Netwrix boosts AI data governance for Microsoft Copilot

Netwrix has added features to its 1Secure platform to help organisations see and govern how AI agents and assistants access sensitive data, including through tools such as Microsoft Copilot.

The update is aimed at security teams that need to track how AI systems use existing identity permissions across hybrid environments, including cloud services, collaboration platforms, databases and on-premises systems.

The new functions are designed to expose excessive permissions, hidden access paths and risky identity relationships that could allow AI tools or automated processes to surface sensitive information. They also combine identity governance, data discovery and monitoring in one platform.

Access controls

At the centre of the update is Netwrix Access Analyser, which now gives organisations a clearer view of how identities reach sensitive data across hybrid estates. This is intended to help security teams identify overly broad permissions and indirect access routes through machine identities, applications and other automated systems.

Netwrix has also expanded discovery and classification tools to help organisations locate sensitive and regulated data across collaboration tools, file systems and cloud environments, and understand what data could be exposed through AI assistants or unsanctioned AI tools used by staff.

That matters because many AI services do not create a new access model. Instead, they use permissions already assigned to the identities and systems they rely on, which can expose weak controls that may have gone unnoticed in more traditional workflows.

“AI agents are not bypassing security controls. They are using the permissions that already exist,” said Grady Summers, CEO of Netwrix. “An AI agent operates as another identity in the environment. If organisations don’t understand what those identities can access, they can’t control what AI can expose.”

Machine identities

Another focus is the role of machine identities in AI-driven processes. AI agents, applications and automated services often authenticate with certificates, tokens or service accounts rather than standard user credentials. Netwrix says that can create access routes that are harder to detect and easier to misuse if security teams do not have a full picture of those identities and their privileges.

Netwrix is positioning Threat Manager to detect suspicious certificate activity and unusual behaviour from automated identities, and to trigger response workflows. Threat Prevention is intended to block malicious certificate enrolments in real time, aiming to stop attackers from establishing persistent access through certificate-based authentication.

The company has also introduced a service account dashboard in Threat Manager that uses machine learning to help security teams identify risky configurations, excessive permissions and abnormal behaviour. It is designed to provide a central view of service account activity and apply the same behavioural monitoring used for human identities.

Copilot monitoring

Netwrix Auditor, now available as a software-as-a-service offering on the 1Secure platform, has also been extended to cover AI-related governance and monitoring. This includes monitoring for Microsoft Copilot activity, readiness assessments before deployment, and audit trails for AI interactions and data access.

The monitoring is intended to help organisations track when sensitive information is accessed or surfaced through AI prompts. Readiness assessments are designed to evaluate identity permissions and exposure risks before a Copilot rollout, while audit trails are aimed at supporting governance and compliance processes.

There is also a link with Netwrix Endpoint Protector. Through that integration, organisations can monitor interactions between users and AI systems, sanitise prompts, and prevent sensitive data from leaving endpoints on Windows, macOS and Linux devices when employees use AI assistants or external AI tools.

The launch comes amid growing concern about how quickly AI assistants can retrieve and present information when permissions are too broad. Security vendors have increasingly focused on inherited access as businesses look for ways to deploy AI tools without exposing regulated or confidential data.

Many organisations still use separate products for identity governance, data classification and monitoring, which can make it harder to understand the relationship between users, machine identities and the data they can access. Netwrix says the latest release is intended to address that gap by bringing those elements together in a single environment.

The AI-related additions in Access Analyser, Auditor and Endpoint Protector are available now. The Threat Manager and Threat Prevention functions referenced in the update are due later.

Netwrix says it serves more than 13,000 customers, including nearly a quarter of the Fortune 500.