Windows News
Silverfort has extended its identity security platform to Microsoft Copilot Studio, enabling organizations to enforce real-time access policies at the moment an AI agent attempts to perform an action. The integration, announced on June 8, 2026, at the Identiverse conference in Dallas, addresses a growing concern among enterprises: that autonomous AI agents could act outside the user’s authorized scope if identity checks only happen at login.
Copilot Studio, Microsoft’s low-code tool for building conversational AI assistants, now supports Silverfort’s runtime access controls. This means every time a Copilot agent tries to read a sensitive file, send an email, or update a database record, Silverfort evaluates the request against the original user’s identity and the current contextual risk—and can block, allow, or step-up authentication in real time.
How the Integration Works
Traditionally, when a user interacts with a Copilot agent, the agent inherits the user’s permissions at the start of the session. Those permissions remain static, even if the user’s context changes or if the agent chains together multiple backend calls that require different authorization levels. Silverfort’s platform inserts itself as an inline policy enforcement point between the Copilot agent and its target resources.
Using a lightweight plugin for Copilot Studio and Silverfort’s cloud-based policy engine, each outbound request from the agent is intercepted. The request metadata—including the user’s original identity, device posture, location, and time—is evaluated against Silverfort’s risk engine. The engine then returns an allow, deny, or challenge decision in under 10 milliseconds, according to Silverfort’s internal benchmarks. If risk is elevated, the agent can be instructed to prompt the user for multifactor authentication (MFA) or simply halt the action.
Crucially, this runtime check happens on every individual action, not just at session creation. So if an agent built to summarize customer cases tries to access a high-value contract that the user could normally open manually, Silverfort can block the agent from doing so if the context warrants it—for example, if the user’s device fails a compliance check or if the agent’s behavior deviates from a baseline.
Silverfort’s Chief Product Officer, Hed Kovetz, demonstrated the capability during the Identiverse keynote. In the demo, a Copilot agent asked to pull data from an HR system. The agent had been granted broad permissions during setup, but Silverfort’s policy engine detected that the user was on an untrusted network and blocked the request, instead displaying a prompt for the user to complete MFA. Once authenticated, the agent resumed the task seamlessly.
Policy Configuration for AI Agents
Security teams can define granular policies through Silverfort’s unified admin console. Policies can be based on user identity, group membership, resource sensitivity rating, agent behavior pattern, or real-time risk signals from Silverfort’s threat detection modules. For Copilot Studio agents, administrators can also set policies that restrict actions to only those explicitly approved for AI-assisted workflows—a concept Silverfort calls “agent-aware authorization.”
A key policy example provided by Silverfort: an agent responsible for IT helpdesk ticket triage may be allowed to read ticket summaries and suggest knowledge base articles, but prohibited from modifying user account permissions, even if the logged-in user has admin rights. This prevents privilege escalation through the agent without requiring developers to hard-code restrictions into every Copilot Studio skill.
Policies are applied via a centralized control plane that covers not only Copilot agents but also other AI assistants and SaaS connectors. Silverfort said it has built pre-packaged policy templates for common Copilot Studio scenarios, including customer service, HR self-service, and low-code app builders.
Why This Matters for Enterprise Security
The push to equip business units with no-code AI agents has accelerated since Microsoft introduced Copilot Studio in 2023. Gartner predicts that by 2027, 40% of new business applications will be composed using low-code platforms, many of which will embed AI agents. However, security teams have struggled with a fundamental problem: Identity and Access Management (IAM) tools were designed for human users clicking through interfaces, not for autonomous agents that can initiate dozens of API calls per second.
Silverfort’s CTO, Yaron Kassner, explained in a pre-briefing: “When a human opens an app, we verify who they are once and then trust that their session is secure. An AI agent isn’t a human—it’s a piece of code that can be tricked into making unauthorized calls through prompt injection or simply misconfiguration. Runtime identity enforcement is the only way to ensure that every single action is authorized, regardless of how the agent was prompted.”
This integration also helps organizations comply with regulations like SOX, HIPAA, and GDPR, which require proof that data access is always controlled and auditable. Silverfort logs every runtime decision, giving auditors a trail of which Copilot agent accessed what, on whose behalf, and why the request was allowed or denied.
Community and Early Adopter Response
Although the official announcement came just this morning, discussion on the WindowsForum community—where many Copilot Studio developers share tips—has been active. One member, a security architect at a Fortune 500 company, posted that they had been testing the Silverfort plugin in private preview and found it “seamless to deploy” but noted a learning curve in tuning risk scoring for agent-specific behaviors.
Other forum users raised questions about performance impact. Silverfort claims its inline enforcement adds less than 5 milliseconds of latency for most requests, but one developer worried that chaining multiple Copilot actions could compound delays. The company said it is working on a local edge deployment option for low-latency environments, expected in Q3 2026.
Pricing details have not been fully disclosed, but Silverfort indicated that the Copilot Studio integration would be part of its existing per-user licensing model for identity security, with no additional charge for the plugin. Microsoft has not yet listed the integration in the Copilot Studio connector catalog, but a Silverfort spokesperson said it would be available “later this month.”
The Bigger Picture: AI Agent Identity Governance
The Silverfort announcement is part of a broader industry shift toward “AI agent identity governance.” Startups like Axiom Security and established players like CyberArk have also released agent-specific IAM tools in recent months. Microsoft itself is expected to enhance Copilot Studio’s built-in security features later this year, potentially incorporating more granular permission scopes.
However, Silverfort’s advantage lies in its real-time inline enforcement, which is typically reserved for high-end cybersecurity platforms. By bringing this capability to a no-code AI builder, Silverfort is betting that enterprises will require the same level of runtime protection for their AI workforce as they do for their human one.
“The identities that underpin AI agents are just as important—if not more so—than user identities,” said Kassner. “And the only way to secure them is to verify every action, every time, without exception.”
What to Expect Next
Silverfort says the Copilot Studio plugin will be generally available on June 22, 2026, with support for all Copilot Studio plan tiers. A free trial for up to 500 monthly agent actions will be offered to encourage adoption. The company also plans to add support for Microsoft’s upcoming Copilot for Microsoft 365 extensibility and Power Automate flows by the end of the year.
For organizations already using Copilot Studio to build internal chatbots and process automation, this integration addresses a critical gap. It moves security from a static permission model to a dynamic, context-aware one that adapts to how AI agents actually operate. As more business-critical processes get delegated to agents, the ability to enforce identity controls at runtime will likely become table stakes.
CTO Kassner summed up the philosophy: “If you can’t verify who the agent is acting as with every single request, you don’t really know who’s behind the keyboard. And in an AI-driven world, that’s a risk nobody can afford.”