Aembit has extended its workload identity and access management (IAM) platform to cover Microsoft Copilot Studio agents, the company announced on Tuesday, June 16, 2026, at the Identiverse 2026 conference in Las Vegas. The move enables enterprises to govern how autonomous AI agents built with Microsoft’s low-code tool authenticate and access business-critical systems, imposing short-lived credentials and just-in-time access policies that shrink the attack surface for non-human identities.

Copilot Studio agents are rapidly becoming a staple of enterprise automation. These conversational AI assistants can retrieve data from backend APIs, update CRM records, trigger workflows, and even make transaction decisions on behalf of users. The more capable they become, however, the more they need credentials that are often static, over-provisioned, and poorly monitored. Aembit’s integration aims to replace those standing credentials with dynamic, scoped tokens that expire once the agent completes its task.

The Rise of Agentic AI in the Enterprise

Microsoft Copilot Studio, previously known as Power Virtual Agents, has evolved from a simple chatbot builder into a full-fledged agentic AI platform. Organizations use it to create custom copilots that can understand natural language, reason over structured and unstructured data, and execute multi-step business processes. These agents frequently need access to sensitive systems like SharePoint, Dynamics 365, third-party SaaS applications, and on-premises databases.

Until now, credential management for these agents has largely fallen to developers, who often embed API keys or service principal secrets into code. That approach is fragile, hard to rotate, and creates blind spots for security teams. Aembit’s platform abstracts credential provisioning away from the agent code, instead injecting a workload identity at runtime based on real-time policy evaluations.

The Challenge of Non-Human Identities

Workload identities—also called non-human identities—now outnumber human identities in most enterprises by a factor of 10 to 1. They include service accounts, API keys, OAuth clients, and, increasingly, the identities assumed by AI agents. Each one represents a potential pivot point for attackers if the associated secret is leaked or misused. Traditional IAM tools designed for human users struggle with the scale, velocity, and context of workload access. They rarely enforce principle of least privilege with the granularity required for autonomous agents.

Aembit’s core proposition is workload IAM built from the ground up for this challenge. It treats every agent as a distinct identity, with its own life cycle, access policies, and usage telemetry. When a Copilot Studio agent attempts to call an API, Aembit validates the agent’s identity, checks policy, and issues a short-lived token bound to that specific session and scope. The agent never sees or stores a long-lived secret.

How Aembit Leashes AI Agents

At the heart of Aembit’s announcement is the concept of a “leash”—the enforcement of strict boundaries on what an agent can do, for how long, and under what conditions. The platform introduces a policy framework tailored to agentic AI workflows, where access requirements can change dynamically based on the task at hand. For example, an agent that needs to read from a database for a one-time report can be granted read-only access for five minutes, after which the token is revoked.

The leashing mechanism works through an integration with Microsoft Entra ID and the underlying workload identity federation standards. Aembit acts as an intermediate between the agent runtime and the target resource. When the Copilot Studio agent initiates an action, the platform authenticates the call, evaluates pre-defined policies—such as geolocation, time of day, or the specific skill the agent is executing—and then mints a credential from the connected identity provider. The credential is delivered to the agent only for the duration of that transaction.

Short-Lived Credentials and Just-in-Time Access

Short-lived credentials are the cornerstone of zero trust architectures. By issuing tokens that last seconds or minutes rather than months, organizations reduce the window of opportunity for an attacker who compromises an agent. Aembit’s implementation goes further by coupling credential issuance with just-in-time (JIT) access. Access is not granted preemptively; it is elevated only when the agent requires it for a specific operation and is immediately downgraded or revoked afterward.

This model aligns with Microsoft’s own guidance for securing AI agents. Microsoft advises using managed identities and OAuth 2.0 flows for workload authentication, but native Copilot Studio connectors still often rely on pre-configured API keys. Aembit fills that gap by providing a centralized control plane that works across any connector the agent might use, whether it’s calling a REST API, a SQL database, or a Microsoft Graph endpoint. The platform also records every access event, creating an audit trail that helps security operation centers distinguish legitimate agent behavior from anomalies.

Integration with Copilot Studio

The integration announced at Identiverse 2026 is presented as an Aembit workload identity connector specifically for Microsoft Copilot Studio agents. Developers configure the connector within their Copilot Studio projects, pointing it to their Aembit tenant. From that moment, any agent built with that connector will authenticate through Aembit rather than using static secrets. Policy administration remains in the hands of identity and security teams through Aembit’s management console.

Aembit says the integration supports all common Copilot Studio hosting options, including the out-of-the-box Teams channel, custom websites, and mobile apps. The platform can also federate with a range of external identity providers beyond Microsoft Entra ID, such as Okta and PingFederate, making it suitable for heterogeneous environments. Enterprises already invested in multi-cloud or hybrid IAM strategies can enforce consistent policies across all their agent fleets.

Enterprise Benefits and Governance

For chief information security officers, the most compelling benefit is the elimination of hard-coded secrets in agent code. That alone can prevent a significant class of breaches where a stolen API key leads to lateral movement. Additionally, the leashing model supports compliance mandates like SOC 2, HIPAA, and PCI DSS, which require documented access controls and regular key rotation.

Operations teams gain visibility into what agents are actually doing. Because Aembit mediates every access attempt, it generates logs that show who built the agent, what action it attempted, which data was accessed, and whether the request was allowed or denied. These logs can be forwarded to SIEMs for correlation with other security events. In a world where AI agents might autonomously make high-impact decisions, such auditability is fast becoming a regulatory expectation.

Industry Implications

Aembit’s move signals a broader market recognition that agentic AI requires specialized IAM infrastructure. Just as cloud computing gave rise to cloud infrastructure entitlement management (CIEM) tools, the rise of AI agents will likely spawn a new category of agent entitlement management. Gartner has predicted that by 2028, organizations adopting agentic AI without dedicated workload IAM controls will experience three times more security incidents related to non-human identities. Aembit’s partnership with Microsoft places it at the forefront of that emerging discipline.

Competitors in the workload IAM space—such as StrongDM, Teleport, and HashiCorp Vault—may now feel pressure to add similar agent-native features. Meanwhile, Microsoft itself continues to enhance its own security graph and Entra ID offerings, but for the foreseeable future, third-party platforms like Aembit will provide the depth of policy orchestration that enterprise agent governance demands.

Looking Ahead

The integration is generally available starting today, June 16, 2026. Aembit plans to add more granular policy templates for common agent patterns, including support for multi-step approval workflows and dynamic risk scoring that adapts access based on real-time threat intelligence. The company also announced a partnership integration with Microsoft Purview, so that agent data access aligns with information protection labels and sensitivity tags automatically.

As enterprises move from pilot projects to production deployments of Copilot Studio agents, the question of secure access will only grow more urgent. Aembit’s leashed-access model offers a pragmatic path forward—one where AI agents can be trusted precisely because they are not given free rein, but rather carefully governed, continuously monitored, and equipped with credentials that live no longer than their mission.