How do you secure a modern business when identities no longer belong only to employees, but also to partners, machines, applications, and increasingly AI agents?
In this episode of Tech Talks Daily, I sat down with Paul Zolfaghari, President of Saviynt, to unpack why identity security has moved from a background IT function to one of the defining challenges facing modern enterprises. Over the past decade, the identity problem has expanded far beyond the traditional office worker logging into internal systems. Today's organizations must manage access across a vast digital ecosystem that includes contractors, suppliers, customers, APIs, machines, and now autonomous AI agents.
Paul explains how this shift has fundamentally changed the way security leaders think about identity governance. The challenge is no longer limited to preventing unauthorized access from outside attackers. Instead, companies must manage the complex question of who, or what, should have access to specific data, systems, and processes at any given moment. When thousands of employees, partners, and automated systems interact across multiple cloud platforms, the complexity grows rapidly.
We also explore how the rise of non-human identities is reshaping the security landscape. Machines, software services, and AI agents now operate alongside human employees inside enterprise environments. In many cases, these digital identities are already beginning to outnumber people. As AI agents gain the ability to gather information, adapt to context, and take actions autonomously, organizations must rethink how access permissions are granted, monitored, and governed.
Another theme that emerged during our conversation is the idea that identity security is not only about protection. While it clearly sits within the cybersecurity domain, Paul argues that identity governance also acts as a business enabler. When the right people and systems can access the right information at the right time, organizations operate more efficiently and collaborate more effectively across complex supply chains and partner ecosystems.
We also discussed findings from Saviynt's CISO AI Risk Report, which highlights a growing concern among security leaders. AI adoption is accelerating rapidly, often moving faster than the governance frameworks designed to manage it. This creates a challenge for organizations trying to adopt AI responsibly while maintaining visibility and control over how these technologies interact with enterprise systems.
With more than 600 enterprise customers and a recent $700 million growth investment backing its expansion, Saviynt is operating in a market that many investors now view as one of the defining layers of modern digital infrastructure. Identity, in many ways, is becoming the control plane for how businesses operate in an AI driven world.
Looking ahead, Paul believes organizations must begin preparing for a future where digital identities dramatically outnumber human employees. That shift will require new approaches to governance, visibility, and control.
So as AI adoption accelerates and businesses continue expanding across cloud platforms and digital ecosystems, one question becomes impossible to ignore. Is identity security ready to serve as the foundation for how organizations operate in the next decade?
Useful Links
Connect with Paul Zolfaghari
Check out the Saviynt Website
[00:00:04] - [Speaker 0]
What if the biggest cybersecurity risk in your business is not a piece of malware or phishing email, but identity? Well, in today's episode, I'm talking about a shift that every business leader needs to understand, and that is identity has become the control point for modern security. And one of the reasons that matters is because companies are no longer managing access for employees alone. They're managing contractors, partners, customers, applications, APIs, machines, and now AI agents too. Now as organizations race to bring AI into the business and agentic AI, one question sits underneath everything, and that is who or what should have access to what.
[00:00:50] - [Speaker 0]
And my guest today will unpack what identity means in security right now, why it should sit at the center of safe innovation, business agility, and trust in the AI era. But the big question is how ready are you and your organization for this reality? But enough from me. Let me introduce you to my guest right now. So thank you for joining me on the podcast today.
[00:01:20] - [Speaker 0]
Can you tell everyone listening a little about who you are and what you do?
[00:01:25] - [Speaker 1]
Sure, Neil. Thank you. First, thank you for having me on. It's it's wonderful to join you here in London. My name is Paul Zulfigari.
[00:01:31] - [Speaker 1]
I'm the president of Savient. Savient is a cloud native identity security company, and we basically focus on providing an identity security platform and solutions to customers. And they use that platform to help them manage their digital identities for and across their organizations. So companies use our software to help them determine individuals and identities, the appropriate level of access to their systems and to help them build and drive their their operations. I've been the president of the company since December 2022, but I've been associated with the company since the 2018 when I initially had joined the board of directors.
[00:02:12] - [Speaker 1]
So coming up on my eighth year with the company and have enjoyed every minute of it.
[00:02:17] - [Speaker 0]
Thank you so much for taking the time to sit down with me today. I think it's such an important topic here because identity is now widely seen as the primary attack vector in cybersecurity. And you'd mentioned that you've been at the company for eight years. I'm curious. From your perspective, what has changed over the last decade that has made identity the central background for modern security teams?
[00:02:40] - [Speaker 0]
Was it the shift to working from home and hybrid working AI, all of the above or something completely different? What have you seen here? How's it evolved?
[00:02:49] - [Speaker 1]
Well, it's a great question. I mean, the industry has evolved rapidly over that over that period of time and, you know, almost exponentially over the last twelve to twenty four months. But most of most of the way to think about identity and identity security is if you go back when I joined the company, the primary way and the primary problem that most companies were trying to solve was essentially try to solve the access for their human headquarters workers to their, you know, to their on prem, you know, to their traditional computer and and technology systems. And that problem, if you fast forward to today, is is just one small sliver of the problem companies need to face today. And so some of the trends that you talked about, you know, remote work, working from home, you know, the extended ecosystems around companies have all changed.
[00:03:37] - [Speaker 1]
But, essentially, the way the problem companies have to address the problem today is they now have to look at identities across kind of the continuum of humans. So now they're looking at connecting not just the humans in their headquarter, but also really the humans across really their whole business organization. So it could be remote workers, could be suppliers, could be supply chain, could be brokers, you know, could be people extended think of it as extended employees or or business partners. But the other big vector, Neil, that's really driven up the interest and and raised the the difficulty of managing the problem is the rise of non human identities. So first you had, you know, the connection of like, think of it as like a traditional machines like shop floor manufacturing devices.
[00:04:24] - [Speaker 1]
Now you fast forward to add to the non human category AI and AI identities. And so the problem today is is exponentially more challenging problem because we have humans across really a whole continuum and ecosystem, but now we also have identities that are not just human, but nonhuman and AI identities. And so the problems become more difficult, and and it's been it's been an opportunity for us to help a lot more companies, you know, as they face this changing landscape.
[00:04:52] - [Speaker 0]
Yeah. 100% with you. I mean, organizations, they used to focus mainly on employees accessing internal systems. But just to shine a light on the scale of the problem here, today, the average organization is challenged with managing contractors, partners, customers, applications, APIs, and machines across multiple cloud platforms from any network at any time as well that users are accessing. Then we have ShadowAI, ejecticAI.
[00:05:21] - [Speaker 0]
I'm curious. How has this explosion in identity types changed the security challenge now? What are you seeing?
[00:05:28] - [Speaker 1]
Well, we're seeing that companies have essentially recognized that the way and the manner in which they had been addressing this problem needs to evolve. Because the problem that they were addressing was solutions that were relevant to the problem as it existed. But if you fast forward to the change that you just walked through and all these changing characteristics, companies now realize they need basically a different solution. And they need a solution that's really capable of think of it as being agnostic as to the identity type. So if you are a client, you may have had mostly human headquarters workers accessing systems maybe in 2018, 2019.
[00:06:09] - [Speaker 1]
Fast forward to 2026, and now you have not only those individuals, but individuals kind of surrounding your company who you wanna provide access to to have a more efficient operation, but now you also have to manage these nonhuman and AI identities. And so the most the I would say the most the most relevant way to think about this is the solutions and the techniques that have been in place at these companies for the better part of the last decade all essentially have to be modernized to a solution that's really designed to answer the questions that are being asked today, and those questions are not the ones that were being asked ten years ago. So I would say, Neil, you know, the it is literally an exponential explosion in interest in what we do. We're very happy to be a party to it. We're very happy to be helping companies on this journey, but we think the identity security industry is really entering, you know, a substantial golden era, if you will, in access and and and importance, and we're expecting the next ten years to be an exciting time.
[00:07:13] - [Speaker 0]
And we've talked about the scale of the problem, and I think that is something that will resonate with business leaders listening all around the world. And for people that are unfamiliar or hearing about Savient for the first time, how would you explain the role of modern cloud native identity security platforms and and the problem that you're helping solve for enterprises today as well? Tell me more about the company.
[00:07:35] - [Speaker 1]
Yeah. The so the company is basically designed around the the singular mission of trying to provide a software SaaS cloud native solution to companies to allow them to better manage and appropriately manage the access to and the governance of all their data and information systems. So if you think about the problem, Neil, for your audience, if you think about a large company, think about a large retailer, a large manufacturer, you know, a large government agency, they have thousands, if not tens of thousands or hundreds of thousands of individuals, those individuals all have different jobs. And if you think about it, those jobs really require access to data and information that's germane to that job. So if you are the vice president of marketing for the commercial aircraft division, you know, of a of an aircraft manufacturing company, there's going to be a certain amount of data and information that you need to do your job.
[00:08:31] - [Speaker 1]
But if you are in that same company that you are the head of finance, for instance, or the head of contracts, or, you know, you're in the, you know, the sales organization, the systems that you need access to are completely different. So it's a very, very challenging mathematical and and and practical problem when you're talking about thousands and thousands of people, all of whom have essentially their own custom access to to data and information. So what we try to do is help companies in order to that. You know, our solution allows them to basic basically determine which systems individuals should have access to at what level and to do what tasks. And it's not just securing it from cybersecurity.
[00:09:18] - [Speaker 1]
It's not just securing it from outside intrusion. We're actually the system that grants the access, that moves people through the system, that actually provides them with with the information, you know, that they need. So the way we view what we do is we really help these organizations become efficient and effective by making sure that their employees have access to the right information at the right time. And that every individual, if you will, has that right level of governance oversight and information to do their jobs effectively.
[00:09:47] - [Speaker 0]
And I think if we look inside many organizations, traditionally, identity was framed purely as a defensive control. That's how IT departments and many stakeholders might see it. But when I was doing a little research on you, I was reading that that you argue that it is also an enabler for organizations that are operating at scale. So how does strong identity governance help businesses innovate safely than just simply restrict access? Because there's a few myths and misconceptions around this, isn't there, too?
[00:10:17] - [Speaker 1]
No. It's a it's an excellent question, you know. It's an excellent observation about the industry. I have made for quite some time the argument that, you know, while we while we exist under and clearly exist under the cybersecurity umbrella, we call ourselves and our solution identity security, we do much more than that. Because really the primary thing that we do is we help companies improve their business operations.
[00:10:41] - [Speaker 0]
So if
[00:10:41] - [Speaker 1]
you think about it, if you can actually manage access and identities the right way, you can help companies greatly improve their business operations. So if you're a manufacturer, the company is manufacturing, say, automobiles, that company actually gets a huge advantage by being able to connect its external, you know, ecosystem players, its suppliers, its dealers, its brokers, all the people that aren't actually employees, but who if they have access to the same system and the same information as the company, they then can all work together more effectively and more efficiently. And it's interesting, Neil, the way we always talk about our business, and I'm in a lot of conversations with CIOs and CSOs pretty regularly, we always the conversation we're always having with them is about how we can improve their overall operations. How does having access to the right information at the right time literally improve the operations of companies and entities? So the way I think about what we do is we we deliver a mission critical system, but that system must be delivered securely.
[00:11:49] - [Speaker 1]
So we think our system and what we do and our operations are integral to an effective digitally transformed company, And it's incumbent upon us to deliver that system securely. But rather than securing other people's systems, we actually are the system that brings people in, connects people, provides them with information that they need, and helps them more effectively do their jobs.
[00:12:12] - [Speaker 0]
And I also think every business leader is now challenged with entering a world where AI systems and hundreds, if not thousands of agents all require their own permissions, access rights, and ability to interact with enterprise systems. And this is in every industry that we can think of here. So how do you see the rise of AI dramatically increasing the importance of identity governance? Because, again, it feels like a big opportunity here, and it needs to be something that's put in place right from the foundations when we're talking about adding all these agents. Right?
[00:12:44] - [Speaker 1]
No. It's a it's a great point, Neil. I mean, if you think about a company and you, you know, and we and you think about our core mission and what have we been doing prior to the rise of AI is while you're trying to manage access to the right systems at the right time. Well, that exact same mission applies to agents. Right?
[00:13:01] - [Speaker 1]
Because AI agents are just essentially an avatar or an extension of an individual. And if you think about it, the company that wouldn't want an agent or an autonomous system to basically gather and have access to data and information and return it back to an individual that that individual could never access directly on their own. So the exact same the exact same mission applies, but to your point about, but it's an exponentially more complicated problem to solve now. Because other than like, unlike a static, you know, a static machine or even an individual, the difference is is artificial intelligence agents become contextually aware and change their character as they gather in in their in, you know, in their time and tenure in an organization. And so in order to basically manage and maintain that access, the problem is actually more complicated, you know, than it might be with kind of a static machine that sits in one place on one shop floor and access one system or even one person who has a job.
[00:14:06] - [Speaker 1]
And when that job moves, it's a pretty well understood path through the company. The agents themselves have much more autonomy, gather information more quickly, and morph and change in a manner exponentially more complicated than either shop floor machines, service accounts, or, you know, or humans. So the problem has become exponentially more complicated. And, you know, to your earlier point, Neil, I would say, you know, how do we think about it? We don't really think about it as securing those identities.
[00:14:35] - [Speaker 1]
What we think about is Savient actually as a company can really help these organizations adopt AI and use AI in a thoughtful way to improve their business operations. So I think to your to your question, we really believe that the the mission that we do is increased in prominence because we can actually help companies bring AI in thoughtfully and govern that access in a way that allows those agents to provide improvements in efficiency and operations, but also make sure that it maintains the same continuity of access.
[00:15:10] - [Speaker 0]
Yeah. And I think AgenTek AI, as you said there, it does introduce another layer of complexity because these systems can take actions autonomously. And I always try and give every listener something valuable to take away, and I think the current climate that we find ourselves in, many business leaders find it somewhat overwhelming with what they're dealing with. So I'd love to give them something that they can think about and take away. So what are those new governance questions that organizations should be asking about?
[00:15:37] - [Speaker 0]
What AI agents are allowed to access and who approves that access? Do you get a lot of the same type of questions, or and what kind of what are you advising businesses now at the moment?
[00:15:46] - [Speaker 1]
It's a great question, Neil. In fact, I was just at a symposium yesterday. It was held by one of the in kind of one of the world's leading advisory and consulting firms. And that was fascinating because they were demonstrating, you know, where we are in the journey of impact with AI, and they were showing kind of different, you know, different jobs and different industries and the adoption of AI in the industries. And, basically, what they were showing is we're just very early in the overall adoption of AI, and, you know, this adviser was really encouraging companies to find ways to bring this in more effectively into and across really all their organizations.
[00:16:26] - [Speaker 1]
In fact, in a funny anecdote where they were showing all the various job and job titles, the only job that appeared to be securely unimpacted by AI was the groundskeeper. Other job in in every other industry seems to they're anticipating is AI is gonna have a huge impact on. So so the first advice would be for companies, you have to understand that AI is going to become a part of how your company operates. If it's not today, it'll be in six months. If it's not six months, in a year.
[00:16:56] - [Speaker 1]
So you need to start thinking about it and not thinking about it as something in a negative way that you need to worry about, but really think about how do you actually utilize it proactively in a way that it can improve your business. And so the biggest advice that we we we that we have for people around identity security and AI is the, you know, the era of AI is upon us. And, you know, leaders in companies need to be thinking about how do they bring it into their companies, how do they deploy it in an effective way. And we strongly advocate from our our perch, if you will, that think about identity and identity security first, not second. Because if you think about it first, you can actually create the environment for the adoption of AI that allows it to be adopted proactively and in in, you know, in a way that that improves supports your business and business operations.
[00:17:53] - [Speaker 1]
So the good news is while it is a new challenge, we believe that we have a solution that can assist them in solving the challenge. We think the most important factor is for companies to acknowledge that they need to take this challenge on and realize that there are companies like us that are capable of helping them on the journey. And I would end, Neil, by saying, you know, the companies that we've been working with that have been deploying AI effectively in their organizations are seeing profound changes in their operations. So the early early returns are quite good, and we've been very proud of our ability to help companies on that journey.
[00:18:31] - [Speaker 0]
And before sitting down with you today, I was having a quick look at the your CISO AI risk report there. And a few things that stood out to me was concerns that AI adoption is moving faster than governance frameworks. But I will link to this report so people listed can check it out. But what were some of the the biggest findings that stood out most to you?
[00:18:51] - [Speaker 1]
Well, I I first off, we are extremely privileged, you know, to have some, you know, some of the world's best companies as our customers. I mean, we have over 650 companies, most of whom are names everybody, you know, would recognize. Large companies like Maersk and Shell and BP and Cigna and other large global companies. And so the survey was very insightful because as our customers, we got information from some of the world's leading companies on how they're looking at managing it. And I think their reflection, not surprisingly, is that the interest in adopting AI has started more quickly than their company's ability in most cases to figure out exactly the frameworks of adoption.
[00:19:35] - [Speaker 1]
So we have been working with many of these companies, including many of the companies in the survey to make sure that they have the proper procedures in place to to enhance and bring and bring this along. I think your observation, your very first observation is probably the biggest one in the survey, and that is they're all realizing how important this is, how important it is to all of their different stakeholders. And as leaders in their company, you know, whether it be the chief information officers or the chief information security officers, they're understanding how important it is that they they help the companies adopt this in an intelligent and proactive way. So I think a lot of the companies, our companies, the partners that we work with in the market that we're in are really recognizing how transformational AI is to the industry. And thankfully, we're seeing a lot of them recognize that early enough that they can really build these systems in advance that are improving their overall operations.
[00:20:32] - [Speaker 0]
And I also should highlight this incredibly exciting time for you. I think you support more than 600 enterprise customers, recently secured over 700,000,000 in growth investment. So from an organization point of view here, what do you think investors and enterprise leaders are are recognizing about the future role of identity security? Because it it's an exciting time for you, it's an exciting time for the space as well. Right?
[00:20:58] - [Speaker 1]
For sure. I I think, Neil, I mean, we were we're very privileged to have closed in '20 at the 2025, the largest private investment round in the identity security and cybersecurity space. We, you know, we closed a series b round of of over $700,000,000 led by KKR, the private equity firm, Sixth Street, another private equity firm, our original series a investor, Carrick Capital Partners. And I'd say that that investment is very illustrative of the way they see this industry evolving. In other words, I think the reason that we were the, you know, the most substantial investment of private capital in 2025 precisely because they see our investors, new investors and existing investors, see the opportunity as even being bigger in the future than it's been in the past.
[00:21:50] - [Speaker 1]
And so the funding round for us, one, it provides all the resources that we could need to build and manage the business. But actually, for me, the part that was most, you know, most compelling is these investors did tremendous amount of their own research on the industry, on how Savvian is performing in that industry, and really these these secular trends that are pushing our industry forward. And I think they came and realized we were at a really unique opportunity in time and a unique opportunity for the industry, and they wanted to provide us with the resources to go and try to solve this problem for more companies. So it really is an exciting time for us. We we really do believe that the next decade or so will be a profoundly more exciting and interesting time in the industry.
[00:22:37] - [Speaker 1]
We're very happy to be leading the industry, and we're very happy to have an opportunity to help our customers and clients, you know, address these evolving challenges.
[00:22:46] - [Speaker 0]
And as we look ahead further into the future, many futurists and technologists are predicting that enterprises will very soon have far more machine and AI identities than human employees, and it's easy to see why. And for and, again, for any business leader or team from organizations listening, what what should they be doing now to prepare for a world where managing digital ident identities becomes the the control layer for how a business operates? What should they be doing to prepare for that future?
[00:23:16] - [Speaker 1]
Well, I think the first thing, Neil, is a bay you know, is exactly how you frame the question. I mean, they need to understand and recognize the fact that the digital, the nonhuman, the the nonhuman and AI identities will, if they have not already, be exponentially larger than their number of employees. And so the way to be thinking about it is they've gotta be making sure that they're using solutions that are designed really for this new era. If they've adopted solutions and techniques and procedures that were designed for kind of a static slow moving organization predominantly driven by the number of of human employees that they have, that is not likely going to be the identity challenge that they're facing now and in the future. So they themselves need to recognize that they're likely going to have 10, you know, tens, if not hundreds of times more AI agents than individuals.
[00:24:11] - [Speaker 1]
And the exponential change in that numeric count means they need to be thinking about a solution that's also designed predominantly to support this new era and new opportunity. So the best advice that we would give people is if you haven't done it already, talk to your existing leadership teams, do an inventory and an assessment of your current solutions, Ask yourself whether that solution is designed for this new ear, and if not, you know, consider how you can begin the process of evolving that solution future. So our number one advice would be take the opportunity to, you know, do an assessment of the current status. And then after doing that, determine whether that solution needs to evolve to something more designed for the future, which we hope our solution is a primary answer to.
[00:25:00] - [Speaker 0]
So much food for thought there. And for everybody listening, I will add a link to that CISO AI risk report. But for anybody listening that wants to dig a little bit deeper, ask you you or your team any questions, or just get up to speed with some of the big announcements coming out of the company there. Where should I point everyone listening if they wanna find out more? Where would you like me to point them?
[00:25:21] - [Speaker 1]
Oh, I think the best place would be just directly to our website. You know, our website, which is www.asavient.com, is the best place to go. We've done a we've tried to do a very good job of trying to have one one place to get most people to access. Our website is, generally speaking, up to speed and has most of the information and ideally is designed in a way to to capture and support, you know, the different different individuals and and organizations' interest in our our company and our solution.
[00:25:52] - [Speaker 0]
I think over the last few years, we've seen so many big changes, and it's incredibly hard to predict the future. But as we said earlier in our conversation today, right now, enterprises are managing contractors, partners, customers, applications, APIs, and machines across multiple cloud platforms, and people are accessing from any network at any time. We've got AgenTiKi, ShadowAI. We know what the problem is. The time to prepare and act is right now.
[00:26:20] - [Speaker 0]
I would urge everyone listening to check out that report. Check out the website. Any questions, please pop over, and I'm sure there'll be a team waiting to answer those. But thank you for shining a light on this today. So much value.
[00:26:32] - [Speaker 0]
Thank you.
[00:26:32] - [Speaker 1]
No. For sure, Neil. Thank you for the opportunity. Thank you for the the well informed questions. It's an amazingly exciting time.
[00:26:41] - [Speaker 1]
We're glad to be a participant in it, and and we hope we provide a little bit of insight to your audience. And and for anybody that would like any more information about it, we appreciate the opportunity to continue that discussion, our company would be excited to do so. Thank you very much.
[00:26:56] - [Speaker 0]
So what happens when your business has more machine identities and AI agents than human employees? I think that future is arriving incredibly fast, and today's conversation is a timely reminder that identity security is no longer just a back office IT issue. It's becoming the layer that helps businesses grow, operate, and adopt AI with confidence. So if this episode leaves you thinking differently about access, governance, and the pace of change, then hopefully we've done a good job today. But as AI keeps moving from experiment to everyday business reality, how are you treating your identity?
[00:27:36] - [Speaker 0]
Is it an afterthought, or is it the foundation for everything that comes next? I'd love to hear from you, so please pop over to techtalksnetwork.com. We got 4,000 interviews like this, but I want you to be a part of the conversation too. This is a dialogue, not a monologue, so please share with me your insights. You can leave me an audio message or just send me a DM.
[00:27:57] - [Speaker 0]
Whatever is easiest for you. So today was all about identity. We've got another guest lined up tomorrow. Hopefully, I will speak with you all then. Bye for now.