Silverfort announced on June 8, 2026, that it has integrated runtime identity and access controls for AI agents built in Microsoft Copilot Studio. The new capability lets enterprises evaluate and block agent actions in real time, before they execute. It closes a critical security gap as organizations rush to deploy autonomous AI assistants across business processes.

Microsoft Copilot Studio, a low-code platform for crafting custom AI agents, has gained rapid adoption. These agents connect to sensitive systems—HR databases, CRM tools, financial platforms—often with elevated permissions. As they grow more autonomous, a misconfigured or compromised agent could take unintended actions. Silverfort’s runtime identity solution aims to prevent that.

Why Runtime Identity Matters for AI Agents

Traditional identity and access management (IAM) authenticates users at login and authorizes sessions. AI agents don’t log in like humans. They run continuously, using service principals or managed identities. Their actions are not bound to a static session. An agent might trigger on an event, fetch data, and decide to send an email or update a record. Without runtime controls, the agent’s identity is checked only initially, leaving a gap where subsequent actions could violate policy if the agent’s behavior shifts or its credentials are misused.

Silverfort’s runtime identity engine monitors actions in real time. As an action is about to perform—reading a SharePoint file, posting a Teams message—the engine evaluates the request against dynamic policies. If the action falls outside permitted parameters, it is blocked instantly. This shifts security from a one-time check to continuous verification.

How the Integration Works

While Solarfort hasn’t disclosed every technical detail, the integration leverages its existing platform’s ability to intercept identity-based requests and apply contextual policies. In Copilot Studio, Silverfort’s runtime identity module sits between the agent and the Microsoft 365 services it accesses.

When a Copilot Studio agent invokes an action—calling a Power Automate flow, querying Microsoft Graph, sending an Outlook email—Silverfort’s proxy captures the identity token and intended operation. It then evaluates the request against policies that consider the agent’s configured identity, time of day, data sensitivity, the user on whose behalf the agent acts, and more. The action is either allowed to proceed or blocked before reaching the target service.

This approach is deeply integrated with Microsoft Entra ID (formerly Azure Active Directory). Silverfort has long enforced multi-factor authentication and identity threat detection for Entra ID environments. The runtime identity control for Copilot Studio builds on that foundation, ensuring AI agents face the same rigorous identity verification as human users.

Pre-Execution vs. Runtime: A Critical Distinction

Many native security controls in Microsoft 365 operate at the point of authentication or configuration. For example, conditional access policies check a service principal’s permissions when an agent first authenticates. But once authenticated, the agent can perform many actions. Runtime controls add a second layer that inspects each action as it happens. This is essential because agents may chain dozens of operations, and the risk profile can change mid-flow.

Key Capabilities and Policies

Silverfort’s announcement highlights several capabilities tailored to AI agents:

  • Action-level authorization: Instead of broad permissions, security teams define exactly which actions are allowed—down to specific API calls or target resources.
  • Context-aware policies: Policies incorporate real-time context: agent workload, data classification, user location, anomaly scores.
  • Real-time blocking: Unauthorized actions are denied before execution, preventing data loss or compliance violations.
  • Audit and visibility: All agent actions are logged, giving teams full insight into what AI agents do across the organization.

For example, an enterprise might configure a rule that prevents any Copilot Studio agent from exporting more than 100 customer records per hour, or from sending emails to external recipients without explicit manager approval. If an agent tries to exceed those limits, the action is automatically denied and an alert generated.

Mitigating Risks in the Agentic AI Era

“AI agents introduce a new dimension of identity risk,” said a Silverfort spokesperson in the announcement. “They act on behalf of users and processes, often with elevated privileges. Without runtime identity controls, organizations are essentially giving autonomous software a blank check to operate across their digital estate. Our integration with Copilot Studio closes that gap.”

The rise of “agentic AI”—where AI systems set their own goals and take multi-step actions—has created a pressing need for security that keeps pace. Gartner predicts that by 2028, at least 15% of day-to-day work decisions will be made autonomously by agentic AI. Security leaders are seeking ways to prevent inadvertent or malicious actions by these agents.

Real-World Scenarios

Consider a Copilot Studio agent designed to help HR employees with routine tasks. It retrieves employee records, schedules meetings, and generates reports. If that agent’s logic is altered—by a malicious insider or flawed update—it could exfiltrate personal data to an unknown endpoint. With runtime controls, an action to access a sensitive HR system outside of normal business hours could be automatically blocked, even if the agent’s identity normally has access.

Another scenario involves an agent that uses Azure OpenAI Service to generate content. If compromised via prompt injection, it might try to call unauthorized APIs. Silverfort’s solution would detect the anomalous API call—perhaps to a URL not on the allowed list—and block it.

A third scenario focuses on compliance. A financial services firm deploys agents that retrieve customer transaction data. Regulations like GDPR require strict access controls. Runtime policies can ensure that an agent never exports data outside approved geographies, even if the original design inadvertently allows it.

Integration with Microsoft Copilot Studio

Copilot Studio is a hub for building conversational AI agents and integrating them with Microsoft 365, Power Platform, and external apps. Developers use it to create standalone agents or extend Microsoft Copilot for Microsoft 365. As the platform gains capabilities—chaining actions, using plugins—the security perimeter must adapt.

Silverfort’s runtime controls are not a replacement for existing Copilot Studio security measures, such as authentication of agent connections and data loss prevention policies. They add an additional layer that operates at action execution. This is critical because Copilot Studio agents can be published across multiple channels—Teams, websites, mobile apps—multiplying the attack surface.

Administrator Experience

For IT admins, setting up runtime identity policies for Copilot Studio agents is designed to be simple. Silverfort provides a centralized console where policies are created and assigned to specific agents or groups of agents. The console integrates with existing SIEM and SOAR tools, sending events to Microsoft Sentinel or Splunk for correlation and incident response.

Admins can test policies in simulation mode before enforcement, reducing the risk of breaking critical workflows. Overly restrictive policies could block legitimate business processes, leading to agent failures and productivity loss. The simulation mode lets admins see what would be blocked without affecting live operations.

Competitive Landscape

Silverfort is not the only vendor eyeing agentic AI security. Microsoft itself is building security features into its AI platforms. Microsoft Entra ID provides workload identities and conditional access policies for service principals used by agents. However, these native controls are often pre-execution checks, not runtime interceptors. They might not catch every action an agent takes after it has authenticated.

Other identity security providers, such as CrowdStrike and CyberArk, are exploring ways to secure non-human identities, including AI agents. Silverfort’s dedicated integration with Copilot Studio gives it a first-mover advantage in this niche.

Challenges and Considerations

Implementing runtime identity controls on a large scale introduces challenges. Performance is critical: intercepting every action and evaluating it against policies must be lightning-fast, otherwise agent responsiveness suffers. Silverfort claims its platform is optimized for low latency, using inline processing rather than offline analysis.

Policy management complexity can grow quickly. An organization might have hundreds of agents, each with its own set of allowed actions. Silverfort addresses this with machine learning-based policy recommendations, helping admins build effective rules without manual effort for every agent.

False positives—blocking legitimate actions—are a risk. To mitigate this, Silverfort offers fine-grained tuning and a gradual rollout, where policies can be partially enforced until confidence builds. The company also provides a “learning mode” that observes agent behavior and suggests initial policy baselines.

The Bigger Picture

The integration reflects a broader industry trend toward “secure by design” AI development. As AI agents become more autonomous, security mechanisms must ensure they operate within defined ethical and legal boundaries. Runtime identity is one piece of that puzzle, alongside explainability, robustness, and continuous monitoring.

Silverfort’s move underscores the convergence of identity security and AI security. These domains were once largely separate. But with AI agents using identities to access resources, identity management becomes a critical control point. This convergence is likely to accelerate, with more IAM vendors building AI-specific features.

What’s Next

Silverfort says the runtime identity controls for Copilot Studio are available immediately for existing customers as part of their subscription, with dedicated bundles for new customers. The company plans to extend similar runtime protections to other AI agent platforms, such as Microsoft Copilot for Security and third-party agents.

This announcement hints at future integrations with Microsoft’s broader AI ecosystem, possibly including controls for agents built on Azure AI Foundry or those using custom APIs. As Microsoft continues to expand Copilot’s capabilities, Silverfort aims to be a go-to partner for securing these AI-driven workflows.

Industry Reaction and Early Feedback

Early reports from analysts suggest that runtime identity controls could become a standard requirement for agentic AI deployments. “Organizations have been waiting for a solution that doesn’t just trust an agent’s initial authentication but continuously verifies every action,” one industry observer noted.

IT professionals in AI-forward companies have expressed interest, particularly those in regulated industries. The ability to enforce policies at runtime without significant latency is seen as a key differentiator.

Implementation Best Practices

For enterprises planning to deploy runtime identity controls for Copilot Studio agents, Silverfort recommends a phased approach:

  • Inventory: Identify all Copilot Studio agents and the services they access.
  • Baseline: Learners understand normal agent behavior over a few weeks.
  • Pilot: Apply policies in simulation mode to a small set of agents, then gradually enforce.
  • Scale: Roll out across the enterprise, integrating alerts with incident response workflows.

Training for SOC teams is also advised, so they can properly interpret agent-specific alerts.

Conclusion

Silverfort’s integration of runtime identity and access controls for Microsoft Copilot Studio AI agents arrives at a crucial moment, as enterprises grapple with the security implications of autonomous AI. By enabling real-time evaluation and blocking of agent actions, Silverfort provides a much-needed safety net. The solution transforms identity from a static gatekeeper into a dynamic, ongoing guardian of agent behavior.

For organizations using Copilot Studio, this means they can accelerate AI adoption without sacrificing security posture. As one early adopter said in the announcement, “We now have the confidence to deploy agents that handle sensitive data, knowing that any action will be checked at runtime.” That confidence may well define the next phase of enterprise AI.