we are working with all the big 4 audit firms actually, quite frankly, to make sure when we really come to market, it's very, very pragmatic. On the protect side, there are a few things I would love to highlight. One is just-in-time real-time authorization. Look, the hundreds of trillions of dollars that is getting spent in the world of AI and in the world of agentic, it all boils down to the fact that enterprises will have to use them to automate business processes to change the way they work. Doing so requires -- which means a bank will automate loan origination and an insurance company will automate claims processing. Doing so requires these agents access application and data. That is where just-in-time and real-time authorization comes in. And having the human context matters because when a multi-agent network is authorizing a loan, it's acting on behalf of an underwriter. And you don't want this agent to access anything that the underwriter does not have permission to. That's why mapping the agent context to the human context during authorization is the only way to do it. This is where we are highly differentiated. Second thing is from security. Like every one of you here, I'm sure you are all prompting in some foundation model, 20, 30 times a day. One of the biggest threat vectors is that prompt being poisoned, the prompt being hijacked. It's a huge security issue. And our prompt security, because we have a browser architecture now, we have a plug-in in the browser, we can intercept these prompts in real time. We are doing -- we're using machine learning to classify the prompts into high risk to low risk. And if we see something, let's say, an employee is trying to upload some confidential data into ChatGPT to do some analysis, that's not safe and we'll block it. So we will be doing things like that. And the third one is really response remediation. In a world when you have tens of millions of agents running around, you have to assume breach at all times. Anything else, you're really kidding yourself. There's some breach of some agent or some machine at any given moment in every corporation. And so in that world, the only thing you can and should do is have the ability to respond to it in real time. So what we are doing, we are launching this product in the next few weeks called response remediation, where anytime there is a breach, we have receivers that are really listening to events. So we have built a whole event mechanism using the SSF protocol, which is an industry standard. And we are creating what we call a [ SOC ] package with deep identity [ contact. ] So you, let's say, one of you as an agent that gets hacked, we will create a package on what critical data that agent has access to and what the blast radius is and send it to the SOC, so that the SOC analyst who is analyzing the breach can actually use that to be surgical in the response. Doing these things is a game changer. Now as you will see, we also believe, from an outcome perspective, the minimum in the world of agents is actually zero standing privilege, not even least privilege, certainly not static, and our fabric automatically delivers that. That's our promise. Now before I get into real-time human governance, I want to just mention a word on Entro. So we are quite excited. Entro is a market leader in nonhuman identities. A simple way to think about this is the world of secrets and tokens and API keys and JWT tokens and certificates and so on, right? They're world-class in managing, not just discovering, governing and protecting them, right? And so once we close, which should be soon, we are going to be very aggressive when integrating all of Entro into the SailPoint Agentic Fabric. And so you should hear more from us on it. We have publicly announced the Q3 close, maybe earlier. But I think we're going to be super aggressive in terms of integration, more to come on that. Now real-time human governance, right? Let me just demystify real-time human governance a bit because there is a lot said about static real-time. What the hell does it mean, right? So governance has always been about who has access to what, right? Now what has changed is, who has access to what, where, when and why. Answering the where, when and why is really what the security folks like to call risk context. When you really hear the word, that's really what it is, right? So I'm just going to bring it to life with this persona called Bob. Let's say, Bob is an analyst at a large corporation. It's really questions like, should Bob have access to financial data 24/7? Or should Bob only have an access to the data a week before earnings, a week after earnings and no more? Should Bob have access to Salesforce data inside Salesforce.com when Bob is on vacation on a public WiFi? Bob has access to an [ SEC ] folder inside the corporation. Should Bob have access to it at all times or only during a confidential M&A project? In all of those situations, there is some condition based on which Bob has access. That's really the essence of real-time human governance. So you don't assume that Bob has access to everything all the time. You are gating Bob's access. That is simply the world of real-time human governance applied to both agents and for humans. Now doing so requires a few things, which is what we have completely built here. Doing so requires the ability to classify the application and data that Bob is accessing, which is what we call privileged classification, you will see here, right? Now you've got to be able to apply that to not just Bob. An average Fortune 500 corporation has 60,000 employees, 60,000. Everyone should be privileged, not just 3% or 4%, which is really today, right? Everyone should be privileged, not -- it doesn't mean every access they have, everything will go through just in time, but at least your are risk evaluating their access. That's what we mean by democratizing privilege. We are bringing privilege everywhere. Doing so requires classifying applications and data, which is what we are doing now. Once you do that, you've got to have the method. You've got to have the mechanism to do just-in-time authorization, right? Like I talked about. You only have access -- Bob only has access a week before, a week after earnings and so on. So that means you're doing just-in-time authorization. Bob doesn't -- it's not really static access. That is to the right, just-in-time and real-time authorization. Now there should be policies, right? Every role based on context will have policies based on which their actions should be governed. That's what in the middle we mean by governance being driven by policy and intent, not just roles. It's not just, well, Bob's role is that he can have access, no. There should be policy that will govern based -- conditions based on which Bob will have access or not. That should be done for all roles. Hopefully, that sort of demystified real-time human governance. We are delivering -- so we have a big launch event in early August in [ Black Hat. ] That's when we are formally launching real-time governance or human governance. It's really an upgrade to ISCR. President Matt Mills likes to talk about it as it's not a migration, it's an upgrade. Just like how you would walk into an Apple store and upgrade your iPhone from one version to another, that's exactly what we are doing here. It's not a migration. So that's why we are confident as our customers move to our agentic suites, which will have real-time human governance, they will automatically go through the journey of moving to least privilege and zero standing privilege. That's our promise. Let me spend a minute on this notion of autonomous identity because I said, that's our end state. Think of -- look, think in a -- scale is important, right? The context is why do we need autonomous? Because of scale, right? When you have tens of millions of identity. Today, corporations are used to, like I said, the average Fortune 500, 60,000 employees. So you have 60,000 identities. In the future -- or like, sorry, not even in the future, today, the ratio is at least 1:10 or 1:100, so you're talking about 6 million identities, 1:1,000, you're talking about 6 billion identities, right? Sorry, 600 million. So these are like massive numbers. And the only way -- so you can't have a human-on-the-loop all the time looking at what's happening with 6 million, 60 million, 600 million nonhuman identities all the time. So what we are doing is building a fleet of agents, these are called guardian agents that are autonomously looking at everything that's happening with the identities inside a corporation, and looking at whether they are acting inside the policy, outside the policy. Anytime they see drift, it will automatically take some action based on policy, like meaning with a small drift, it will actually stop it. If it's a major drift, it will alert the [ SOC ] or it will alert the human owner. This is our vision for autonomous identity. You should really expect us to be delivering some of the early capabilities in this early next year, but we are working on it, and it's quite exciting. So I talked about Atlas being the engine that powers all of this. And we launched Atlas about I think 3, 4 years ago, and there has been a ton of innovation in it. The one I would like to highlight is all the things we are doing to really get into protect, right? Remember, I talked about discover, govern, protect, and protect is new. So we are building a risk engine, a policy engine, an intent engine as we move to just-in-time and real-time authorization, we're moving a provisioning model from static provisioning to dynamic provisioning, all of this is getting built into Atlas. And so when we launch our -- the next-generation ISC with a new brand, the next version of -- the next generation of Atlas will go with that new brand as well. So please stay tuned on that. We are also very, very excited about extending Atlas, right? So we have our ecosystem of partners that build on Atlas today. They use our APIs, workflows and so on. What we are doing is really building -- we will be giving them the ability to extend Atlas. So if you're an ecosystem partner, you can configure your UI, you can configure your workflows, you can potentially extend the data model we have and so on, right? This is quite exciting, which we believe will -- and Matt will formally announce a new monetization model for how we are going to monetize the ecosystem and give them access to our platform. This is going to enable that. Let me send -- Mark, at a very high level, talked about the breadth and the depth, right? And I want to link it to the next level of how our product is differentiated. And I think the best way to understand is using a building metaphor, right, because we are very bullish and confident that we are the most differentiated platform to govern and secure both agents and humans in real time. And it comes from the fact that we have a foundation, which is what Mark referred to as a [ red thread. ] The ability to connect the human to a nonhuman context, it's not just that. It's the full depth of that context, which is what application, what data, what accounts, right? And now imagine the ability to do it across thousands of platforms. The agent here could be in AWS, the machine could be in Google, the application could be Salesforce. The data could be in Snowflake and so on and so forth. Imagine the ability to do that across all platforms, which is what we have. We have the most robust connectivity infrastructure in the whole world. And so this is really the foundation. On that foundation, we have built an authorization layer. We are the authorization last mile. We are the authorization execution layer. We are an authorization company. We are just moving into real time, we are moving into the world of agents. And all of these capabilities here are required to do authorization really well. Look, authorization requires data. You can't authorize if you don't know who should have access to what and when, which is what the foundation provides. This is a SailPoint differentiation, right? This is -- so we have -- the strength we have built over the last 20 years, we are now adding to it with all the agent context. And this is the complex engineering we have done, already done, and this is what is getting released now. Now on top of these 2 is the second floor, which is all of the customer innovation I talked about, discover, govern, protect, all of it is on the second floor. Now the start-ups of the world are starting on the second floor. They don't have the foundation. They don't have Floor 1. And what happens to a building if you try building a second floor without the foundation, right? That's why it's shaky. And our big platform competitors, look, CrowdStrike and Palo Alto and ServiceNow, they are all [ competitors ] because we partner with them as well. But even they have strengths of identity context, nowhere near the -- none of them are identity companies. They're all trying to get into the identity wall, right? And so that's why we feel very, very bullish about the durable differentiation we have. Now those were all the customer-facing innovations. There is a ton we are doing on the operational innovation side as well. So I'm just going to highlight a few. Architecture, there are 2 fundamental shifts that we are really rewiring for. One is moving to real-time, two is building for agents scale, like I talked about, 1:1,000, it's a different game altogether. And so -- and it's -- and we're doing it through people. You might be wondering, wait, guys, you've been building static for 20 years. How did you just do it? So my own leadership team, [ Fuad, Levent, Mitra, ] they've really come from places like Microsoft, Okta, Salesforce, SentinelOne. And the next level leadership is where we have also hired some fantastic leaders from CrowdStrike, Salesforce, Palo Alto Networks, who have been there, done that. And so they are being complemented with our existing talent. And SailPoint has always been distinctive in terms of domain expertise for identity. That combination is really the magic. That's how we are driving the architecture shift. User experience, we hired Mahin, who's our Head of Design, that is really leading our excellent design team, which we have had for a long time. And Mahin believes in this notion that design should follow a user's emotion. And so you should really expect to see a lot more reimagination. We are fundamentally reimagining the SailPoint user experience. You will actually hear more from us on it, and it will start with our Agentic Fabric launch in less than 2 months. You will see it. And Levent will show it, by the way. He's going to do a demo. You will start seeing glimpses of the new SailPoint user experience. Security, this is a big deal for us, right? I talked about the new normal, right? We are quite religious about it, quite frankly. So we are using all of the advanced tech. It's more than that. We are also rewiring how we build products, and it's a fundamental cultural change. Now the world is less global. It's gotten more complicated. There are lots of sovereign needs. That's why we will soon be announcing our support for 5 different sovereign needs, including FedRAMP High here in the U.S., as well as things like PCI for the payment industry, [ EU ] sovereign cloud, availability in South Korea locally, and GxP for the life sciences industry. And there are a few more coming. Expect us to formally announce these things, but I want to give you a sense of where we are headed because without these, it's hard to do business on a global basis. But doing these will give us a real competitive differentiation. Now I call this the AI triple play. We are using AI -- or sorry, we are protecting our customers' AI. That's the SailPoint for AI. AI for SailPoint, which is all about how we are using AI, and we are using it to build our products, which is really tripling our velocity. Now we're also an open ecosystem. And so one of the things that I want to highlight is Chet Kapoor runs security at AWS, which is one of our deepest partners. And Chet apologizes for not being able to be here in person, but he wanted to represent his views on our partnership with me, which is we are a deep partner, right? And so we are one of the very few identity, large identity players in their [ Security Hub plus, ] which is a second-party marketplace they have, as well as we participate early with them on a number of innovations, right? And so then there are other partners like Snowflake and CrowdStrike and so on. So we are really an open architecture. Now I want to take it back to where I started, 2 big rock innovations, 2 big customer outcomes and AI triple play. Thank you for listening. And with that, I would like to show you things now for which I'm going to invite my good friend and colleague, Levent Besik.

Good morning, everyone. Thank you. All right. Perfect. All right. Good morning, everyone. I'm Levent Besik, the Chief Product Officer here at SailPoint. As Mark and Chandra mentioned earlier, we're on the frontiers of innovation to provide best-in-class identity security for humans and nonhuman workforce and enterprise. Today, I'd like to show you some key innovations that we've been working on and we've built for our customers. And all of these are either available today to our customers or will be very soon. I'll first start with SailPoint Agentic Fabric, which is our end-to-end solution to discover, govern, audit and real-time protect AI and nonhuman identities. I will then showcase our AI-driven privilege classification and just-in-time authorization capabilities as part of our real-time human governance. So let's start with our Agentic Fabric. Today, the fastest-growing, most highly privileged workforce inside any global company is nonhuman identities, which, of course, includes service accounts and machine secrets and now autonomous AI. Some of our customers see over 100x more nonhuman identities than humans. So visibility and the unified inventory, as Chandra said, with human and data context is the first step and super critical for our customers to secure this new nonhuman workforce. After all, if you cannot see them, you cannot govern them. If you cannot govern them, you cannot secure them. So let's bring down the lights and take a look. All right. Welcome to the unified AI and nonhuman identity dashboard powered by SailPoint Agentic Fabric. So right from the single pane of glass, an identity admin gets an immediate comprehensive health check of their entire nonhuman and AI ecosystem. With our AI-enhanced connectors that can virtually connect to all enterprise platforms as well as our sensors now that are deployed actually on the browsers and on endpoint clients. We provide one of the most complete views of nonhuman identities and their human context in one place. There are multiple dimensions of insights here that I want to go through that really reveal your security posture very quickly. So for instance, right here, you can see the total number of nonhuman identities. You can see the number of total active agents across your entire enterprise. Many of our customers for the first time ever see this, realize how large their AI and nonhuman identities are. And you can see older exposed secrets. You can click in each of these and go and drill down. And we also show we not just manage agents, but the shadow agents that obviously the administrators may not know about. And of course, the nonhuman high-risk agents and the abnormal behaviors that they might be utilizing, right, or they might be displaying. So this is a critical security insight that many of our customers, I said, don't completely realize until they use our fabric for the first time. But let's dig in to nonhuman identities in a little more detail. So here, you see all of our nonhuman identities, in this case, the tokens that you can -- an admin can look through, slice and dice and look at the securities, severity and different aspects of it. Let's just focus on the high-risk ones, for instance. But this shows you all of the critical factors an admin makes, right, to understand the security posture. But let's dig in into one of these to see what we actually see. So here, in this case, this is a -- it's a token. You can see there's a critical issue here. So let's understand what's going on here very quickly. We see the owner. We see the last time it was rotated. Clearly, that's flagged. It's a risk factor. And it's in a production system of some source. But here is a unique differentiator as Mark and Chandra told us. Our Agentic Fabric has a depth and breadth of human and data context. So we can add this to this view. And because we have that context, we can do some amazing things. We can create a complete lineage map. So let's go through what that looks like. So in this case, let's look at this token's life cycle, right? This was a token owned by [indiscernible]. It was creating a browser and used in a few places. But here's an interesting piece. This token has high administrative privileges. Okay, I mean that's suspicious. But is it used? Yes. And it was used. It was used in a privileged production system by an AI client that [indiscernible] used on his laptop. And it was -- furthermore, how was it used? It was used in an access management system to create a new user, right, attach a user policy to it. And worst of it, this was all done from an untrusted location. So this is the context we talk about. It's the full lineage, not just what the token is or the metadata around it, but how it came to life, its life cycle, where it was used and everything. And here's the thing. I've seen enough that this, to judge -- to assess that this is dangerous, I'll just disable it. This is not an [ insight ] platform, it's an action platform. So with just one click, we just revoked that token, mitigated the risk. All right. So this is the power of the SailPoint Agentic Fabric. Let's see how this works in an agentic work. So let's head over to the agent dashboard inventory. And similar to the nonhuman inventory, this is the place to slice and dice and understand how many AI agents you have, where they are, who owns them. Again, you can see similar metadata across the board. You can click in each and every one of them. And this is a purpose-built dashboard. So you can see here, again, let's click on one of these to see what we see. Again, similar experiences in nonhuman identities. But of course, we see some interesting stuff here, right? So this was a Cursor agent, again, with our suspicious actor, [indiscernible], where interesting stuff is happening here from your machines. And Cursor agents active, that's interesting. So let's go to the lineage map to see what [indiscernible] has been up to. So again, [indiscernible] has been using this agent on his MacBook Pro for Cursor. All right, so this is where the interesting stuff comes in, right? This agent has multiple identities that was used. One in Figma, one in GitHub. And let's see what this agent has been doing, right? This agent was doing Figma, probably it sounds like -- it seems like a developer agent. It was accessing the design system and a few other things that, as you know, that thing. But suddenly, and then it access the GitHub. And for a developer agent, we see some suspicious things like it's accessing, for instance, financial automation service, quarterly reports, customer data. Well, that's not right, right? That doesn't seem right. So again, with a single click, I just disabled that agent on its platform that it came from. So it's great that I can take these remediation actions one by one, right? But as Chandra said, we expect hundreds of thousands of these. So how do we create automatic real-time access policies for agents and secrets and dictate what they can and cannot do before they're even created in the enterprise, right? Because that's what you want to do when you have that autonomous automatic policies, right? So this is where our security policies comes into play. And as you can see, we have a selection of these policies you can create from behavior policy to identity owner. But here, what I want to create is a policy around -- in this case, since we just looked at a GitHub agent, let's configure an agentic access policy to deny cloud agents from accessing GitHub for product team. Now, why? This is actually a very common risk vector that recently we hear quite a bit from our customer base. They see a lot of these benign coding agents drift from their original purpose and they, in some cases, do destructive events like leading the code base. And then they use their excessive privileges. So what we want to go do is we want to create a policy to block that. So we're going to give it a name, let's give it a name, block GitHub access. Now again, I can choose a variety of platforms here. I'm going to use cloud. And again, I can do a variety of targets. In this case, I want to block GitHub access. I'm going to select that. You can deny and allow policies. There's a [indiscernible] of options here of customization. But I'm going to select a specific team here because I want my engineers to innovate with agents, and I can't create a separate policy for them, but for product team, I'm just going to deny that. So I'm going to create a policy and then see how this -- sorry, and see what happens. Okay, great. So let's check now, we create that policy. Let's see if this works. So we're going to try to read the file from GitHub. I'm a member of the product team. So let's see. Hopefully, it's going to work, it's going to think. I hope it works. There you go. Request blocked by our policy. Now this right here is huge business value right here for our customers because this capability allows our customers to create guardrails and to adopt AI innovation securely across the organization. All right. So let's pivot from agentic identities back to human element. As Chandra and Mark said, we also have a lot of innovation happening on real-time human governance. Specifically, let's see how we are using AI to radically modernize real-time human governance. So I'm going to go to [indiscernible] here. Now to achieve true zero trust, an organization must understand exactly what access entitlements they are governing and then classify them accurately in order to apply appropriate security policies. But across the enterprise landscape, we faced a massive data quality problem, 64% of our application entitlements are missing descriptions or written in cryptic jargon. So we're not also talking about a few hundred here. Some customers have millions of these entitlements that they need to manage. And with such sheer volume, if a manager or an auditor doesn't understand what an entitlement actually does, they often misclassify it. And that is a massive security, a massive compliance cost. So this is where we innovated with AI and created AI recommended descriptions, which makes this traditionally laborious and critical security [ task activities. ]. And let me show you how. So in this case, we have a ton of entitlements here. A lot of them don't have any descriptions. So let's see what happens with our AI generated recommendations. So we clicked there. And instantly, you can see, we have created some really detailed descriptions of what this is. In this case, for instance, it's a Super User group for Workday, and we came up with like a very good description here. But here's the best part. Building on those descriptions, the AI then automatically classified exact risk level for each of entitlements. So we now flag which ones provide highly privileged access. And we can approve and deny a few of these, but it turns out our accuracy is also pretty good, 98% of the time, 95% of the time, our customers accept and approve all these classifications. So with that confidence, you can square them, bulk approve, right, these things, and you can also obviously go and edit them if you wanted to, right? And you can adjust risk to this, but we can bulk approve these. And what used to now take teams of security analysts months of manual work is fully automated, thanks to AI. We're slashing our customers' total cost of ownership, we're accelerating their deployment, we're laying the robust foundation required to enforce real-time dynamic access policies. Okay, so now that I discovered and classified what is privileged, I want to focus on the privileges that represent the greatest risk to the organization so that I can enable zero standing privilege. We do that with just-in-time policies. I'm going to go to just-in-time [ console ] here. And what happens here is that with just-in-time, our privilege is only provisioned when a user needs it and de-provisioned or disabled once they're done. And you can do this for all types of entitlements to achieve zero standing privileges, and that's what we recommend. But for the most sensitive ones, we can add additional verification at the time of activation, too, if we wanted to. So let's walk through how an administrator would create an activation policy so that when a user wants to activate Workday for Super User privilege for instance, he will be asked for additional setup authentication, right? So let's go to an activation policy here. I'm going to create a policy, and I'm going to create an activation, Workday Super User. There's some information here I can add. It's going to be individual policy ownership. And again, we give great flexibility here. You can create this policy to match attributes and do a whole bunch of other flexible things to fit your needs. But here's the best part. So first, there is the why do you need this policy questionnaire that I can create. But even better, this is such a privileged entitlement, a Super User access to Workday, right? I want people to really make sure that they are authenticated, re-authenticated with multifactor, right? This is where our integration with identity partners come to play. In this case, I will require authentication and I will also create an identity policy for that multifactor authentication, right? So I'm going to do that. I have the policy set. I'm going to finish. And now let me switch to the user mode, right? So this is now our administrator, right, David, which is one of our administrators. So when he activates the Workday Super User policy, let's see what happens. So I'm going to go ahead and activate this. Again, it's time limited. I'm going to give you the reason. Okay, great, great, sure. And then let me get a service ticket as we -- because this -- we set a policy, let's enter something there. Okay, great. And then here's the most important part, right? We're going to begin a reauthentication ritual here. So we're going to go ahead, and on the phone, simulate it. We're going to approve a multifactor authentication backed by biometrics. So we do that, we do biometrics requests. It's approved. And David got his entitlements. And that's how we create zero standing privilege for these entitlements. And hopefully, he can deactivate or if he forgets, it's time bound, it will be disabled after he's done. So please bring the lights back up. That's a quick overview of our SailPoint Agentic Fabric and our real-time policy. So a quick recap. We got a complete view of all of our nonhuman and agentic footprint in our enterprise with critical human data context. We were able to quickly assess and improve our security posture and create policies. We then saw a single control plane on a unified platform with automated governance and real-time protection. We now saw how our AI-driven capabilities deliver real business and security value by eliminating painful manual work. And finally, we saw how our real-time authorization help our customers create a zero standing privilege posture and protect them from privileged misuse and insider threats. We are incredibly excited to bring these capabilities to market and partner with our customers on their AI and real-time human journey. Thank you. Really appreciate it. And now I'd love to have our President, Matt Mills, to stage on go-to-market.

Our go-to-market session. We're going to take an opportunity and introduce you to really the broad deep bench that we've built over the years. And so you'll hear shortly from our Chief Commercial Officer, Gary Nafus. You'll hear from our Chief Customer Officer, Meredith Blanchard; our Chief Marketing Officer; Wendy Wu. You're going to hear from our Head of Revenue Operations, Steve Caldwell. And the gentleman that manages and leads our Global Solution Engineering and Specialty Sales, Jeff Hickman, right? So the depth of their collective experience is extraordinary, and you'll see that for yourselves, and you'll see the deep bench that we've been able to build here. With that, let me just get started. The business, as David Deutsch once noted, that humanity is always at the beginning of infinity. With AI, that infinite future is driving faster than anything we've ever seen in technology history. We are seeing an unlimited growth of knowledge, but crucially for our business, we are seeing an infinite proliferation of AI agents and nonhuman identities. Last September, if you'll recall, we launched Agent Identity Security. At that time, it was arguably the first solution of its kind. We made a bold prediction that governing autonomous agents would quickly eclipse human identity management as the most critical governance and security challenge of the decade. We were right. We declared 2026 the year of the agent because we saw a fundamental truth that the entire AI wave from copilots to autonomous workflows requires one absolute foundation, robust, unified identity and access control. The market urgently needs a vendor-agnostic control plane to govern the connection between humans, agents, machines and data spanning across all platforms, for instance, Salesforce, Amazon, Microsoft and Google. And because as the global regulators begin to draw strict lines around AI accountability, proving what an autonomous agent is doing with your data is no longer just an IT issue, it is a massive compliance mandate. And today, that explosion, it's not a forecast any longer. This is the reality we're dealing with. Board mandates are clear, massive budgets are activated. The AI is undeniably the engine of the modern enterprise. With this rapid AI adoption comes a rapidly growing security problem. We've been saying this now for some time that identity is the #1 breach vector, and most companies have experienced identity-related incidents up to now. Now take a minute, add autonomous agents, the attack service isn't just growing, it's multiplying exponentially. Agents are being created everywhere, largely outside the purview of IT. They are [ spawning ] subagents, connecting to critical SaaS apps, massive data lakes and being granted broad, sweeping privilege across the enterprise. And as a result, the fastest-growing form of agent governance right now, there's no agents governance at all. With a control plane, the trend of rapid vibe coding quickly devolves into, get this, vulnerability as a service, all right? So let me give you a real-world example. Imagine one of your analysts deploys a [ Claude ] agent to build a financial model, granting it broad access to your firm's data lakes. Does the agent know what it is allowed to access? Does it understand an ethical wall? Can it tell the difference between useful data and restricted data? Is it violating [ SOC ] controls or creating a toxic access combination a threat actor could potentially hijack. In most enterprises today, the answer is unclear, and that's a big problem. You cannot govern what you cannot see. You cannot secure access that you cannot trace and you cannot manage risk when agents, machine and data are operating outside the identity control plane. Now we are already seeing this in the headlines, an explosion of shadow AI-related breaches all fundamentally rooted in identity failures. The broader market and more importantly, the regulatory landscape, it's waking up to this reality at a breakneck speed. Around the world, AI governance is moving from policy discussion to operating requirements. We're seeing this across the U.S. Treasury AI Risk Framework, the EU AI Act, DORA, NIS2. In Asia, you've got MAS and APRA. And the common theme is clear, enterprise must prove control, accountability and data lineage across all AI-driven activity, and none of that works without identity. Consider this, 60% of the 230 control objectives in the financial services AI risk management framework depend entirely on foundational identity security to be able to achieve that compliance, 60%. So simple math, that's 138 of those 230 control objects, right? That's a lot. It's something that cannot be ignored and it's going to be a big problem. Here's another one. The Monetary Authority of Singapore. This was the MAS I mentioned, its strict demands for data lineage, human accountability of governance, and it states in the regulation organizations must, right, not should, must deploy robust identity and access management systems. So this is a powerful signal. AI compliance is no longer just about the model governance, right? It's about knowing who or what has access, what they are doing and who is accountable, right? This is what China went through. Furthermore, tech luminaries who wants -- really just touted the limitless power of AI, it kind of changed their tone, right? Leadership at NVIDIA, Google, Box and Anthropic. Now they're really urgently calling out for governance. I don't know if you saw it a few days ago, Anthropic called for a pause in AI development because of this growing concern. Anthropic also recently announced -- published a zero trust framework for AI agents, reinforcing the autonomous agents require identity, task scope permissions, observability and controls designed for AI-driven activity, right? So all of this together really serves as a powerful third-party validation. I think of what we're really driving here and what we're sharing with you all today, and that is the proliferation of autonomous AI cannot be secured by traditional network perimeters or firewalls. In short, agents must be secured at the identity layer. So when you step back, there are really 3 market forces here that are coming together. The threat landscape, it's expanding, nonhuman identities, AI agents are creating really this invisible attack surface. The regulatory requirements that I just went through, they're increasing, and compliance has shifted from a basic check box to the alternative of severe revenue risk. And finally, technology leadership is voicing the importance of identity where identity has officially become the new enterprise control plane. And we are seeing additional signals of momentum building in the market. I don't know if you follow Cisco, right? Cisco's acquisition of Astrix, I mean it's a proof point that large security platforms are moving quickly into nonhuman identity security. New entrants into the market are shining a light on shadow AI and unmatched agents. And CSOs and CIOs, well, they're increasingly recognizing that their ungoverned AI, it's not a future problem, right? It is already emerging inside their organizations. And when you bring this together with market sentiment, the technology leadership, you throw in the auditors, what are they saying or all agree on, that identity security is a critical infrastructure and necessary to effectively govern AI. So let me leave you with this to [indiscernible] on right? Identity is the central control plane for enterprise security. It's not just about securing the agents, but it is about the platform to secure your enterprise. It is the common fabric that brings the endpoints, networks, applications and data all together so you can properly govern and secure your enterprise. All of these create a powerful tailwind for SailPoint and accelerate our go-to-market opportunity. So with that, let me now invite our Chief Commercial Officer, Gary Nafus, to dive into more details on our go-to-market strategy.

What are we going to do? Let me just give it 1 minute. It seems like we're good. Just luck. Okay. Good morning, everyone. SailPoint is attacking this $90 billion TAM that you've heard about this morning with a ton of momentum. We're attacking this with a maniacal focus on customer success and time to value. So as we scale, we are taking significant market share from the incumbents. Over just the past 2 years, we have expanded our leadership position by nearly 5 points to capture 23.2% of the market, while the rest of our competitive set has either stagnated or actively regressed. According to Gartner, the IGA market grew 15% last year. SailPoint alone captured nearly 38% of that total market growth. And most importantly, our unit economics and our customer health metrics are stronger than they've ever been. But the best metrics that support the momentum in our sales are the leading indicators such as pipeline. Our pipeline for these advanced capabilities of AI have doubled every quarter since we launched our product. To maintain this growth trajectory and capture our disproportionate share of that $90 billion TAM, we're aggressively executing on 3 strategic go-to-market priorities, capturing new logos. Spoke too soon. All clear. All clear. Okay, good. Capturing new logos, accelerating our multiproduct platform adoption. One more time, perfect. Perfect, it's good. Yes, that is an agent, unsecured, I will tell you. The third is modernizing our customer base. And so here's what gets me really excited. We're innovating within our go-to-market strategy, leveraging AI internally to unlock significant acceleration in our sales cycles, our customer time to value and our product expansion. We're going to show you a demo here shortly of some of these capabilities. Okay, moving on to land and expand. So we have -- SailPoint has an unmatched opportunity to land and expand. We are looking at a vast, largely untapped market that is reacting to a ton of market pressures. There is an urgent now Board-driven mandate to modernize these fragile legacy identity stacks. This imperative is backed by agentic-first budgets, enforcing the need for access governance. These are budgets that SailPoint has typically not accessed. These are outside of identity, outside of the CIO office, all new budget pools that are now addressable by SailPoint. And we're making it super easy for and seamless for our customers to modernize their solutions with limited risk. These are push button like upgrades that just didn't exist 6 months ago. We have brought new deal constructs like flex modernization to streamline our customers' upgrades. And this is fueling the fastest acquisition growth for SailPoint, which is to liberate the legacy IGA market. There sits out there $3.2 billion in legacy run rate just sitting in these legacy solutions. These foundational IGA programs can't meet the modern demands that enterprises need. And when we upgrade them to our agentic suite, we see a 3x plus expansion opportunity put in play. By solving today's immediate identity pressures while building on the realities of agent identities for the future, we are not only protecting their business, but we're accelerating ours. We effectively turned that $3 billion legacy target into a $10 billion expansion opportunity for SailPoint. And today, with SailPoint Agentic Fabric, we have these new selling paths to engage into this opportunity. We have 4x the number of ways that we can land new logos just in the past 6 months. We can land human, we can land agentic, we can land both or we can have a [ wedge ] strategy. We have 2x our selling motions via our agentic specialty sales teams, which now allows us to engage these new market buying personas and these new budgets. This market is quickly realizing that competitive architectures cannot survive in this AI era. And competitive displacement has become our fastest-growing acquisition channel, which is part of the reason why we see that 2/3 of our new logos come from failed competitive deployments. This opportunity is massive, and we are primed to own this. Let me hand to Steve to take you through some of the platform growth opportunities that we have. Thanks, Steve.

Thanks, Gary. As Gary had mentioned, we have more ways to land than ever before, whether that's landing agentic, landing human, landing with the platform advantage, that wedge strategy, landing up against the competitors. But just like we have new ways to land, we have more routes to market for the way we can land, whether that's through direct sales, our indirect sales team, our MSP channel, our marketplace is in more. And we have more ways once we do land in terms of how we can actually expand to create deep compounding platform stickiness. And when a customer lands with us, they quickly realize that identity is that central nervous system of their enterprise. They don't just stay for core governance. You heard that from Chandra. They see the vision. They rapidly expand to manage other identity populations, whether that's nonemployee, maybe nonhuman identities and also agents. And then with the success of the SpaceX IPO, maybe nonhumans in space, too. But customers mature from this static governance to real time and then being able to eventually get to that [ end state, ] which is autonomous governance, the agentic governance, utilizing more and more of the platform. They govern all identities, obviously, under one unified platform. They secure more use cases, whether that's data access governance, GRC and just-in-time authorization. They leverage the extensibility of the platform to integrate with the [ SOC ], create workflows via shared signals and allow for real-time remediation. And as a result, we're seeing a record number of customers standardize on 3 or more modules. And this platform expansion, which we're really excited about, massively will be accelerated by our recent announcement of Entro Security. If you think about Entro today, their agentic capabilities give us deep software life cycle management expertise, allowing us to secure not just the agents themselves, but the actual secrets, the tokens, the credentials, all those things that make up the workload of what an agent does. And by bringing agent governance with deep technical secrets protection, we are providing the customers, our customers with the most robust unified security solution on the market while decisively widening our competitive moat against the agent security solutions, those point solutions out there. We do feel like that market itself is actually commoditizing, in some cases now consolidating as well. And our product adoption strategy is really simple. It's provide quick time to value, really drive that blueprint so our customers are successful over the long term and then more importantly, just be there all along the way. And just speaking about being there all along the way, here's a quick illustration of one of our customers in oil and gas and their expansion journey with us over time. When customers move from IdentityIQ like this customer to identity security cloud, they are not just upgrading their technology. They're making this multiyear commitment to modernize their identity security program and effectively readying themselves for the future. And in this AI agents, this customer knew early. They knew real early that you cannot just manage agents in isolation. You just can't manage humans isolation. They have to come together to see the full context. That's why, in this case, you saw the Identity team come together with the AI team to make this decision and leverage budget actually from the AI group. And they understood that every AI agent, every automated process, every bot needs the identity and criticality of a unified control plane. And every security leader, especially at this example, you cannot -- they could not see a fragmented landscape with fragmented tools. They knew that they needed a unified control plane as the tool of choice, and it was the basic starting point for modern security. They knew the connection between the human, the agent, the agent to the machine, the machine to the data and then a unified policy around that. And our platform delivered that for this customer end to end. And it led to a 20x increase in ARR and most recently, a 50% increase in ARR when they enable the Agentic Fabric to govern agents and nonhumans via that unified governance model. So and finally, we have significant opportunity to modernize our base. It's exciting. You'll hear from Brian later that we have about $350 million that still sits with our IdentityIQ customers, which represents about $1 billion or more opportunity for SailPoint. But much like the example that I just shared and the technology shifts that we're seeing in the market, the tailwinds that you heard from Matt, there's more reason than ever to extend beyond just human governance, and SailPoint has created a [ glide path ] for these customers to the agentic suites that derisk the move to the cloud. And it starts with commercial constructs through our flex modernization program. We co-invest with our customers to remove any financial friction and allow them to adopt the platform as they mature. And from a technology standpoint, we have moved from a migration to an upgrade. This is a technological paradigm shift. Transitioning to the cloud is no longer this high-risk heavy lift migration, it is a seamless platform upgrade. And we have eliminated the biggest barrier to modernization that drastically reducing the professional services burden by almost 80% to 90%. And we have moved to what we call internally approved base methodology, which leverages 4 deployed engineers and virtual agent architects that is truly game changing. These architects are our IP, our institutional, are best of the best in terms of talent in the business, effectively becoming a digital twin to help migrate our customers to our cloud solution. So with that, let's have Jeff Hickman, our SVP of Solutions Engineering, join us on stage. Jeff?

All right. Get the demo set up here. All right. Before we jump in the demo, a couple of slides as they get that queued up. So good afternoon and good morning, everybody. We're very excited to showcase this innovation. It's been talked about a couple of times throughout the day. And if flex modernization was the license unlock, what we're talking about now is another unlock. And that's really the unlock of the cost and time of modernizing. And it's driven by the SailPoint's Agentic Acceleration methodology, which is powered by the Virtual Architect or the set of agents that Steve mentioned. And this is an AI-powered capability that automates and accelerates the transition today from an on-prem IIQ environment to the cloud or the ISC environment. And one of the hardest things about doing these modernizations is really untangling years of custom code, custom workflows. And if we think about it, dozens of people, if not hundreds of people and partners probably have touched these legacy systems. And it creates a complex environment and a complex code base with very little documentation of what's really under the hood. So unlocking that legacy stack used to take months of, frankly, human analysis and consulting. And so the solution now is a [ no cost ] AI-powered Virtual Architect to train with over 20 years of SailPoint IP and the know-how that completes a production-ready ISC instance in a matter of hours and days, not months. And in many cases, modernization becomes just as easy, if not easier, than a standard version upgrade. The Virtual Architect has derisked this transition and creates value day 1. This is really the game changer when we talk about that $1 billion unlock of our greatest asset, which is our existing customer base. So one key point as we move to the next slide, I want to emphasize here that this Virtual Architect, this is not a translation. We're not transposing code. We're not copying, pasting code from one environment to the other. This is truly a Virtual Architect that requires and is built on intelligent transformation. And this is the magic as we've ingested or input 20 years of knowledge into this architect. And there's insights from all of our top human architects into this to create a skills database that trains this Virtual Architect. And this [ SAA ] methodology combines deterministic engineering with nondeterministic LLM based models, all informed by these architecture curated skills. And so the Virtual Architect transforms your legacy investment into a modern, scalable cloud environment ready for rapid innovation. So let's quickly review how this works. So what you see on the slide is just the macro process. First, we ingest a customer's IIQ configs, and the Virtual Architect gets to work. The Virtual Architect automates the analysis, the planning, the building and the deploy to create that functional ISC environment. The Virtual Architect performs the heavy lifting, which parsing that IIQ environment, mapping the dependencies, and it does it within a matter of minutes really. And from there, it moves to the plan, build and actually deploy. And crucially is, I want to highlight here, there's still a human-in-the-loop here, and a human along the journey of the entire way because they validate the bill, they validate that everything is working. If there's things that need to be adjusted or fixed, they jump in and they can do that. And what's interesting is that starts to create a self-learning, self-healing capability because everything that we find that we haven't seen before, we then build a new skill for that architect. So this is the flow that we'll walk through. You'll kind of see this represented in our virtual agent here in a second. So let's just dive into that. If you want to switch to my screen here. Locally, we'll walk through what this starts to look like. So we can switch to my laptop. So one of the things you're going to see as we get into this, I'm plugging [indiscernible], they are all tried and true. Okay, there we go. Now we're working. Good going, guys. All right. So what we're going to see here, I was going to say, under the covers. We talked about this being our Virtual Architect. This is really a multi-agent architecture under the covers. So we have 6 orchestrator agents with 36 agents working under them, with 137 subagents working under there, all trained and working on these skills that we talked about translated from our humans. So this is -- while we talk about the Virtual Architect, this is a complex multi-agent system that we have built ourselves. And so as we say, we ingested, what you're looking at here, we've already ingested a customer's IIQ instance. This is actually a working -- or this is a real customer. We've [indiscernible]. Normally, the customer's name would appear here. And we land on our report card. This is what you're looking at. And so this is our full blueprint of what we -- what the agent has discovered within that analysis of the IIQ environment. And I'm going to jump into or just highlight a few things. First, I want to key in on 79%. The agent and the architect has said, in this environment -- it's effectively round up to 80%, 80% of it can be automated through what the architect knows how to do. That only leaves 20% that the humans have to intervene. So if it was a 1,000-hour project, it becomes a 200-hour project. Another thing that I want to highlight as we think about this environment, we're talking about sources here, 748. So 750 sources, these are applications that are connected. This is a complex environment. What you're seeing here for this customer is not just a vanilla easy layup, if you will. This is a very robust. There's 2 [indiscernible] sources in here, capital management systems, and then 746 connected applications to this environment. We've discovered or the agent has -- the architect has discovered 19 core use cases across the system. And so now we've got a view of what do we see in that IIQ environment. And as we scroll down, you can see our -- effectively our pipeline that we saw on the slide previous. This is the analyze, plan, build, deploy. These are all the stats and activities that we're underpinning at each of those steps. You can see that those steps are complete. We have run this through the entire process. As we scroll down further, we have some more report card stats in this case, highlighting about 6,000 hours effectively remediated at 80% in this case translated to about 6,000 hours of human work that did not need to take place at this point. Scrolling down further, I want to highlight a couple of things. And so life cycle events for folks that aren't steeped in identity, like some of the folks in the room here from SailPoint, I want to highlight life cycle events here. And this is kind of a simple process. These are bread-and-butter use cases for identity and we're going to jump into the new hire process. So think about this. Everybody when you guys got hired at your jobs, you walked in day 1, and there was an e-mail waiting there that says, "Welcome, Jeff. We're super excited to have you here. Here's how you access your systems. Here's all the things you can go do." Well, that e-mail is a complex orchestration under the covers of a lot of things going on, and that is very -- as nice as it is for you walking in day 1 knowing you can get ready and start to work, there was a ton of work, and IIQ or ISC helps make that simple and automated. So this is the new hire process we're into, and I want to highlight a couple of things here. One is right up here, which says, in IIQ, we had 9 artifacts. Think of the artifact as a workflow or a set of rules. We had 9 discrete artifacts that are now being translated into 5. I mentioned this is transformation, not transposing. We're not copying and pasting. It's not 9 to 9, it's 9 to 5. And what's interesting in this, and I'll zoom this a little bit so we can kind of see, what the agent is telling us is hey, a lot of these things are going to collapse just into standard configuration items in ISC. We don't need them. We don't need to copy, paste it over. But there is one thing that kind of called out, which is this send welcome e-mail. We need to have one custom cloud workflow that we're going to go build out of this. And so I'm highlighting this. Remember this SAA joiner, send welcome e-mail workflow because the agent had to go build that in ISC. That's what it's telling us here as it's going through its work. And so we'll close that off. But you can start to see, as I close that out, take a look at the numbers here, [ 30 to 4, 7 to 3, 7 to 3, ] you start to see the consolidation or the mapping of what used to be complex. And in ISC, it's all code, you're coding all of these workflows in lines of code living in IIQ. And when it goes to ISC, it needs to map into a SaaS environment, which is largely configuration or declarative based. So the architect knows and knows how to do that and makes that intelligent decision. If we highlight here, overall, if you think about all of those boxes of reductions, what we're saying is the Virtual Architect has figured out how to reduce complexity by 55% moving from IIQ to ISC. That's a 55% reduction in technical debt, things that people have to manage and maintain at a code level, it all becomes much more of a declarative instance. So this is the overview, ton-of-grade insights that's at the macro view of what the Virtual Architect has discovered. Let's go to the micro. In the micro side, this architect has actually already built all of the documentation for us automatically. We have our requirements and our solution design document. Think of this as what you would hand to of the 20% that I was talking about for that still needs to be created. We now hand those humans the blueprint for what they need to go create, and it sits inside the design documentation. So we've got a full upgrade plan. We've got our report card. If we can dive into these, we don't need to go through them. It's a lot of text, but it's a lot of insights. And so for customers for -- as we go in and explain what's happening and what the process and what this blueprint looks like, we can just -- we can give them all this information. We can show them in detail what we're mapping from one environment to the next. And that's kind of static, right? Those are reports and things we've already created, but this is actually alive, we can talk to our agent. And we have the ability through an inference window here to start asking questions. So I wanted to -- I'll give it a softball question, just how many workflows are going to be in ISC? And as it is chewing on this, it's actually using -- we're bringing a language model into the world of effectively IIQ. If you think about it, we're taking a look at that environment. And now the agent is coming back with insights. We have 87 workflows. And effectively, you can have a conversation with this architect, and you can start to understand what's inside that tangled web of years and years in IIQ of the build. I actually did some -- I was thinking about this on the plane last night. I asked it another question, which was -- and this took a little bit longer, so I had it queued up here. But I said, do you have any concerns, are there any security concerns, any vulnerability concerns with your current IIQ environment? Not saying anything about moving to the modern platform, but you can see here, the #1 security concern for this customer came back that said, holy smokes, you've got hard-coated credentials and API keys inside your coat. So if you listen to the presentation before, that is the opposite of zero standing privilege, whatever it is, it's the complete opposite of that. And so we can go and we actually had this conversation with the CSO of this customer, and we were able to come in and say. Look, what we discovered within your -- just your IIQ environment. There's a lot of items here to be remediated. And it opened their eyes to not only, how do I protect by moving forward. And by the way, there's a recommendation in here, if we can see this, which says, hey, by the way, if you do migrate to ISC, when you do that, there's standard configuration items that are capabilities within ISC that would remediate this automatically and prevent it from happening. It is a way of moving into a best practice posture when you move to ISC. And so not only are we helping them with the vulnerability they've got today, but we're mapping to the future of how do you remediate that going forward in ISC. So pretty powerful to not only have a macro report card, a capability of full documentation, a way to interact with that agent in a real-time basis. But if you recall, the last step in our pipeline as we went through was build, deploy. And so this agent has an architect has gone in and said, you know what, let us just get going and we'll build that ISC environment for you. So what you're seeing is a live demo environment that was created by the virtual agent. You can see here on our home page, this certification campaigns. These were configured in items that were within their IIQ, their 6 certification campaigns that are in here, they came over, they're already working. We can demo those certification campaigns straight away out of the box. All of that data came with us. And all of those workflows came over transposed from the IIQ environment. So I want to jump in. Remember that workflow we talked about as far as the new hire goes. Well, if I jump in, here's our [ SAA ] welcome e-mail. So again, this is a welcome e-mail. This is the description of what that e-mail is. But if I want to really go see what that looks like. Remember what I said, this was code, right? This was a set of workflows and rules effectively that were coded into IIQ, and now all of a sudden knows, the agent has built that and it's come to life in a declarative form within ISC. And now what's amazing about this is it doesn't require a developer like you used to have in the IIQ environment where you got to go manipulate code. Now you're an administrator that can use declarative tool sets to make changes into this workflow. And you can see it's quite complex and quite robust. This customer did not want to change what this workflow was. It was -- they liked the workflow. They want it replicated, and the agent and architect have built that over here in ISC, quite powerful. And so what's -- this provides a platform, right? What else can we go do with this? And so what I've just shown you is how do we move IIQ to ISC in a kind of similar like-for-like feature function kind of way? You have to do the translation, but it is the like-for-like. But what happens if I want to start layering in all that innovation that Chandra was talking about, discovery of agents, the power of the platform, getting in and using the power of the Atlas platform. Well, one of those capabilities that lives within our platform today is this, is our identity graph, right? And so this is a great way to visualize these identities. [ Dawn Oliver ] was an employee that lived in IIQ. Now she's living in ISC. We've brought her to life here. You can see her access profiles, her roles, all of her entitlements came over. And I want to blow out her entitlements real quick. And so what you're seeing here is all of her entitlements, we can see those. There's one line in here, which is yellow, if you can actually see that right here. And this thing, this entitlement is actually to an agent. Well, we didn't have an agents in IIQ. Now that we're running in ISC, we can start to layer in, in a demo fashion all of the amazing innovation to bring to life for a customer when we're demoing this, hey, look, now you're on a platform that you can start to ingest all of this amazing stuff. And so if I go look at this agent that we had discovered. This is a payment history agent. It has 4 entitlements itself. And I'm going to go into the details here, and I can see a lot about this agent. But what's interesting is, right, the source says AWS, SaaS, this was discovered. We connected this to a Bedrock environment. We pulled back and brought this agent, discovered the agents that were living in Bedrock, brought them back in. We've already discovered them, visualized. But what's amazing here is I've just -- we've assigned the owner. And so now what we're showing is we've moved from discover visualized to govern and protect, right? We're able to start showing that path and we can demonstrate that, even though this was an IIQ environment and we walked in to do an IIQ demo. Now all of our folks and our sales engineers can say, hey, here's what else you can start to go do. Here's why this is an acceleration path and it unlocks all of the other capabilities of SailPoint for these customers, and we can visualize that walking in day 1. So this becomes an amazing platform to jump off. If you think about this from a go-to-market perspective, what we are able to do now is as we walk into a customer's environment, we can not only show them the blueprint, show them what we discovered or show them what we've analyzed within their IQ environment, but we can show them what it looks like working, their workflows, their data with our new innovation working alongside that and all of a sudden, the light bulbs start to go off as far as what the future looks like in a much faster way. As we think about innovation here and thinking about that go-to-market posture, this engine effectively is a paradigm shifter for us because what our Virtual Architect knows how to do very well is speak ISC. It can build ISC from a set of artifacts. And the artifact in this case was an IIQ config. We are working on other artifacts. Imagine a world where we have RFIs or RFPs that come in with outline basic use cases. Well, we know what those use cases kind of look like when a customer says, "Hey, I need a new hire workflow use case." Well, we know what that kind of looks like. Our agent can go stand that up for you. And so instead of coming into a customer's environment and power pointing them, we can come in and say, here it is, here is what it looks like working. And so that goes for new logos like Gary was talking about. It goes for the unlock of legacy platforms as we start to teach our architect how to speak other legacy platforms. This is a true unlock across not just our customer base, but a paradigm shift across our go-to-market here. So with that, I want to come back to -- we got one more slide to present as we wrap up. So if we go to the next slide, I come back to the Powerpoint here, okay. Perfect. So as we wrap this up, as we just saw, we're investing in no cost to our customers to use our virtual agents. And our goal is to accelerate our customers' journey to the cloud, preparing them to take advantage, as I said, of all this new innovation driven by this nonhuman explosion. And if you think about this massive shift, like I said, in that very first meeting, we can sit down with a customer, show them the blueprint as well as their live data working within a live environment with their data, their workflows. We can eliminate hours of collection of information and analysis, demo creation, PowerPoint theory. And if you step back, it means we're moving to a world where we can sell and almost simultaneously deploy, and that is kind of the true north of where we want to go. So perhaps most importantly, the Virtual Architect allows us to leverage our customers' investment that they've already made. That investment in IIQ is no longer a sunk cost. It is an accelerant into this way -- into this world. Their ISC environment has stood up much more intelligently because of that passive investment they've made in IIQ. It brings the customer's identity IP, if you think about it that way, into the cloud quickly and at a much lower cost, enabling the ability to rapidly adopt our latest innovations here that we saw this morning. So this is a good segue. This all sets the stage for kind of this next bit of discussions. And we've won -- we're starting to unlock this blocking and tackling of IIQ to ISC and how do we use -- it starts to free up human time. And so how do we use that time and mind space freed up from those lower-level task to do much more strategic things. And so I think that's a great segue to bring up my friend, [ Rex Thexton. ] He's our Senior Managing Director from Accenture, to give his perspective of what he's seeing in the landscape.

At Accenture You have a front row seat, the catbird seat to boardrooms and C-suites. And we've been telling investors today that this explosion of AI and agents is really creating a massive inflection point for customers and for us, frankly, about how you rethink security and strategies. So from your vantage point in this agentic shift, how -- what are the frameworks? Why are the frameworks that are built for human-centric governance probably not sufficient in this new world?

Yes. No, I think it's a great question. So just more background. I'm a Global CTO for our cybersecurity business as well. And I think over the last 3 -- how long it's been 3 or 4 weeks, we had this thing called the Mythos moment, right? Everybody was concerned about vulnerabilities and all these different aspects. And what it -- fundamentally, top people is nobody is prepared for what the frontier models can unlock from a security perspective. And then if you look at where identity sits in that big picture, what all these agents can do and drive that, identity is the control plane for people to be able to unlock agentic identity in their environments. If you don't know what the agent has access to, how it has access and what it can do, you are in big trouble. And I will give you an example because I brought this Mythos moment frontier model. When we started looking and running test, you can -- one of the things was they can find vulnerabilities, right? That's Step 1. Step 2 is it could find novel attack pass. When we found these novel attack path, you know what the funny thing was, 80% of the way to break the attack path was either -- was to do an intervention with an identity capability being able to go in and limit or revoke an identity or a token or something, but there -- a lot of them are that related versus this patching, this [ CV ] will break the chain. A lot of the minimum [ cut paths ] were identity related, which I found somewhat surprising from that perspective just initially. But that was just back-based data as we went out and mine these attack paths with some of the latest frontier models. And so that is super important from an unlock perspective. I think if you look at what clients struggle with, and this is what we see every day is, hey, I've got this human identity infrastructure. First, they try and adopt it and use that for nonhuman and they struggle pretty adamantly with their legacy tech solutions. So one of the things that we've been very focused on, and I think we talked about this last summer, it's about getting our clients to modernize that little to no cost. And the funny story about that was one of my favorite consulting stories, a few years ago, there was a multi-conglomerate that wanted to break away and had to tick their identity system. And I remember one of our lead consultants in the time, the client, he said, "Yes, we're going to go in and we're going to go figure this infrastructure, we're going to do all this stuff." And the client says, "So, what do I get?" And he goes, "Nothing." That's it. And I thought that was funny because that's what we're getting rid of, right? We're able to get them so that they can start unlocking the value of agentic identity. And I think there's this other aspect. If you watch some of the [ Sequoia ] talks, you talk about this concept of diffusion, clients can't unlock -- they can't keep up with the frontier models from being able to unlock the power of AI. And part of that is they all sit there. Every conversation we have is, how do we do this securely? How do we do this securely and being able to leverage agentic AI? And so there's -- first answer is nonhuman identity and being able to make sure that you know what your agents have access to, what they can do and the context in which they have it. That's Step 1. If they don't do Step 1, what they end up getting is, and I was at a client the other day, and they ran a shadow AI discovery. They found 1,000 agents running on their network, tokens everywhere. And that is a big problem. And that's happening no matter what. So they either data cut it all off or they get identity under control and then they can adopt from that perspective. Does that make sense?

Yes. Super helpful. All right. So let's talk about some execution of our massive installed base that we kind of walk through. And we introduced, obviously, the SailPoint Agentic Acceleration here today, which is heavily automating this transition. And a natural question from really the larger community might be or probably should be or will be, how will this agentic innovation reshape the services industry from the traditional implementation as those traditional implementation models evolve? And as more -- this modernization becomes automated, how should we think about the potential impact on partners for that?

So I think it's a different type of impact. So we've been shifting to an outcome-based model for quite some time. And where we see the value is being able to unlock. And if you look at what we're trying to do is provide the best outcomes for our clients. And a lot of times, in the early days of identity, we can only cover the [ SOX ] apps or the regulated apps. We can only cover a portion of the estate. That's no longer going to work. So what we're able to do now and instead of spending money on that, call it the [ Seinfeld ] phase, the nothing phase, we're able to go in and get that done and then go and scale the estate and help our clients scale. I think there's no one better positioned than SIs in the world to be able to go and we've been doing this for years. We've been making [ SAP ] work, we've been making the identity tools work. We've been making everything work. We have that institutional knowledge on how to best integrate and implement these capabilities from a frontier perspective. I think that's what's unique about us. And so we're shifting to what we do best versus spending time on what I would call the mundane, and we're able to go in and start unlocking that high value and helping our clients deliver those outcomes that they're looking to deliver, they're being able to leverage this new technology. I mean it's probably the most exciting time I've ever seen in my life. I think the biggest issue that I see out in the market is our clients aren't moving at AI speed from a procurement perspective. They're still trying to go through and evaluate. And I think one of the things that we talked about early on in our partnership was, how do we help our clients unlock because clients don't want to buy another tool. They've had these processes for regulatory capabilities. There's a huge data switching moat around just the human. And if you're going to go reimplement those in a new tool, different policies, it doesn't make a lot of sense. So they expect their vendors like SailPoint to be able to come in and be able to provide this nonhuman identity capability and being able to unlock and get there faster allows them to be able to unlock the agentic future in their enterprise with that new control plane. That is super important. And that's why we've been pushing you guys pretty hard to come up with something like this so we can get in there and start doing it faster because if the first inhibitor is cost and time, that doesn't work. And so if you take time, cost and uncertainty out of it, because a lot of clients are afraid to migrate because they're stuck in this mode of, I don't understand what I have today or I do it this way, and there's this, what I call this fear, uncertainty and doubt. If you're able to unlock those 3 things, time, money and confidence then they can move at pace and then unlock the future, which is this agentic world. And that's how they're able to provide outcomes to their clients and to their Board and to their bottom line.

You said this before that we've been talking. The work doesn't go away, the work is just different. And I think that was really more of it. So well, awesome. Thank you so much for joining us today. This was great. I'm going to turn it back over to Mr. Steve Caldwell to take us home for the go-to-market here.

That was good stuff. Our operational rigor, and we talk about this quite a bit, sets us apart. And we've been investing in AI across SailPoint since the inception of ChatGPT in November '22, we've been early adopters. But we do live in this world of what we call internally institutional deep fix in enterprise software where you can buy code, and you can buy code something that seems real. You could buy code something that can be a great POC as well. But buyers, as you heard from Jeff and Rex just moments ago, need to really change the way they evaluate enterprise software. I think profound trust and integrity becomes more essential than ever before. And we think about the market of IGA and you think about how the IGA has evolved into identity security, IGA going to the edges and governing more identities is effectively identity security. But IGA in its acronym form is more important than ever in the age of AI. If you think about the acronym, identities, there's more identities than ever before. There's more governance that's required than ever before. There's more administration that's required as well. Thus, the financial and security risk that they fail deployment are just simply too high in this world where AI is just moving so fast. There's no time to ever catch up if you get that decision wrong. So that's why we operate now internally as something we call the Velocity of Trust, which is a paradigm shift in the way we sell. You've heard a lot about that from Jeff moments ago in terms of our capabilities in this area. It's moving from what we call a promise based selling where you're making a bet. And then you're hoping -- you're going through an implementation, you're hoping it pays off to moving to proof based where you know upfront that you're making an investment that's going to have a return. You know you're going to be successful. And so by utilizing Agentic Acceleration, we absorbed the risk for the clients. It's risk off the buyer, now it's risk on the vendor being SailPoint. And we have automated away the complexity that sometimes gets associated with identity governance or legacy IGA or competitive IGA. What we didn't mention was our Agentic Acceleration can be applied to legacy IGA. It can be applied to competitive IGA to make those transitions to SailPoint that much more effective and timely. And this allows us to simultaneously sell and deploy all at the same time, which we believe is a financial and operational motion that the competitors, the market itself cannot match. So with that, I'm going to turn it over to Wendy Wu, our Chief Marketing Officer, to share the successes we're seeing with customers, the analysts and then also share with you our pricing and packaging model.

Thanks so much, Steve. Hi, everyone. So at SailPoint, the ultimate foundation of our business is the trust. We're not a point solution. We're the definitive system of record for identity security and serving the most complex organizations on the planet. Today, we protect over half of the Fortune 500 and nearly 30% of Global 2000 from Forbes. These are organizations, they operate in the highly complex and hybrid environment under massive regulatory pressure. They chose SailPoint for one single reason. We scale and we deliver. And you can see that trust in our retention rate at 97%. And that speaks to the stability of the business and the critical role that we play for our customers. Once SailPoint is deployed, we become very hard to be replaced, and we're deeply embedded in our customers' cybersecurity defense. This level of trust is validated by major independent analyst firms, as you see here. In the most recent IDC MarketScape and KuppingerCole Leadership Compass, SailPoint was positioned as the undisputed leader in identity governance, and we stood out for our market leadership and our vision. And most importantly, our customers have spoken. Their feedback earned us the Gartner Peer Insights Customers' Choice Award for 2026. So for us, these recognitions really matter because they reinforce what we see in the market today. Customers want a platform that they can trust for mission-critical identity security needs. And that trust gives us a very, very strong foundation to expand and evolve our solution. And that allow us to capture the next wave of demand as identity expands from humans to non-humans and agents. So I know you guys are wondering, how do we monetize our product portfolio. Up until recently, our commercial baseline was built primarily around our identity security cloud suites, Standard Business and Business Plus. And built on our foundational analyst common services, these suites, they deliver the comprehensive out-of-box governance for human identities. Customers can easily expand with the advanced add-on capabilities such as nonemployee risk management and several others. But the enterprise buying behavior is shifting. Customers, they want commercial investment that can perfectly align with their maturity without a rigid lock in. That is why we created SailPoint Navigators. They're the flexible purchasing pathways that let customers buy and adopt exactly what they need. And it simplifies the procurement process, accelerate the sales cycles and create a frictionless pathway for future expansion. Now while securing human identities really drives our baseline, the market is moving incredibly fast, and we are launching the industry's shift into the agentic era. Today, the most urgent operational risk is really the explosion of the unmanaged AI agents and machine identity that we've been talking all this morning. So to capture this market shift, we have evolved our market entry and packaging strategy. For the very first time, customers do not have to start with the SailPoint human identity solution. If a net new logo or an IIQ customer, they need to solve their agentic identity problems immediately, they can purchase the SailPoint Agentic Fabric that we just launched as a stand-alone solution to secure their nonhuman identities. What this means is it unlocks a massive new TAM for us. It allows us to really capture the enterprise who otherwise would have turned to our competitors. But as we said, the ultimate security for enterprise can only be achieved through a unified control plane because you cannot secure agents in their own silos. And you cannot fully govern these agents without mapping its access and its accountability back to its human owners. So to solve this, we have introduced our Agentic Business and Agentic Business Plus suites. They unify both humans and agents under one control plane. For our existing customers, the upgrade path is completely seamless. Customers can step up directly from Business to Agentic Business or all the way up to Agentic Business Plus as their needs mature. And customers who are already on Business Plus, they can move directly into Agentic Business Plus. And each upgrade represents a seamless journey with a corresponding price increase to cover the extra value we deliver. So this is the future of our business. As our platform continuously discover more unmanaged nonhuman identities customer, naturally, they will see more risks in their environment that they want to keep under control. So that creates a very compelling reason for them to expand their footprint and turning the Agentic Fabric and agentic suites into a highly scalable growth engine for SailPoint. Now having talked about the packaging strategy, how do we price for this shift? Let's keep it simple and predictable and really monetize their growth through a hybrid pricing model. As we know, legacy-based pricing alone today is just not adequate anymore. It does not fully capture the reality of the modern security. AI eventually, they may optimize the number of human workers. But at the same time, it is also causing machines and agents to explode. If we only charge per human, we missed out the massive upside we have. At the same time, the reality with our customers is they're very, very hesitant to commit to a large upfront payment because they simply don't know how many agents are there in their environment that they need to secure. So our hybrid model solves this by balancing the budget predictability with value-based scaling. We land with seat and we grow with extra capacity. To make this initial landing completely frictionless, our commercial anchor remains on the predictable human identity licenses. But to remove the upfront guesswork, we include a generous baseline of nonhuman identities with every single human identity that you purchase. This really allows our customers to safely discover and secure their agentic identities on day 1 without having to worry about immediate overages. Then as their environment grows, they're likely to exceed that baseline. Now they can scale seamlessly by purchasing our modular capacity packs. And this ensures that their ongoing financial investment scales in proportion with their actual platform usage, such as the increase in their agent volume, the API calls they're making, the workflow automation, data retention and data refresh. So here is the bottom line. We eliminate the initial buying friction to accelerate immediate adoption. And as customers AI and automated entities multiply, our revenue will scale in lockstep, and we're directly monetizing the explosion of agent-driven work. So to bring it all together, we have the trust of the world's largest organizations. We have the leading platform to securities new identities of human and AI agents. And now with our hybrid pricing model, we have the commercial engine to capture the financial upside of this digital explosion. As our customers' environment to grow more automated and complex, our revenue will scale alongside with them. And we're not just securing the future of the enterprise, we're actually building a scalable and predictable growth engine to go along with it. Thanks, everyone. I'll bring it back to you, Scott.

All right. Thank you, and thanks, Wendy. Thanks team. That was a lot of information this morning. I hope you found it valuable. I'm going to call a little audible. We were supposed to do Q&A. But I think instead, we're going to add some time to the end. And we're going to go to break, let everyone stretch your legs, get a snack, use the restroom. So we'll be back in about 10, 15 minutes, and we'll start back up again. So thank you all. [Break]

All right. Welcome back. There's a lot of things that go into an event like this. And I got to say there's a lot of people to thank to help us prepare for today. The one thing I didn't have on my list was a fire alarm. So I will add that to my checklist. I apologize for that. But anyway, look, we got a lot more content this afternoon, and then we'll get into the full Q&A. So with that, let me introduce Meredith Flanchar, our Chief Customer Officer.

All right. So I hope you can join me. I'll introduce you. So hopefully, no fire alarm. So this morning, we spent a lot of time talking about technology. But the reality is that major technological shifts like this are never just about the vendor. They really require this true forward-thinking partnership between the vendor, the customer and the partners like Accenture. And what our next guest and his organization have achieved in terms of modernizing and securing their identity perimeter really does deserve to be in the forefront. And honestly, we're just incredibly proud to play a supporting role in your story. So what I want to do for this session is flip the script a little bit. And instead of talking mostly about SailPoint, talk about the incredible transformation that is happening at one of our customers, the Vanguard Group. Vanguard has been a customer of SailPoint, a great customer for 10 years, and it's been really fun to watch how they've matured. And talking about AI, they're not just starting to adopt AI, they're actually actively using it to design behavioral nudges to help over 50 million clients make better investment decisions. They rolled out tools like Expert Insights that gives their financial advisers things that like superpowers, they can personalize their portfolios at scale. And then they have -- it's called the well on your Way platform. And I actually saw a commercial about it the other night, and it was really interesting. It uses AI to analyze 35 million, 35 million data points to help employees improve their financial well-being and move closer to retirement. So with that, I want to welcome our guests Srinath Srinigilpali, who is the Global Head of Identity at Vanguard. So Srinath, thank you so much for joining us. I appreciate you taking the time out of what I'm sure is a very, very busy schedule to share your insights with us today. It's fantastic.

Thank you, Meredith. Can you guys hear me? Okay. Perfect. It's great to be here today.

Okay. Well, thank you. We appreciate it. So I'll take the context. You manage identity for an organization that oversees trillions in assets. And I want to learn more about your role and Vanguard in particular, but -- and then understand with all these massive AI initiatives that are rolling out, what's the most exciting AI initiative in your world right now? And then more importantly, as Global Head of IAM, how do you help balance this need for massive innovation yet keep things secure?

Great question. So just for everybody's benefit, like I'm sure everybody has heard of Vanguard, but Vanguard is an organization whose mission is to make sure that our clients have the best chance for investment success, right? Like you know us as a low-cost fund provider, but our goal is to provide the best products at the best price and make sure our clients are successful. So as Meredith touched on, it's 50 million clients across the world. And we have a workforce of about 30,000 to 40,000 that provides this service at scale, right? So -- and we're a digital-first company. So we leverage emerging technologies to provide these services at scale. Like we don't have physical offices where people can come in and interact with us, right? So whenever we talk about a technology and especially as an exciting technology as AI, we've kind of adopted and embraced AI in a very aggressive way, right? So what's fascinating is the definition of what a user has evolved over the last few years. When we talk about AI-driven initiatives of Vanguard, whether you talked about the expert insights or benefiting our retirement clients, we're no longer talking about just human beings logging into systems, right? Like the processes behind are pretty complex and autonomous combination of humans, systems and AI agents that act, make decisions and execute workflows, complex workflows on behalf of our clients and advisers. So my role in IAM and broadly across security in our organization isn't just about being a gatekeeper, right? So especially when you talk about gatekeeper, I think people think of like, hey, somebody is stopping people from doing things, right? And that's not what we want to be. It's about building a robust identity-first foundation of trust, so we keep our clients' assets secure, right? So we want our developers and their business units to innovate at lightning speed, but they need to do it within a secure framework. So if we can secure the identity of these AI agents and systems from Day 1, they give the best chance and the best confidence for our business units to innovate fast.

No, I appreciate the context. And I want to come back to that gatekeeper analogy here a little later in this session. I think that's really interesting. But we have a crucial distinction here. We're transitioning from gen AI as a passive copilot, if you will, to autonomous AI agents that are acting as, like you mentioned, a very large, in this case, digital workforce. I don't know if you're hearing kind of this discussion or debate, I certainly am, especially across CISOs and CIOs. But one of the biggest organizational hurdles they have right now is structure. How do we actually govern this? There's a passionate debate around do we need a Chief AI Officer, do we do this via committee? How do we keep control of it? So Vanguard is interesting. You're in one of the most highly regulated spaces in the world. So I'm curious how you're thinking about this? Are you looking at a Chief AI Officer? Is it a committee? And then more importantly, your team, how do they integrate or coordinate with this structure to make sure that security is moving at pace with innovation and isn't an afterthought?

Yes, it's a great question again. And look, I'm sure every leader in this room and everybody out there is thinking about the same question, right? So we recognized as an organization very early on that AI adoption and governance cannot live in a silo. Like there's not one person who's going to sit and make a decision, right? So we do have an AI Officer. We actually merged the AI Officer with the Engineering or the Technology Officer roles now. But we have established dedicated AI leadership and cross-functional AI governance committees, right? So there's executive sponsors and then there's governance committees and decision-makers, which includes business leads because they have a very large stake in it, risk officers or legal teams, privacy teams and technology champions, but the one I just held on to the last but not least is the security organization. So the CISO, myself and the security operations center, we're all part of that AI governance council right from Day 1, right? And I am in security organizations, we all have a permanent seat at the table, and we make it a nonnegotiable principle that AI agent is an identity that we have to do, right? So when our AI governance leads design the guardrails for what an AI system is allowed to do, what my team translate -- does its translate those guardrails into actionable policies, governable policies, right? So if an AI counsel decides they're going to create an adviser-facing agent that can read portfolio data, we make sure that, hey, like if you rebalance the portfolio, you're not actually executing the trade because that's not the intent of it, right? So that constraint reinforces at the IMC layer, right? But not just in the code, but even in the IC layer. So because of this tight partnership, we ensure that as AI leadership pushes the envelope on what's possible as a security team, we're right there from -- with the right architecture and the dynamic enforcement.

Yes. So a permanent seat at the table, I think that's phenomenal. So I want to transition now and talk about agentic sprawl or this agentic wave that is coming at us or rather on top of us right now. Enterprises are rapidly deploying autonomous AI agents, and this is creating this massive new risk vector for us. These agents adapt, they learn, they take unpredictable actions, which means that legacy static controls completely ineffective, completely ineffective. In fact, we were talking earlier, we have an internal group, and I was asking one of our data scientists interns. I said, what's the one thing I should know about AI? Just tell me one thing, pick it. And she said, AI agents like to please, and they will tunnel through walls. They will jump over buildings. They will wedge their way through even the slag of cracking the doors to get you an answer to the question it think you asked. So that's what we're dealing with here. We're dealing with this and at scale. And that's why dynamic, not legacy static, dynamic context to where governance is essential, absolutely essential to secure us in this day and age. So again, Srinath with Vanguard operating under this kind of intense regulatory scrutiny. I'm curious, how is your team thinking about the unique risks that are associated with this agentic wave? And how does it differ or does it differ from previous shifts like moving to the cloud? And then secondly, how are you considering this part of your strategy?

Yes, absolutely. So I'll address the second part of the question first, which is how do I see this different from like the earlier transitions of like cloud and SaaS? So we moved about 90% of our workloads to the cloud, right? So we've kind of made a huge bet into moving to the cloud. But when I look at those transitions, they were mostly IT-driven initiatives. They were not necessarily like a business saying, I want to move to the cloud, right? But the AI transition has been very much like a joint partnership between the business teams and the IT teams, right? So the willingness to adopt AI is coming from both sides. So when we started looking at this deeply, we realized that like the traditional security models of being reactive are not scalable. Like that's not something that can fit in this, right? So this is a new reality that we all had to adapt where this adoption of technology is much faster than you can actually prevent it, right? The blast radius, as I like to say, was much smaller in when we did the cloud migration or the SaaS migration. In that world, if something went wrong, like hey, you can look at a firewall logs, you go to your SIEM logs and get information about what went wrong, right? But we heard this morning, too, on the speed at which AI can cause you to identify vulnerabilities and also exploit that quickly, right? So AI agents act at machine speed with human access, which is really scary, right? So AI agents can query databases, aggregate data, take actions, talk to other agents, right? So it's very important that you constrain the blast radius of an agent. So especially because if an agent has a hallucination or it's given the wrong data, it can cause severe damage. So it's not just your threat is no longer an external actor coming in and causing damage, it's also a rogue agent internally, which has wrong information provided to it, right? So that's where -- that's where the active monitoring is too late. We had to realize that identity is the only viable control play, right? So if we don't have absolute real-time visibility of who created an agent, what is the intent and what data does it have access to and what is actually happening in real time, that creates a massive blind spot for us.

Yes, it's a massive blind spot. And at the end of the day, you really can't secure what you can't see. And if you have an AI agent that is operating with a generic shared service account, which is honestly what we see in a lot of these legacy setups, you have 0 accountability. If that agent goes rogue, you have no idea which business unit owns it. You can't even figure out how to shut it down. And by the way, if you can, you have no idea what you're breaking from a business process standpoint down the line. So I want to double-click and talk a little more about SailPoint in this portion of it, but I'll talk about how we solve this. So if you look across the landscape, there are a lot of vendors out there, a lot of point solutions, and they're touting Discovery and visibility is really their core value. That's great. But simply discovering and finding an agent, that is table stakes, absolutely table stakes, which is why, honestly, we give discovery, we give that capability away for free. The real power isn't finding the agent, it's once you find it, what do we do? What do we do next? And that's where we do, as Chandra spoke, have a real competitive advantage here. We are the only organization that has that enterprise-wide identity context. We can link these nondeterministic agents to their human owners, and we can govern their intent. So Srinath, I want to understand from you how Vanguard looks at this. When you're deploying AI at scale, how important is context and intent as opposed to discovery? And then from an access governance standpoint, how is that driving your strategy?

I love the free price, by the way, discovery -- but I think you hit -- you kind of mentioned it, which is like when it comes to AI agents, context is everything, right? So if you want to govern an agent: one, you need to find it; and two, you need to understand, hey, what is the intent that it was, right? So we typically ask 3 questions is like who is a human sponsor behind the agent? I think I saw the earlier presentations talking about like how do you do human with agent governance. So human sponsor is very important, right? So every agent must have a human owner who's ultimately accountable for its action. That enforcement is important. The second part is like what is the intent of the agent? What's the purpose of this agent, right? So like we need to kind of -- should be able to dynamically map the permissions to the specific business function and the need that the agent is created for, right? So you cannot generically give like the broad administrative access to every agent. That's just very over permissive like get close to as close to 0 standing process as possible, right? And the last but not least is what data is it touching, right? We need to know if it's interacting with public data, proprietary data, client PII, investment information that's considered confidential in our world. So all of that matter quite a bit for us when we think of managing agents, right? The other piece of it is like, hey, you need like a single pane of glass view into your human and nonhuman entity. I think Chandra earlier talked about the scale of humans to machine or nonhumanities being 1 to 100, 1 to 1,000. The scale of impact is huge in this world, right? So having a single system where you can see all of this in one place is very helpful. And again, kind of coming back to the government aspect of it, it's, hey, if the owner of the agent leaves the company, what's your process, right? Life cycle management becomes a major concern. So -- or if the agent's behavior deviates from what its original intent is or people change the access on it, like do you have a way of flagging it and governing it and reviewing it, right? So I like the feature of like the certification of agents. Like we don't do that as well for service identities today. But getting into the agent world, I think that's an area that we need to kind of really, really get better at.

Yes. No, that's great insight. And watching and flagging that behavior, that is that dynamic context that we're talking about that is so critical right now. So as I'm listening to your answers, it's clear that you've managed to find that perfect balance between security and innovation. I may have you talk to other customers about that as well, but we'll talk after this. But unfortunately, and back to the gatekeeper analogy, I still have conversations where I hear from leaders that they're leveraging security as a brake pedal and they're slamming on the brakes. They're saying, okay, we got to stop and then we'll figure out this whole AI and then we'll start moving quickly. But to use a Formula 1 analogy, foundationally, if you have good brakes, you can go 200 miles an hour right out the gate. And that's how fast we need to move right now. So knowing Vanguard was a customer for 10 years, you've got a very, very strong foundation. So I'm curious, how has that and from a security standpoint, enabled your business to innovate faster yet still stay secure?

I love the brake pedal analogy because I've been in the security industry for about 4 years, 5 years, but before that, I used to call security the [indiscernible]. So -- but when we kind of think of security at Vanguard, right, we -- like, yes, our primary purpose is to protect client assets and Vanguard's assets. But the second goal or the second mission statement we have is how do we be the enabler for the organization, right? So securing identity is our ultimate business enabler, right? And because we have like a robust IEM and security frameworks, our development teams don't come to us with every little thing, like we give generic frameworks and then they can navigate if take risk-based approaches. But we don't spend months negotiating on -- with security and compliance and privacy and everybody else on, hey, if you want to launch a tool, right? So we have out-of-the-box decision frameworks that we can leverage to kind of go and implement things, right? They know that if they're -- if they want to create an agent, they have to assign a human sponsor, they have to request the exact privileges through our SailPoint system, and they can deploy to production pretty rapidly, right? So that foundation of trust and control allows us to innovate safely while at the same time protecting our clients, right? So -- and adopting latest AI breakthroughs, I mean, there's so much happening every single day, every single hour. I'm pretty sure by the time we finish this conversation, there's a new Frontier model that we should be scared about. But there's so much happening that you need to kind of have a quick decision process and an easy path lane for those of you on the East Coast that we think of.

I think that's so important. That decision framework, I haven't really thought about that, but having a way to react and respond quickly is going to further the trust between the -- that's great advice. I'm going to ask you for one other piece of advice just to close this out. What is the single biggest recommendation, words of wisdom that you would give to others that are navigating their way through this logistic space?

Yes, this is a tough question. But look, technologies like AI, quantum, blockchain, like you name it, like they are really pushing the pace of change. I've been in the industry for 20-plus years now and the pace of change just keeps increasing and increasing and increasing. And it is exciting to see what these advances can do, whether it's health care industry or financial services or client service, security professionals -- we as security professionals cannot be the roadblock. You used that analogy of B, we cannot be their roadblock. We have to figure out how to fundamentally redesign security to be more of an enabler like what I talked about at the beginning of the adoption because if you tend to be the no police and people tend to go around you, which is a much bigger risk. So you want to make sure that you're staying ahead of the game or at least at the table at the beginning and designing your system, so it's easy for people to create and adopt security as a service, right? So don't wait until you have a sprawl, agent sprawl to think about identity. And if you're waiting for developers to build dozens of autonomous agents before you come up with your agentic security strategy, it's too late. Like then you're running around to kind of grab your arms around the whole problem, right? So you'll end up with a legacy mess of unmanaged service accounts, shadow AI and massive security gaps. So it's something that you have to be worried about. And start treating AI agents as first-class citizens, right, in your identity directory. So establish your governance frameworks, partner closely with your AI leadership teams, whether wherever they are in the technology domain, business domain, privacy, legal and build an identity control plane that can scale at the speed of how the industry is moving. So start early and figure out a way to enable.

Great, great words of advice. And you mentioned don't wait for agents for all. I think the reality is it's out there. It's, we just assume it's there and you need to tackle it. So thank you. Thank you so much for joining us, sharing your insights and of course, for being such a great partner along the way. I really appreciate it.

Thank you.

And at this point, I'm going to transition to our Chief People Officer, Abby Payne; and our CIO, Shri [indiscernible].

Good morning or good afternoon, everybody. I'm happy to say that I am not the last presenter before lunch. Brian Carillon gets that distinction. So we'll get through some of our internal AI initiatives together with Sri. I'm really thrilled to be here. Thank you all so much for being here. I'm also excited to share how SailPoint is driving innovation through our own internal AI transformation, improving both our employee and customer experiences and while minimizing the risk that you've heard about all today. As I said, I'm joined by Shri Cantcharla, our Chief Information Officer. She keeps me kind of on the rails on the technology. I appreciate her so much. Because, look, a lot of you may look at me and go, gosh, your Chief People Officer is up here talking about AI infrastructure and kind of IT readiness. Why is the Head of HR talking about this? I'll tell on myself a little bit here. Last night, as I was practicing some of my remarks, I actually vibe coded a teleprompter like the one in the back that we've all used today. My vibe coding did not work in fact, and so it was a lot to do for nothing. But I think when Mark asked me to do this, his vision was actually very clear that AI is not a traditional SaaS or software deployment. It's actually a fundamental shift in the way humans work together. And so that's why we decided to pair these functions together during what is an incredibly transformational time. So we've gotten really specific in order to avoid the AI sprawl that Meredith just talked about to anchor our strategy around 3 specific outcomes: revenue generation, customer experience and as I talked about, workforce transformation. And then to put even more rigor to that, we've really structured our own execution internally on 4 core pillars or 4 things we really want to do well before we move to the next step. First, tooling. We have delivered a baseline productivity tool called Neptune, everything at SailPoint's Nautical, if you haven't heard that today, to our entire employee base. And really, our goal there is to better enable our crew, our employees, for both job efficiency, right, we've heard a lot about job efficiency, and effectiveness. The second is integration. So we are connecting Gemini and other core LLMs directly to our big internal data systems and applications that allow our employees secure contextual answers and insights right at their fingers sort of immediately to both augment and accelerate their work. Third, agents. We are automating high-friction workflows. You've heard some of them described today by deploying highly specialized vended agents in partnership with some of our large application vendors that you can think of ServiceNow, Workday, Salesforce. And then fourth, velocity. You heard a little bit of this from Chandra. We are really shifting IT from a centralized gatekeeper through this process to a decentralized enabler. Rather than forcing all that we do with AI through a single, sometimes time-constrained queue, we are building a secure, scalable infrastructure. I'll continue the car reference that Meredith just talked about. IT is paving this road and the business is really driving the execution. And so to this point, our work has really brought us to 2 critical realizations. As I said, first, true AI transformation is about human behavior change. And second, as I said, this is not a traditional technology rollout. We really want to encourage exploration all across the business, create a pull to AI, not a push. And so we're pairing our safe technical infrastructure with a strategic sort of organizational model that seamlessly integrates both top-down guidance, right, hearing from the top about what we want to do and bottoms-up organic ideation. So top-down, we have really called on our functional leaders to take ownership of those large-scale high-friction workflows in their own corners of the company, right? We have lots of use cases, lots of those high-friction workflows that we can go address. We can't address them all through IT. So that's why we're asking our other leaders to take ownership and responsibility. We're also arming them with AI toolkits. We're helping them set expectations, and we're really setting a tone with our employees across the business around the importance of impactful, innovative and responsible use of AI in all the jobs that all of our people do. And then bottoms up, we've established a network of sort of grassroots AI, what we call AI champions and super champions across the company. Steve Caldwell, who you've heard a couple of times from today is one of our super champions across SailPoint. They help us ideate. They help us really importantly deliver business value and priority, right? We could think of 10,000 cases to go build, but we want to build ones that actually solve problems. They help us troubleshoot and then they really help set that tone and set best practice inside the business all across our organization. And then finally, we are reinforcing this culturally across the company. This is where the people side of my job actually comes in. We're highlighting wins in AI Digest every week. We're talking about it at All Hands. We're integrating it into the fabric of how we operate inside the company. We're even doing awards. I did hear the rumors of awards being given for most tokens being used at other organizations and then huge consumption bills showing up at the end of the month. That's not the kind of awards I'm talking about. We really are just attempting to have our employees use AI as another one of their tools in their toolkit as they complete their work every day as they deliver on the value that they create for SailPoint. We really consider AI to be a next-generation tool, an element that professional growth and development of our organization is really critical to bring those 2 things together. So as we look to the horizon, the journey is pretty clear. I like that this slide has a curve, but it is not that smooth. It actually behaves a little bit more like a step function. And SailPoint currently sits very squarely between augmentation and making our human employees faster and more effective and true end-to-end automation. We actually believe we'll get there, and we'll achieve this by automating all those routine operational tasks, which frees our crew, our human beings to elevate the judgment and the human-centered approach in all that we do, particularly because we have such a strong differentiated relationship with our customers. We never want to lose that. And that's really how we scale this business, not by adding more people to do the same tasks, but by improving the strategic impact of every person we have by removing those volume tasks that take up so much of their day. Our goal is to seamlessly integrate AI into every facet of our business, how we build our solutions, you heard about that from Chandra, how we enhance credibility with our customer, you heard that from the revenue organization, and really how we evolve the entire operational model to include a digital workforce that is running right alongside our crew members. So this is -- this next slide is a little bit of a hot topic, as I said, with the consumption bill catching some companies off guard. We really want to be really intentional about how we both measure value and manage expense related to our AI investment. And we've heard lots of different anecdotes in the market about this but to be transparent, it is still too early for us to commit to permanent bottom line cost savings or hard reductions in future hiring targets. Instead, we are really focusing on leading indicators, building a framework of those to score use cases on 2 fronts: one, the value they create for our business; and two, the feasibility of addressing them, of building them. And so we're monitoring that AI spend on a weekly basis, particularly the consumption front. And really, one of Mark's long-time core values of this organization is innovation, and that has served us at SailPoint for so long. We have not built technology and then gone and run to find a problem to go buy it, we have looked -- first looked for a problem, identified a problem and then built the technology. We want to apply that same rationale here. So our goal is prioritizing the use cases that we're building and investment where there's real demonstrable value, particularly to avoid the AI sprawl that you just heard from Meredith. In fact, I do want to share a little early win we've had with Neptune with our enterprise-wide employee efficiency tool. Our engagement is already really high, like in the 80s percent where we have employees using Neptune every day in their work. And I'm happy to share that, that deployment has actually paid for itself because we've been able to cancel or consolidate various SaaS applications whose functionality is now fully covered by the tools. So not only are we helping our employees do their jobs more effectively and more efficiently, we're also reducing risk in our business by reducing the number of AI or number of SaaS tools that we have in our stack. So let's take a quick look at the -- just go back one maybe. Let's take a quick look at all the use cases emerging across our business. I'm not going to read this slide. I just want to share the kind of breadth and depth of what we're pursuing at SailPoint. Many of these are in various states of development or maturity, but what this really demonstrates is there is not a corner of our business where we are not thinking about how we deploy AI to make whatever role in that part of the organization more efficient and more effective. You just heard from Meredith, actually, we flip to the next one, I'll tell you a couple of ones where we've made some really nice progress. Obviously, Meredith owns our customer support and our customer success organizations. First, in customer support, we have realized meaningful reduction in incoming support tickets from our customers, while our average time to resolution has improved by 10%. The really interesting thing here is we've seen a more than 90% increase in our knowledge-based creation, meaning that our AI models are actually learning faster, which continuously improves our self-serve accuracy. And then in customer success, this is actually a really interesting one. In customer success, we're leveraging AI, all the data we have in all of our applications about our customers. So think ServiceNow, Gainsight, Salesforce, even some of our professional services tools, we use all that information to leverage AI, auto-generating customer health summaries that our account managers used to manually bring together, building comprehensive 360 account views. And that's really helpful to our account managers. One, they go into our customers' arm with more insightful information; two, they can extract action items from our client interactions to take actions on this quicker; and then three, help score those companies. And what that does is allows us to identify and potentially remediate churn months earlier than we were previously able. And this is not theoretical efficiency. We are not talking about something we think could impact our business that we are hopeful will impact. We're seeing it today. It is real. It's active operational leverage that's giving hours back to our crew members every single day. With that, what we'd like to do is share the information we're learning in real time with our customers as they're on their own AI transformation journey, and Sri is going to talk a little bit about customer zero.

Thank you, [indiscernible]. With all the AI innovation and transformation we are driving to accelerate SailPoint business, a unique part of our strategy is being customer zero. At SailPoint, we are proud to be the very first and undeniably the most demanding user of our own platform and its advanced AI capabilities. Chandra couldn't agree more about this fact because we troubled that team a lot, a lot, a lot of the real-time feedback. This brings us to -- I want to focus on SailPoint agentic Fabric. Today, we have successfully deployed some of the already existing key features, which actively are protecting SailPoint as we roll out all the AI agents across our enterprise. Whether our teams are using Gemini, Cursor, Cloud, our AWS Bedrock, our guardrails are very active. Through our discovery and unified registry capabilities, we can instantly discover agents across all SaaS platforms, endpoints and browser profiles. At the heart of this visibility is our unified identity graph, which connects the dots between human users, entitlements, machine identities and active agents. To give a sense of our scale of customer zero, we are currently governing nearly 4,000-plus agents, almost 1,100 application machine accounts and a couple of hundred service accounts. These capabilities allow us to aggressively mitigate shadow AI risk, steering our global force into secure gen AI environments while completely shutting down any unauthorized access to the tools. Furthermore, our real-time governance and audit capabilities, we are establishing a new industry standard for life cycle management, data access governance and continuous compliance through human-in-the-loop certifications. Looking ahead, I'm incredibly excited about our upcoming authorized protect and response road map, which will bring the real-time justest-in-time security and the prompt level protection, which Chandra talked this morning and then Mark was also mentioning to the market. And we'll be the first one to test that, which is very exciting. And then we are actually working very closely with product and engineering teams around this. This internal expertise allowed us to precisely create the blueprint of our own customer zero journey and create the project Odyssey by sharing our value, real-world experience along with we are helping our customers eliminate any deployment bottlenecks, accelerate the time to value and drive faster adoption with our own ISC platform. Our leadership in this space is why we feel that we are kind of design partners working on validating all the key features along with any incubating ideas too, we do that. And the other thing, I think, is we are partnering with Google to see how we can connect that to ISC platform and govern Gemini AI agents, too. So we are able to do that as design partner because of this. So thank you so much for your time today. I would like to pass it on to [indiscernible].

Anyway, thank you so much for, of course, spending some time with us today. I'm about to turn it over to Brian Carolan, our Chief Financial Officer, who's got lots of fun data and then obviously, before lunch. But thank you very much. Appreciate it.

Thanks, Abby, and thanks, Sri. This is what you've all been waiting for patiently. So good afternoon, good morning. Thanks, everyone, for being here. We really appreciate you giving up your time. Hopefully, you find this a very informative day. So it's a pleasure to be here to provide a detailed update on our financial strategy and the powerful momentum we're building in the business. Over the next few minutes, I'm going to walk you through our long-term vision, the clear and actionable paths we're taking to get there and the financial discipline that underpins our entire strategy. We're incredibly excited about the future we are building, and my goal is to give you a clear view into why we are so confident. So let's start with that future view. We've set out 4 ambitious but achievable targets for fiscal year 2029 that serve as our North Star. First, we expect ARR growth to accelerate to over $2.1 billion by FY '29. This acceleration is based off the FY '27 ARR guidance we provided last week, which we are reiterating today. Secondly, we are targeting over $800 million in ARR from our AI solutions, cementing our position as an innovation leader in identity security. I'll get deeper into the definition shortly, but as Matt mentioned, we'll be landing humans and AI together. So you cannot isolate the $800 million of AI-driven ARR to drive insights into the remaining human-centric part of the business. Lastly, we are building this business for the long term with a focus on profitability and efficiency. That's why we're committed to achieving an adjusted operating margin of over 22% and generating over $400 million in free cash flow by FY '29. We are focused on both growth and cash flow generation to deliver shareholder value. So how do we get there? Our strategy is straightforward and consistent with the growth algorithm that we've been executing against for the past several years, with half of our growth coming from new customers and half coming from existing customers. Within each of these go-to-market motions, we have multiple durable paths to achieving greater than $2.1 billion of ARR. With respect to new logo acquisition, there are 3 primary drivers. First, as Matt covered, we have a target account list of 15,000 enterprises, which includes many of the world's largest and most complex organizations. These are typically enterprises with more than 5,000 human identities and greater than $1 billion in revenue. In these accounts, we are actively displacing legacy homegrown or insufficient point solutions, and we would expect the nonhuman identities to far outpace human identities over time. Our SailPoint Agentic Fabric, also known as SAF, represents a large incremental go-to-market opportunity for us. It is designed to work everywhere to secure a customer's entire agentic footprint even if they use a different platform for basic access management. We believe this provides an incremental avenue of growth to penetrate legacy environments without the upfront upgrade. But landing the customer is just the beginning. Our expand motion is equally powerful. We expect to grow with our customers by upgrading them to our agentic suites, migrating them from on-premise to our modern SaaS platform and cross-selling additional capabilities and capacity to meet their evolving needs. This balanced approach gives us confidence in our ability to execute year in and year out. Looking ahead, our agentic solutions will be our primary go-to-market engine. By the time we exit fiscal '29, we expect this AI-driven motion to represent greater than $800 million of ARR. So how do we define AI ARR? This category encompasses our Agentic Fabric, our Agentic Suites and our Agentic add-on modules. Whenever we land a new logo, win a competitive displacement or upgrade an existing customer to our new AI solutions, we will count that full annual contract value as AI ARR. Our agentic pipeline is strong, and we expect AI ARR to be greater than $100 million by the end of this fiscal year. One important note for your models, because this AI metric captures both human and nonhuman identity revenue, any remaining non-AI ARR won't give you an accurate read-through on our human-centric offerings. We chose this specific methodology because it reflects underlying customer demand and preferences. Based on this new commercial model that Wendy presented earlier, we are effectively doubling our accessible budget pool. We are moving beyond the traditional IT budgets and tapping directly into net new AI and cloud budgets owned by Chief AI Officers. As it relates to winning new customers, our SaaS platform is the engine driving our growth. As you can see, the green portion of these bars is growing significantly faster than the blue as customers leverage our latest innovations. While our total customer base is growing at a healthy mid- to high single-digit rate, our SaaS customer base is growing in the mid- to high teens year-over-year. And these are not small customers. The average ARR for a new SaaS logo is approximately $400,000, growing 20% year-over-year on a trailing 12-month basis. We believe this demonstrates the strategic importance and value of the problems we solve right from the start of the relationship. Now I also want to spend a moment on the migration opportunity that is also accelerating. To date, we've migrated approximately 15% of our on-prem installed base. The remaining 85% represents approximately $350 million of ARR. We expect to migrate at least 10% of this base each year, accelerating off our recent trajectory. There are several factors fueling this acceleration, including our commitment to innovation and the rapidly growing demand for AI security. As organizations adopt AI, they are recognizing a critical need for robust governance and security across all identities, human, machine and agentic. Our platform provides the framework to secure this new frontier, and that is driving a clear sense of urgency. And we're making this easier with things like you saw SailPoint Agentic Acceleration and our flex pricing offerings, which Matt discussed earlier. Migrating customers to our platform has become significantly faster and easier, helping us unlock a $1 billion-plus opportunity. But this is not a onetime benefit. At the time of migration, we see an immediate 2 to 3x uplift in the customer's ARR. But what is really exciting is what happens next. Once on our SaaS platform, we have the opportunity to expand that relationship even further, leading to a 3 to 4x plus multiple on their original on-prem spend over time. In fact, we are seeing this expansion in our initial cohort of customers that have modernized with our SaaS platform. Our growth model is built on a foundation of exceptional customer retention. For several years running, we've maintained a gross retention rate of 97% or higher. This speaks directly to the mission-critical value of our platform. But we just don't retain customers, we grow alongside them. Our expand strategy is fueled by our core net retention rate drivers, migrations, suite upgrades, cross-selling and capacity expansion. Let's look specifically at the upgrade opportunity with our new Agentic Suites. Currently, our existing suites represent approximately $0.5 billion of ARR. As we transition our customer base to these new agentic offerings, we anticipate a powerful upgrade motion driving a 25% to 50% uplift. Ultimately, our growth is intrinsically linked to delivering compounding value to a highly successful customer base. To understand our P&L dynamics, let's look at the ARR picture again, focusing on the SaaS contribution. It's clear that SaaS is our primary growth driver. In FY '26, our SaaS mix of net new ARR was 83%. And in fiscal '27, we expect this mix to increase to 90% to 95%. By FY '29, we expect that to be near 100%. The transition to SaaS is fueling incredible momentum with a projected SaaS ARR compound annual growth rate of over 30% between now and fiscal year '29. This will result in our SaaS ARR growing to greater than $1.7 billion by FY '29, forming the vast majority of our total business. This is the definition of a durable high-growth recurring revenue business. Now it's important to discuss how this transition to a SaaS-first model impacts our revenue recognition. This is a critical point for understanding our financial trajectory. As our SaaS mix increases, it creates a temporary headwind on our recognized revenue and adjusted operating income growth. This is due to the difference between upfront or point-in-time revenue recognition for term licenses versus ratable recognition for SaaS. For example, a typical 3-year deal -- term deal requires 60% of the revenue to be recognized upfront in the period of sale. Conversely, the ratable recognition of a SaaS deal would result in over 50% less revenue in the initial year, but 2.5x greater revenue in years 2 and 3. It is important to note that our underlying ARR growth and free cash flow generation are largely unaffected in either scenario. This is a planned transition. And as you can see, we expect revenue growth to reaccelerate as we move past this mix shift. We are consciously building a more durable and predictable business for the long term. Despite those revenue recognition dynamics, we are committed to expanding both our adjusted operating income and free cash flow margins. In FY '27, we are modeling a working capital headwind from the fiscal year shift. As we fully normalize the quarterly booking shift, mostly from December to January, we expect working capital to turn into a positive contributor starting in FY '28. As we scale our business and our SaaS transition matures, we expect to drive significant operating leverage. This will be fueled by productivity increases across the company. As you can see, we would expect to achieve our target of 22% margin for both adjusted operating income and free cash flow by FY '29, demonstrating the efficiency and profitability of our model at scale. As we move past the SaaS term impact, we expect our free cash flow margin to exceed our adjusted operating margin beyond FY '29. This all comes together in our long-term financial model. This table provides the blueprint for how we see our financial profile evolving. You can see the journey from our historical performance to our FY '29 targets and beyond. We expect to maintain a robust adjusted gross profit margin profile as we scale our cloud infrastructure. We will drive significant leverage in our sales and marketing and R&D functions as we become more efficient and embrace new AI technologies, and we will maintain discipline in G&A. This all flows down to our FY '29 targets of at least 22% for both adjusted operating margin and free cash flow, driven by the combination of operating leverage and the SaaS term mix we've discussed. We also expect to reduce our stock-based compensation from approximately 20% this year to the mid-teens, resulting in 2% to 3% share dilution. It's important to note that we expect to see an SBC reduction in FY '28 as we move past the 2-year grants associated with the IPO. With durable growth drivers that should sustain our 20% growth rate and expanding adjusted margin profile into the low 20s, we believe we are an attractive Rule of 40-plus company. But we believe there is more. While we expect to maintain our balanced growth profile between new and existing customers for the next couple of years, over time, we expect more of our growth will come from our installed base, expanding our NRR profile. What we have laid out today, which supports a very compelling and accelerating growth story from new logos, existing customer expansion, migrations and new routes to market, all of this is still in the early innings. As such, we have multiple levers to pull to achieve and potentially exceed our long-term goals. As a result, we see many paths to expand beyond the Rule of 50. So to bring it all together, I want to reiterate the 3 key themes that define our story. First, innovation. Our advancements in AI and real-time governance are not merely product features. They are foundational to our strategy and serve as the primary engine driving our future growth. Second, differentiation. We stand apart through our sheer depth and breadth of our identity coverage, our ability to link nonhuman identities to human owners and our capacity to accelerate AI identity security for our enterprise customers. Ultimately, we believe we are uniquely positioned with the right platform, the right data and the proven expertise to continue to lead in the next era of identity security. And third, our multiple paths to the FY '29 plan. As I stated earlier, there are multiple paths to achieve and potentially exceed our long-term goals. We have a clear vision, a proven strategy and a disciplined financial plan to get there. We are building the future of identity security. And in doing so, we are confident that we will deliver significant and sustained value to you, our shareholders. Thank you. And with that, I'd like to invite the rest of the team up, and we'll take some questions. Thank you.

Thank you, Brian. Well, the team gets assembled here. The deck you just saw today will be posted online. All right. Who's up first? Saket?

Saket Kalia from Barclays. Thanks so much for hosting today. Really, really informative. Mark and Brian, maybe for you, just to kind of get right into that great target for '29. Can we dig into the 2 to 3x uplift that you're seeing from on-prem customers? What have you seen from the 15% of the base that you've converted life to date in terms of what you're actually seeing? And how are we thinking about that uplift in the path to $2 billion in fiscal '29? Does it make sense?

Thanks, Saket, for your question. Appreciate it. So we've actually been maintaining that 2 to 3x uplift fairly consistently for the past couple of years. So we've been migrating or modernizing our customer base from on-prem to SaaS. And we do see that typical consistent 2 to 3x uplift. And as I mentioned, as you extend that beyond into like years 3 and years 4, we start seeing a 3 to 4x plus uplift. So we think this is an exciting opportunity. We're expecting at least 10% of our on-prem base to migrate each year. It could go beyond that, especially as you see all of the innovations that we made to make it easier for customers to migrate, and we have more upsell opportunities. So I think we're being fairly reasonable with that 10% number, but it could go higher.

Peter Levine at Evercore. Mark, the comment this morning changed from, I guess, the IPO, which is now you're saying about 1,000 identities attached to human. You have $5 billion, so call it, 5 trillion potential new monetization opportunities. Maybe to Saket's question is, if you think about the migration, are you seeing faster migrations? I know, Brian, you said 10%, but is it forcing customers now to kind of move to the cloud quicker? I mean is that part of this longer-term path towards the $2 billion plus?

So I'll start, and I'll let Mark chime in. So we've been doing this trying to meet the customer where they are, right? We feel like it's important to not force them to modernize. We want them to want to modernize and improve their overall posture. And so we're seeing a lot more customer interest and they're coming to us with wanting to modernize. We view that as a really big positive for us. It's all the innovations that we've come out with. So it's that carrot and stick approach that carrots out there. It's the innovation carrot that I think is driving it.

I think 2 things coming to mind, Peter. One is the catalyst for this is certainly the Agentic Acceleration that the customers are feeling to your point. We wouldn't characterize them as 1,000:1 yet, but they seem to be on that trajectory. They're over 100:1 is sort of our current estimation, including all machine types, not agents, just to be really clear, right? But on the other hand, I would say 2 things are changing in what you heard today. One is the move from should we consider or is our organization thinking about agentic seems to have flipped this year too. We're doing this. It's the rate and pace. And as you heard even [indiscernible] talk about our organization, every organization you know when they put in some of these discovery capabilities, they have a lot more than they knew. That is 100% consistent. There's more already happening than IT is typically aware of. And then secondly, don't miss the importance of the Agentic Acceleration we've talked about today. We have now demonstrated that we can take months to days in that process. And when we approach customers with those 3 things, you've got to get to agentic. We can do it way faster than you thought and therefore, way cheaper than you thought in terms of spending [indiscernible] money. Those are the stick and carrot combos that we think are going to unlock. So as Brian said, we're committing to a 10% plus in that migration category. Lots of reasons to think it could be higher than 10%, but that's where we are today in the middle of the second quarter. But things are changing quarter-by-quarter in the world we're living in.

Great. Maybe, Gray? Kelly, could you hand him the mic.

Gray Powell, BTIG. So yes, I just wanted to follow up on that question and perfect timing. My notes just like fizzled out on me here.

But you've got it all right.

Yes, I got it right anyway. I think it was one of the customer examples where they reduced the amount of human work in a migration by 80%. Is that what you're seeing on average? And I'm just trying to like sort of...

Yes, I'll let Matt comment, but it's new, Gray, right, to be fair.

And is it like a migration is going from 8 or 9 months to like a couple of months? Or I'm just trying to like frame that up.

Yes. Look, that's absolutely it. I mean we haven't -- we probably, I don't know, [indiscernible], we've done a dozen of these, 15 of them, right? But it's something that we're using every chance we get. And look, you're always going to have these corner cases where they've done some extreme things, maybe they're using some of the old IBM connectors and that will take a little bit more elbow grease. But I think our expectation is that 80% to 90% is going to become common in terms of the migration. And Gray, the thing you should think about is that we're accelerating the piece. You heard Lev talk about the good stuff, which is the business transformation, right, the change management, where they really excel. The slowness in these migrations was the foundational piece, right, doing the conversion of all the connectors, having to do the research. I don't -- I mean, Lev talked a lot about it, but the fact that we could actually go run and come up with the research discovery really, just like we're discovering everything else. You sit here and think about some of these systems that have been around 8, 9, 10 years, probably through as fast as the CISO goes, maybe 5 or 6 CISOs, right? And so you've got all this layered change that's sitting and nobody ever finds out about it. Now we've got a tool that comes in and says you have this many modifications, you have this many workflows, you have this many entitlements, you have this many identities. I mean -- and it delivers it in minutes. And so it takes a big chunk of that manual discovery work that had to take place. So yes, I think you're going to see -- I think customers are going to be thrilled. I think it's going to change the way, as Steve Sidwell said, we engage customers, and it's going to compress this process of selling and deploying, right? And I think it's going to be pretty exciting, and it's going to be -- it's going to change a lot.

Great. Maybe, Shaul?

It's interesting that CyberArk and Varonis -- Varonis is probably towards the end of the migration process. CyberArk, Mark, your good old friend has done it quite successfully. If history is any guidance, and I know that past performance is not indicative. I think that 10% is going to be a little faster. But again, that's my humble opinion. My question is, some of your on-premise customers, have they shown a little resistance? And I know Brian talked about this chart to stick. I'm actually interested in hearing your views about if a stick is to be used, what's that stick looks like?

[indiscernible] sometimes it's a long thin carrot. Yes. No, I think we see -- it's a couple of things, and Meredith sure or Matt can speak to this too very well. Within that IIQ base, there is a diversion -- dispersion of types of customers. There are some small customers, I'd like to say it this way, that bought IIQ because that's all we had at the time. I think 12 years ago, they would have been a SaaS customer first that we had it, it wasn't the right time to market, et cetera. And some of them may or may not move with us. And if they're really small and not willing to be aggressive, we may -- our customer count, we don't get tied up on our customer count growth. We think about the right kinds of customers growing. The mid- to larger customers in that IIQ base are feeling that pressure to move to agent. And I think the resistance that they had, just kind of sounds like I'm beating the horse here or the financial hump to get over, which was both the cost doubling while you had to do the migration with both products and the SI costs to make that migration happen. We're dramatically changing those with the flex pricing and with the Agentic Acceleration. Then there's the carrot, the true carrot, which is I got to get this agentic thing solved. One of the reasons that the team decided to separate Agentic Fabric as its own kind of unique module is if somebody is feeling so much pressure to get to that, they can actually procure SAF before they make the migration to cloud. We think most of our customers will kind of do that altogether, go from IIQ to ISC plus Agentic Fabric. But now they have multiple paths forward depending on the pressure they're feeling in the organization. I don't know if you had anything else to that.

I would just say, look, when you look at that IIQ installed base, probably 40% of them represent about 85% of the value, right? And those are the larger companies. Those are ones that really have a SaaS-first mindset. They're going to go. It was always about timing. I think one of the challenges they get into now is in their head, right, they still have this migration thing, which is -- it's like [indiscernible] for customers, right? They're like migration, it's bad. And now we're taking some of that away. We're taking some of the economic issues away. And with what we just announced here today, that will take a lot more. And so I think you'll see a lot of these start to accelerate maybe a little bit faster. We've really spent -- Gary and his team, they've done a wonderful job of understanding what the barriers are to move forward and they just plot their way through and just kind of remove those barriers. And there's not many left, to be honest with you, with all the stuff that Chandra is building and delivering, it kind of becomes a no-brainer like I got to go.

Meta, we go to you.

Meta Marshall, Morgan Stanley. I guess just in terms of how to think about -- understanding you have on the slide kind of 6 items that you were taking into consideration on pricing, [indiscernible], number of agents. Understanding flex gives you a lot of flexibility in early days around pricing. But just what are you seeing in terms of that conversation of just kind of ratio of costs that we can think of in terms of humans to agents? And just as we think about that $90 billion TAM that you guys laid out, like how much should we consider that expansion to be from number of agents or identities that you're managing versus kind of expansion of the platform?

Do you want to...

Yes. I mean what we've really tried to do, as I was saying earlier, with the migrations is create this buying habit where it's easy to buy. And there's inhibitors that have been pretty consistent since we started talking about these nonhumans. And one of them is nobody has any idea about how many they have. And everybody is really concerned about these runaway costs. And so with our pricing model, the team has done a pretty good job of removing that, right? So we still get our traditional uplift from -- that we've put in historically to jump from IIQ to Business Suite or to Business Plus, right? And so you'll get that jump. But your initial buy will give you an allocation of nonhumans with the product. And so now you can start deploying and using and then there will be a series of expansion packs where you'll buy as you go forward. So it lets you -- and I'll call this, these are consumption -- these are expansion packs, right, meaning there's all these tiering systems historically. This is when you get to one tier, you got to buy, you get -- it's not like that. This is basically expansion packs and you control how much you buy. And so it's really given the customer complete visibility and control of their environment, which is, I think, removing a big obstacle in getting people comfortable with moving forward.

Just on the TAM question, too, things have changed so much over the last couple of years, we were on the IPO roadshow, I mean, we're at $55 billion of the TAM. I mean most of that was human identity. This is exploding at this point in time and evolving. So I mean we feel like $90 billion is a good estimate right now, but I think that's -- it's really driven by the nonhuman aspect.

All right. I know we'll get to everybody. So about Shrenik, and then we'll go to Josh and Junaid.

Shri Kothari from Baird. So Brian, you did lay out a path from AI-related ARR pretty much at $100 million this year, actuating pretty meaningfully to $800 million plus by fiscal '29. I know you said it's hard to unpack completely. You gave a sense of language to expand. But just curious, across the core pillars, right, you, of course, mentioned about the discovery and governance and then added the Protect pillar. Just curious how are you thinking about relative contribution to this AI ARR acceleration from these pillars?

I don't think we break it down [indiscernible] that way because they're buying that complete value proposition. And certainly, the pricing just assumes you're getting all 3 of those core pillars. So I don't know that we would be able to say they are ascribing more value to this that or the other. I think probably the main thing to take away from that, and we'll be a little more direct maybe than we were in the presentation, there's a lot of noise from some hot start-ups that are doing agentic management, and they are primarily doing discovery, classification, visibility. That's it. And what we've been asked in some settings is, well, when that kind of company, I won't name them, you all probably know, but I won't. That kind of company shows up around you guys, what happens? And the answer is they show up, they start doing discovery in that enterprise account. And then the customer said, this is great. Now how do I take action? Oh, I need to connect to SailPoint for that. Right. But if we could provide that discovery and visibility and take action, why would you need that independent agent tool that only gives you visibility but doesn't allow you to respond and remediate. So I think we're going to see, hopefully, a little bit of wind come out of the sales of the hot new, hey, I've got this agentic answer for you, and now customers are figuring out, that's great that you can help me find these things. Now I need to do something. And that's where they frankly hit a ball.

Josh?

My question is more along the lines of -- I felt like at the earnings call, the message was something along the lines of AI is really early, so we still want to be conservative. And I feel like today, the message coming out of here is kind of AI is awesome, so we're guiding to accelerating ARR. And I'm just trying to kind of reconcile those 2 messages. Does that mean we should expect all this excitement to be a next year and beyond thing through the '29 target? Just how do I kind of -- how do I assess those what feel like 2 competing excitement points?

Well, that was last week, Josh. I'm kidding. Brian can explain that.

We do feel it building. We tried to lay out just some data points. For example, last fiscal quarter, 40% of the identity growth came from nonhuman identities, right? 20% of our net new ARR was from emerging products inclusive of AI. We still feel like it's still early innings, but we see the budget building. As Gary mentioned, budgets have been doubling quarter-over-quarter. So it's there. I think what we're trying to just be a little bit prudent on as to when it exactly hits into what quarter. So -- but we feel the tailwinds coming. It's a matter of when, not if.

Yes. The simple answer, Josh, is last year, we were talking about the rest of this year. Today, we're talking about the next 2 years beyond that. And that's what we said qualitatively on the call last week was we see this momentum coming and everybody like, well, why is it showing up in this year's guidance? And we said, because we're not comfortable calling that yet. So as Brian said, we are reiterating this year's guidance, and we are giving you that confidence with a 2-year out model that says we're comfortable lifting the model 2 years out. That's the confidence we see in the momentum building. I hope that helps.

Great. Junaid?

Great. Mark, you've positioned the Agentic Fabric as this work anywhere control plane that you can sell stand-alone even to enterprises running legacy IGA stacks. If a customer adopts the Agentic Fabric over a fragmented or, let's say, messy legacy human identity foundation, how do you enforce or ensure accountable ownership without inheriting the poor data quality that's underlying that identity system?

I'll probably let Chandra handle that one because we've talked about how this SAF is going to work in the context of other tools. There is going to be somewhat less delivered value, we think, which will ideally create magnetic pull for those customers to get on to our cloud IGA product. But I'll let you talk about how it work with an IBM or an Oracle or something else.

Yes. So we have really invested in a ton of tooling to do -- so when we actually bring the identity context, the human context, not just from IIQ, but from almost any legacy. We do all of the cleanup in the process of bringing it in. And so when we really get it, it's actually clean data. So you can actually think of like an ATL type layer built into our connectivity so that we sort of extract, load, transform, bring clean data in. That's sort of the simple way to think about it.

It will likely be limited to be fair, [indiscernible]. In other words, we see so many of those old IGA platforms. They only got the 10% coverage of that customer's identity landscape. So we'll clean up the 10% we can bring in. I think it will create pull for them to go, oh, now I see what I'm lacking on the human side as I've leaned in on the agentic side, and we think that will pull them forward.

The biggest thing we are doing, like Mark said, the coverage today of the application base is like less than 10%. We have agentic tools, which will allow you to build connectors to both modern as well as legacy applications in like minutes. And so we have the ability to bring 100% of applications in coverage to our platform.

I think the only thing I would add is that the greatest tools in the world will not alleviate the customer from having clean data, right, and making sure their house is in order. We'll take all of that and we'll extract it and we'll consume it into our platform, but they've still got to do the lift of making sure their data is good.

Yes. For those of you who know the long SailPoint story, we started with a compliance product before we had a life cycle management product, and we would come alongside legacy life cycle products like IBM and Oracle and everybody else. And what would happen quite typically is we'd come in with the compliance product next to their old LCM product. And pretty quickly, the customers go, wow, I should get all of this onto your platform. And that was a very common motion for us in the late 2000s, early 2010s. So I think I see that same picture emerging. We'll come in with this agentic when they're not quite ready supposedly to move forward off their old IGA platform, and they'll very quickly see, oh, I've got to get off this old platform very quickly if I want to get the full value, like Matt said, of clean data for my human. And again, Chandra hit it pretty hard, but that real-time human control, part of what's going to happen in this agentic acceleration is people are going to look back to their human controls and realize this static once-a-year certification check of humans is ludicrous in today's world, right? It's like once a year, you validated your access rights in your company. And the other 364 days, what exactly was happening, right? I think we're going to quickly see this demand for real-time human governance. That will get pulled along by the agentic world because they're going to see the delta.

Let's go here.

Rich Poland from Wells Fargo. I think just in terms of -- as we think about like the agentic side layering on, I feel like it's created a lot more visibility into the broader environment of just machines, API keys, all these things that weren't previously kind of under at least the purview of an identity contract prior. Does that kind of serve as maybe some of the initial pushing point and then the agentic layers on top of that? I guess what are you seeing now today? Is it machines first and more just true agentic or both?

Both, I think.

Yes. So there isn't really one progression, but here is a bit of a blueprint that's really emerging. It really starts with all these nonhuman identities, which are these credentials and tokens because humans have been using them for a long time. They have been unmanaged. That's sort of step one. Step 2 is we are seeing endpoint agents. The fastest growth we are seeing are all these endpoint. Think of all these coding agents, OpenClaw, NemoClaw those kind of tools, right? That's -- then the third category are all these enterprise agents, which are being used to automate business processes. And that's really where it's Microsoft, AWS, Google, right? I would say then comes all of these application agents, right? It could be Salesforce [indiscernible], right? That's the way I would think about it.

That make sense. [indiscernible]. I think to answer your question, right, I think both the movement of agentic, it will pull along with all the NHI infrastructure that enables that agent to do its job. And it's also exposing the lack of controls over those NHI tools in the human context pre-agent to your point. We just were not governing and securing those things well before. It's a little bit the same point. As we shine a light on this whole area, people go, oh, wow, I have huge exposure here. I didn't really understand. That's partly what's happening.

Go back.

Imtiaz Koujalgi from ROTH Capital. I had a question about the competitive landscape in the last -- there have been a lot of changes in the last few years. Okta launched IGA product, CyberArk bought Zilla, Palo Alto acquired CyberArk in the last few quarters. And one of the questions that I get is, how has that impacted you guys because you're a pure IGA player. Everyone is a pure player, I am, [indiscernible] IGA were separately lanes, now looks like there's a lot of overlap between every vendor offering the whole platform. How has it impacted your business? And then one of the questions that I get a lot is, with Palo Alto buying CyberArk, they have a big installed base, almost 50,000 customers. I'm sure there's a healthy overlap between their installed base and your installed base. Are you seeing any impact? Are you seeing -- do you expect any impact? Because I think the genesis of the question was the net new logo adds last quarter, I think it was a little bit light. So are there early concerns from that acquisition?

I'll start and let the guys jump in. When people say, are you worried about Palo Alto because they just entered the game with CyberArk, which bought Zilla, just so everybody is clear on the heritage there. And Zilla was a very tiny IGA company, less than $10 million in ARR, never lost a deal to them ever. That's the state of the union at the time Palo bought CyberArk bought Zilla, okay? So we didn't see CyberArk as an IGA threat. So in that sense, we don't see Palo Alto as an IGA threat. And I'll just use IGA as a name for the moment that's -- I should say an adaptive identity threat to be more clear. They're a big player. They show up in a ton of accounts. You know who's an even bigger player, Microsoft, who's been coming at us in this game for 4 years. And as we said to you over and over, Microsoft is effectively making no dent. I won't say no, I'll say minimal. Microsoft is making minimal dent today after being at it for years with a product far advanced over Zilla. So with all due respect, I don't think the team fully understands what they didn't get when they bought CyberArk. They've got a great historical [indiscernible] tool. They did not get a tool that competes with SailPoint for our core. And if you listen carefully to some of their dialogue, the head of the company will repeatedly say our tradition that with CyberArk, we are managing 3% to 5% of the identities in the civil enterprise. Now we just have to explain to the other 100. Simple. Simple to expand to the other 95% to 97% you weren't doing before. You can judge for yourself how simple you think that is. So we're respectful of large competitors. This company's whole existence has been competing with IBM, Oracle, Microsoft, we're good. We can take people on this turf and do just fine. And that's the state of the union. Same would be said about the oh company, who also talks about a rapidly expanding IGA business as we say, still has not made a dent in our business of enterprise customers.

Mark can I just build on that one? To the contrary, I think what we are doing is really democratizing privilege. And so what we believe we have is really next-generation PAM, quite frankly. because we think PAM -- look, PAM will have its role, which is if you're a database admin, sys admin, cloud admin, just doing session management, vaulting and all those things, what about the remaining 97% of roles? Like Mark isn't managed as a privileged identity inside our company.

Which hurts my feeling.

That's like -- none of us are, that's crazy, right? We have access to critical data. That's really what we mean, right? So we believe all these PAMs, historical traditional PAM RFPs will increasingly become addressable to us because we are expanding what it means to be privileged. So we are going to go after that is what I'm saying.

Maybe -- I don't know, Brian, do you want to address the 15 customers this quarter?

Just to close off on that question. Don't really read too much into that customer count. That's a net number. And just some data points on that. Any customers that we "lost or churn" their average ARR was less than $100,000. So that's to Mark's earlier point. We do might have a long tail that simple, price-sensitive customers, they may not need a higher-level solution. So the average new SaaS customer that we gained was 3.5x size that number of less than $100,000. So we're good. We're playing right into our sweet spot.

I would just add, when you look at that IIQ install, right, you get into that long tail, and they're fairly small sub-100, like Brian said, they're probably -- I wish it was a better term than laggards, right? But they're kind of -- they're slow to move, right? And so they're targeted by the Oktas and the smaller outfits. And when somebody can say, I can get all 3 pillars for less than what I'm paying and I'm not deployed. It just becomes an easier target. And that's what you saw when you got the net number here this last quarter. That was a result of that, some number of small sub-$100,000 deals that fell out. And when you look at conversely to the ones we brought in, what do we say 350?

350.

3.5x. So we're getting much bigger lands, and those are just the long tail.

We'll never fight the customer count war against some of these players. That's not the game we're playing.

This is Ethan from Piper. Can you just talk a little more about what Entro brings to like your nonhuman identity offering? And does this kind of fully round out the planned build? Or should we kind of expect to see maybe more inorganic or organic kind of functionality enhancements from here?

Yes. So they complement us quite well, right? So they are really -- what they do really well is on all these nonhuman -- like particularly credentials, right? And so imagine there are secrets and tokens and certificates and there are like 1,000 versions of it. That's why they cover more than 1,200 of these types. It complements what we have, right? So we have historically been world-class in discovering all of the machines, agents and all that. What we were not great at was really discovering the attached credentials within. So that is what we have acquired. And so now when we go discover an identity, we can actually codiscover all of the credentials that go with that identity seamlessly. That's what we're bringing together, right? So it's really the identity governance and the credential governance worlds are really -- or that's what we are doing. We are really bringing those to -- so that's why it's a very, very complementary asset to what we have.

And I think the other part of your question you asked was [indiscernible]? Sorry, what you say? Ethan. I was trying to get Evan or Ethan out of my mouth, and I let me get it to work. Sorry. At the end of the day, you should continue -- boy, it's been a long day, isn't it? It's only halfway through. You should continue to look for Chandra and the team to -- as we're laying out this road map, continue to look for opportunities to accelerate our vision with these kinds of great technology businesses that just don't have a lot of market traction yet. We've done that with [indiscernible] last year, others in the past. We see a lot of opportunities in today's landscape to accelerate our vision with some very specialized and very capable technologies that will fold into our platform rapidly. And yes, you should continue to think we are looking around the landscape for those kinds of moves -- you just want to pick the other part if I could see.

All right. I don't see any more hands. Any last questions? One more, two.

Two questions for you, Brian. One, can you maybe talk to us about your ownership structure, maybe some of the conversations you guys are having and what that looks like near term, longer term? And then just a follow-up question on onshore. What does that bring in terms of how much did you pay for it? Can you just share with us any metrics in terms of revenue contribution?

Sure. So the first question, obviously, we've had a long-standing relationship with Thoma Bravo. They own close to 85%, 86% of the company at this point. I think they don't have intentions of being long-term public company shareholders. I don't want to speak on their behalf, but that's not really their playbook. I think they're going to be thoughtful about kind of exit strategy. We can't get into specifics in terms of where that is and what price points that are. But it's an ongoing very professional dialogue we have with them. And then you said something about the revenue. I want to make sure I understood your question.

[indiscernible]

The TB relationship? No. I'm sorry. [indiscernible] How much revenue from [indiscernible]. I didn't hear you. Sorry I didn't hear it.

Can you help us with that?

So we are not -- that would be a new one. We're not getting into that today. We'll lay more of that out in the future. This was primarily a technology acquisition and also a talent acquisition for us.

Just had a follow-up question on the new logo success. I believe I remember from the presentation you mentioned 2/3 of the new logo were from failed competitive deployments, right? So I know historically, it's been more about -- I mean, you have like broader access centric and not have enough of depth and entitlements, which is your strength. Just curious across that versus legacy IGA versus [indiscernible], like are these new logo sort of competitive bups changing in terms of like that 2/3 is a very, very kind of strong figure. So just curious in terms of the makeup of that.

I guess it's a combination of either -- I call it more recently failed deployments as in people that we've talked about today that are more active in the market today, Microsoft, Okta, [indiscernible]. And then some of them would be "failed deployments of the older legacy players, Oracle, IBM, et cetera, failed in the sense that, again, the different game that we were playing a decade plus ago when they were more active was, let's go get the [indiscernible] apps under control, 5%, maybe 10% of the application landscape. The game today, as you've heard Chandra talk about all day is we've got to cover every application environment, every identity. Customers are figuring out there's no chance they're going to get that old legacy tool to that goal. And so that would be a "failed deployment story as well. I can't get where I need to get to with Oracle IBM. And quite a few of those are failed deployments of far more recent losses, I'll say that, deals we will lose. And within a year or 2 or 3, we'll be back in because that didn't go as planned. And so we're actually capturing both in that failed deployment stack. I'm pretty sure that's how we characterize that.

Yes. I mean I would just tell you, where we play, right, the larger enterprise, we're replacing somebody every time. And it could be an Oracle or it could be a CA or something like that where maybe they just got long in the tooth. And then to Mark's point, it could be that somebody mistakenly bought, I'm not going to call them, but one of those and somebody lost their job, and so then we got to come back in and redeploy it. There's some of that. But virtually everybody we talk to, we're moving off of something.

Very rarely an internal deployment in one of those really [indiscernible].

Brian, I don't mean to get into modeling minutia, but I want to make sure the question is asked, right? So round numbers, we're going to be at $1.4 billion in ARR this year. Again, it's round numbers, right? $1.4 billion to $2.1 billion in '29, it's another $700 million from there, right? When this is all said and done, when we're sitting here in FY '29 and talking about the path, how do you think it would have looked, right? I mean, is this -- because right now, it's -- again, round numbers, $250 million of net new here, and then it's going to go to $350 million to $400 million in '28 and '29. So there's this hockey stick. Is that going to be very back-end loaded? Are we just going to beat '27 by so much that it's going to be linear between now and '29? Like do you get the spirit of the question?

So we reiterated our FY '27 guidance today, and we feel good about it. And we are laying out that $2.1 billion. That's an acceleration of growth between now and then. we're not going to get into the stair step of that linearity of the curve, but we feel really good about where we're going. I have a lot of multiple paths to get there for FY '29, and we feel really good about FY '27.

All right. You have to try.

All right. Well, I think that's probably a good place to end, full circle on the Q&A. So thank you, Saket. Thank you all really for being here today. Thanks for your interest. I think it's really obvious that we're excited about the future. We're excited about what's ahead. I hope you found today informative, and I look forward to staying updated with you along the journey. So thanks so much.

Thank you.

Thank you, everyone.