Identity security company Silverfort Inc. today launched an integration that applies its identity and access controls to artificial intelligence agents built into Microsoft Corp.’s Copilot Studio, enforcing policy at the moment an agent tries to act rather than after the fact.

The integration evaluates every access request a Copilot agent makes in real time and returns a decision before the action runs. Silverfort says this stops an agent from gaining access it should not have or escalating its own privileges before either can happen. The pitch is that enterprises can run agentic AI without handing it free rein.

A Copilot Studio agent can log in on its own, reach into enterprise data and kick off workflows across both cloud and on-premises systems. Each action traces back to a human user with a given privilege level along with multiple machine identities, creating a chain of authentications and authorizations where privilege can escalate. Microsoft reports that more than 80% of the Fortune 500 are deploying agents built with low-code and no-code tools, while 29% of employees already use unsanctioned AI agents at work.

“The more access an AI agent has to corporate resources, the more powerful it becomes,” said Ron Rasin, chief strategy officer at Silverfort. “Without deep identity context, there’s no way to make an informed, real-time decision about whether an agent’s action is legitimate or overreach. Silverfort’s integration with Microsoft Copilot Studio is a recognition that runtime identity enforcement isn’t optional, it’s the foundation for deploying AI with confidence.”

Silverfort’s controls limit privilege elevation so agents cannot exceed authorized permissions, block anomalous access attempts before execution and adapt access policies based on real-time context and risk. All activity is logged and tied to the human using the agent, producing an audit trail that maps to enterprise identity governance frameworks.

The company is also positioning the integration as a single control plane across agent types. Enterprises rarely run one agentic platform, so Copilot Studio agents typically operate alongside third-party and homegrown agents on a fragmented control surface. Silverfort says its platform extends the same visibility and enforcement to human identities, service and machine accounts and external agents operating outside the Microsoft ecosystem.

The launch follows Silverfort’s April acquisition of Fabrix Security Ltd., an AI-native identity company whose runtime decisioning engine it’s folding into its Runtime Access Protection technology. A former Microsoft Partner of the Year, Silverfort says it’s working with Microsoft on additional AI security features, including detection of prompt injection and jailbreak attempts using recursive language modeling.

Silverfort processes more than 10 billion authentications daily across more than 1,000 organizations, including several Fortune 50 companies. The integration is available through an early access program.

Image: Silverfort